go.google virus and running extremely slow

Question

myhangel 0 Newbie Poster

15 Years Ago

Hi All,

I've read several threads with similar situations and tried to download all programs that have been suggested. Malwarebytes AntiMalware will download but not launch. Any other suggested detection programs, IE comes back with page unavailable. I was finally able to get an spyware search program called Spyware Cease. I've included the analysis log from that as well as a HijackThis log.

Analysis time: 12/11/2008 5:39:32 AM
Version of operating system: Windows XP(Build 2600: Service Pack 3)
Default browser: "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Version of IE: 7.0.5730.13
CPU type: AMD Turion(tm) 64 Mobile Technology ML-37
Memory information: 479176KB / 981232KB 48.83%
====================================================================

System drivers
    Ntfs.sys
        Ntfs.sys
    Fastfat.SYS
        \SystemRoot\System32\Drivers\Fastfat.SYS
    Mup.sys
        Mup.sys
    Beep.SYS
        \SystemRoot\System32\Drivers\Beep.SYS
    NDIS.sys
        NDIS.sys
    KSecDD.sys
        KSecDD.sys
    mouclass.sys
        \SystemRoot\system32\DRIVERS\mouclass.sys
    raspti.sys
        \SystemRoot\system32\DRIVERS\raspti.sys
    agpCPQ.sys
        agpCPQ.sys
    perc2.sys
        perc2.sys
    ql10wnt.sys
        ql10wnt.sys
    sisagp.sys
        sisagp.sys
    Fips.SYS
        \SystemRoot\System32\Drivers\Fips.SYS
    kbdclass.sys
        \SystemRoot\system32\DRIVERS\kbdclass.sys
    yk51x86.sys
        \SystemRoot\system32\DRIVERS\yk51x86.sys
    amdagp.sys
        amdagp.sys
    cbidf2k.sys
        cbidf2k.sys
    vga.sys
        \SystemRoot\System32\drivers\vga.sys
    Cdr4_xp.SYS
        \SystemRoot\System32\Drivers\Cdr4_xp.SYS
    i2omgmt.SYS
        \SystemRoot\System32\Drivers\i2omgmt.SYS
    NDProxy.SYS
        \SystemRoot\System32\Drivers\NDProxy.SYS
    ini910u.sys
        ini910u.sys
    compbatt.sys
        compbatt.sys
    ptilink.sys
        \SystemRoot\system32\DRIVERS\ptilink.sys
    ql1280.sys
        ql1280.sys
    asc.sys
        asc.sys
    MountMgr.sys
        MountMgr.sys
    wdmaud.sys
        \SystemRoot\system32\drivers\wdmaud.sys
    ohci1394.sys
        ohci1394.sys
    asc3350p.sys
        asc3350p.sys
    dmload.sys
        dmload.sys
    aliide.sys
        aliide.sys
    isapnp.sys
        isapnp.sys
    redbook.sys
        \SystemRoot\system32\DRIVERS\redbook.sys
    cd20xrnt.sys
        cd20xrnt.sys
    mraid35x.sys
        mraid35x.sys
    atapi.sys
        atapi.sys
    LMouFilt.Sys
        \SystemRoot\system32\DRIVERS\LMouFilt.Sys
    USBSTOR.SYS
        \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    ipnat.sys
        \SystemRoot\system32\DRIVERS\ipnat.sys
    Mpfp.sys
        \SystemRoot\System32\Drivers\Mpfp.sys
    rasacd.sys
        \SystemRoot\system32\DRIVERS\rasacd.sys
    psched.sys
        \SystemRoot\system32\DRIVERS\psched.sys
    RootMdm.sys
        \SystemRoot\System32\Drivers\RootMdm.sys
    dmio.sys
        dmio.sys
    usbscan.sys
        \SystemRoot\system32\DRIVERS\usbscan.sys
    mouhid.sys
        \SystemRoot\system32\DRIVERS\mouhid.sys
    audstub.sys
        \SystemRoot\system32\DRIVERS\audstub.sys
    usbohci.sys
        \SystemRoot\system32\DRIVERS\usbohci.sys
    symc8xx.sys
        symc8xx.sys
    ipfltdrv.sys
        \SystemRoot\System32\DRIVERS\ipfltdrv.sys
    usbhub.sys
        \SystemRoot\system32\DRIVERS\usbhub.sys
    swenum.sys
        \SystemRoot\system32\DRIVERS\swenum.sys
    rdpdr.sys
        \SystemRoot\system32\DRIVERS\rdpdr.sys
    HSF_CNXT.sys
        \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
    ultra.sys
        ultra.sys
    usbccgp.sys
        \SystemRoot\system32\DRIVERS\usbccgp.sys
    HTTP.sys
        \SystemRoot\System32\Drivers\HTTP.sys
    RDPCDD.sys
        \SystemRoot\System32\DRIVERS\RDPCDD.sys
    update.sys
        \SystemRoot\system32\DRIVERS\update.sys
    raspppoe.sys
        \SystemRoot\system32\DRIVERS\raspppoe.sys
    aic78u2.sys
        aic78u2.sys
    dac960nt.sys
        dac960nt.sys
    mfehidk.sys
        \SystemRoot\system32\drivers\mfehidk.sys
    termdd.sys
        \SystemRoot\system32\DRIVERS\termdd.sys
    AmdK8.sys
        \SystemRoot\system32\DRIVERS\AmdK8.sys
    ftdisk.sys
        ftdisk.sys
    Modem.SYS
        \SystemRoot\System32\Drivers\Modem.SYS
    adpu160m.sys
        adpu160m.sys
    sysaudio.sys
        \SystemRoot\system32\drivers\sysaudio.sys
    rasl2tp.sys
        \SystemRoot\system32\DRIVERS\rasl2tp.sys
    RKHit.sys
        \??\C:\WINDOWS\system32\drivers\RKHit.sys
    sym_u3.sys
        sym_u3.sys
    ACPIEC.sys
        ACPIEC.sys
    usbprint.sys
        \SystemRoot\system32\DRIVERS\usbprint.sys
    ABP480N5.SYS
        ABP480N5.SYS
    mfesmfk.sys
        \SystemRoot\system32\drivers\mfesmfk.sys
    raspptp.sys
        \SystemRoot\system32\DRIVERS\raspptp.sys
    ql1080.sys
        ql1080.sys
    hpn.sys
        hpn.sys
    symc810.sys
        symc810.sys
    arp1394.sys
        \SystemRoot\system32\DRIVERS\arp1394.sys
    tifm21.sys
        \SystemRoot\system32\drivers\tifm21.sys
    ASCTRM.SYS
        \SystemRoot\System32\Drivers\ASCTRM.SYS
    LHidFilt.Sys
        \SystemRoot\system32\DRIVERS\LHidFilt.Sys
    netbt.sys
        \SystemRoot\system32\DRIVERS\netbt.sys
    viaagp.sys
        viaagp.sys
    agp440.sys
        agp440.sys
    ql12160.sys
        ql12160.sys
    mfeavfk.sys
        \SystemRoot\system32\drivers\mfeavfk.sys
    mfebopk.sys
        \SystemRoot\system32\drivers\mfebopk.sys
    cdrom.sys
        \SystemRoot\system32\DRIVERS\cdrom.sys
    mssmbios.sys
        \SystemRoot\system32\DRIVERS\mssmbios.sys
    pciide.sys
        pciide.sys
    pcmcia.sys
        pcmcia.sys
    viaide.sys
        viaide.sys
    wanarp.sys
        \SystemRoot\system32\DRIVERS\wanarp.sys
    tcpip.sys
        \SystemRoot\system32\DRIVERS\tcpip.sys
    mnmdd.SYS
        \SystemRoot\System32\Drivers\mnmdd.SYS
    aic78xx.sys
        aic78xx.sys
    VolSnap.sys
        VolSnap.sys
    HSF_DPV.sys
        \SystemRoot\system32\DRIVERS\HSF_DPV.sys
    nic1394.sys
        \SystemRoot\system32\DRIVERS\nic1394.sys
    AegisP.sys
        \SystemRoot\system32\DRIVERS\AegisP.sys
    imapi.sys
        \SystemRoot\system32\DRIVERS\imapi.sys
    RimSerial.sys
        \SystemRoot\system32\DRIVERS\RimSerial.sys
    dac2w2k.sys
        dac2w2k.sys
    amsint.sys
        amsint.sys
    ws2ifsl.sys
        \SystemRoot\System32\drivers\ws2ifsl.sys
    Null.SYS
        \SystemRoot\System32\Drivers\Null.SYS
    usbehci.sys
        \SystemRoot\system32\DRIVERS\usbehci.sys
    ql1240.sys
        ql1240.sys
    sparrow.sys
        sparrow.sys
    disk.sys
        disk.sys
    ipsec.sys
        \SystemRoot\system32\DRIVERS\ipsec.sys
    ati2mtag.sys
        \SystemRoot\system32\DRIVERS\ati2mtag.sys
    sym_hi.sys
        sym_hi.sys
    pci.sys
        pci.sys
    PartMgr.sys
        PartMgr.sys
    ndistapi.sys
        \SystemRoot\system32\DRIVERS\ndistapi.sys
    ndiswan.sys
        \SystemRoot\system32\DRIVERS\ndiswan.sys
    perc2hib.sys
        perc2hib.sys
    aha154x.sys
        aha154x.sys
    toside.sys
        toside.sys
    msgpc.sys
        \SystemRoot\system32\DRIVERS\msgpc.sys
    HSFHWATI.sys
        \SystemRoot\system32\DRIVERS\HSFHWATI.sys
    alim1541.sys
        alim1541.sys
    mdmxsdk.sys
        \SystemRoot\system32\DRIVERS\mdmxsdk.sys
    Wdf01000.sys
        \SystemRoot\system32\DRIVERS\Wdf01000.sys
    Cdralw2k.SYS
        \SystemRoot\System32\Drivers\Cdralw2k.SYS
    i2omp.sys
        i2omp.sys
    ACPI.sys
        ACPI.sys
    RimUsb.sys
        \SystemRoot\System32\Drivers\RimUsb.sys
    camc6aud.sys
        \SystemRoot\system32\drivers\camc6aud.sys
    ndisuio.sys
        \SystemRoot\system32\DRIVERS\ndisuio.sys
    afd.sys
        \SystemRoot\System32\drivers\afd.sys
    sdbus.sys
        \SystemRoot\system32\DRIVERS\sdbus.sys
    dpti2o.sys
        dpti2o.sys
    hidusb.sys
        \SystemRoot\system32\DRIVERS\hidusb.sys
    LUsbFilt.Sys
        \SystemRoot\System32\Drivers\LUsbFilt.Sys
    camc6hal.sys
        \SystemRoot\system32\drivers\camc6hal.sys
    SynTP.sys
        \SystemRoot\system32\DRIVERS\SynTP.sys
    asc3550.sys
        asc3550.sys
    i8042prt.sys
        \SystemRoot\system32\DRIVERS\i8042prt.sys
    PxHelp20.sys
        PxHelp20.sys
    CmBatt.sys
        \SystemRoot\system32\DRIVERS\CmBatt.sys
    cpqarray.sys
        cpqarray.sys
    cmdide.sys
        cmdide.sys
    intelide.sys
        intelide.sys
    netbios.sys
        \SystemRoot\system32\DRIVERS\netbios.sys
    mrxdav.sys
        \SystemRoot\system32\DRIVERS\mrxdav.sys
    rdbss.sys
        \SystemRoot\system32\DRIVERS\rdbss.sys
    srv.sys
        \SystemRoot\system32\DRIVERS\srv.sys
    mrxsmb.sys
        \SystemRoot\system32\DRIVERS\mrxsmb.sys
    Npfs.SYS
        \SystemRoot\System32\Drivers\Npfs.SYS
    Msfs.SYS
        \SystemRoot\System32\Drivers\Msfs.SYS
    sr.sys
        sr.sys
    Fs_Rec.SYS
        \SystemRoot\System32\Drivers\Fs_Rec.SYS
    fltmgr.sys
        fltmgr.sys
    Cdfs.SYS
        \SystemRoot\System32\Drivers\Cdfs.SYS
    ntoskrnl.exe
        \WINDOWS\system32\ntkrnlpa.exe
    hal.dll
        \WINDOWS\system32\hal.dll
    kdcom.dll
        \WINDOWS\system32\KDCOM.DLL
    BOOTVID.dll
        \WINDOWS\system32\BOOTVID.dll
    WMILIB.SYS
        \WINDOWS\system32\DRIVERS\WMILIB.SYS
    1394BUS.SYS
        \WINDOWS\system32\DRIVERS\1394BUS.SYS
    BATTC.SYS
        \WINDOWS\system32\DRIVERS\BATTC.SYS
    PCIIDEX.SYS
        \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    OPRGHDLR.SYS
        \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
    SCSIPORT.SYS
        \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
    CLASSPNP.SYS
        \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    VIDEOPRT.SYS
        \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    USBPORT.SYS
        \SystemRoot\system32\DRIVERS\USBPORT.SYS
    ks.sys
        \SystemRoot\system32\DRIVERS\ks.sys
    USBD.SYS
        \SystemRoot\system32\DRIVERS\USBD.SYS
    portcls.sys
        \SystemRoot\system32\drivers\portcls.sys
    drmk.sys
        \SystemRoot\system32\drivers\drmk.sys
    TDI.SYS
        \SystemRoot\system32\DRIVERS\TDI.SYS
    HIDPARSE.SYS
        \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    WDFLDR.SYS
        \SystemRoot\System32\Drivers\WDFLDR.SYS
    HIDCLASS.SYS
        \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    dump_atapi.sys
        \SystemRoot\System32\Drivers\dump_atapi.sys
    dump_WMILIB.SYS
        \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    win32k.sys
        \SystemRoot\System32\win32k.sys
    Dxapi.sys
        \SystemRoot\System32\drivers\Dxapi.sys
    watchdog.sys
        \SystemRoot\System32\watchdog.sys
    dxg.sys
        \SystemRoot\System32\drivers\dxg.sys
    dxgthk.sys
        \SystemRoot\System32\drivers\dxgthk.sys
    ati2dvag.dll
        \SystemRoot\System32\ati2dvag.dll
    ati2cqag.dll
        \SystemRoot\System32\ati2cqag.dll
    atikvmag.dll
        \SystemRoot\System32\atikvmag.dll
    ati3duag.dll
        \SystemRoot\System32\ati3duag.dll
    ativvaxx.dll
        \SystemRoot\System32\ativvaxx.dll
System process
    ProcID:4
    ProcID:196    C:\WINDOWS\ehome\ehtray.exe
        C:\WINDOWS\system32\ntdll.dll
        C:\WINDOWS\system32\kernel32.dll
        C:\WINDOWS\system32\ATL.DLL
        C:\WINDOWS\system32\msvcrt.dll
        C:\WINDOWS\system32\USER32.dll
        C:\WINDOWS\system32\GDI32.dll
        C:\WINDOWS\system32\ADVAPI32.dll
        C:\WINDOWS\system32\RPCRT4.dll
        C:\WINDOWS\system32\Secur32.dll
        C:\WINDOWS\system32\SHELL32.dll
        C:\WINDOWS\system32\SHLWAPI.dll
        C:\WINDOWS\system32\ole32.dll
        C:\WINDOWS\system32\OLEAUT32.dll
        C:\WINDOWS\system32\POWRPROF.dll
        C:\WINDOWS\system32\WTSAPI32.dll
        C:\WINDOWS\system32\WINSTA.dll
        C:\WINDOWS\system32\NETAPI32.dll
        C:\WINDOWS\system32\HID.DLL
        C:\WINDOWS\system32\SETUPAPI.dll
        C:\WINDOWS\system32\WINMM.dll
        C:\WINDOWS\system32\WININET.dll
        C:\WINDOWS\system32\Normaliz.dll
        C:\WINDOWS\system32\iertutil.dll
        C:\WINDOWS\system32\IMM32.DLL
        C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
        C:\WINDOWS\system32\imagehlp.dll
        C:\WINDOWS\system32\WS2_32.dll
        C:\WINDOWS\system32\WS2HELP.dll
        C:\WINDOWS\system32\dnsapi.dll
        C:\WINDOWS\system32\uxtheme.dll
        C:\WINDOWS\system32\SynTPFcs.dll
        C:\WINDOWS\system32\VERSION.dll
        C:\WINDOWS\system32\MSCTF.dll
        C:\Program Files\Logitech\SetPoint\GameHook.dll
        C:\Program Files\Logitech\SetPoint\lgscroll.dll
        C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll
        C:\WINDOWS\system32\NTMARTA.DLL
        C:\WINDOWS\system32\SAMLIB.dll
        C:\WINDOWS\system32\WLDAP32.dll
        C:\Program Files\McAfee\SiteAdvisor\saHook.dll
        C:\WINDOWS\system32\msctfime.ime
        C:\WINDOWS\system32\CLBCATQ.DLL
        C:\WINDOWS\system32\COMRes.dll
        C:\WINDOWS\system32\xpsp2res.dll
        C:\WINDOWS\system32\SXS.DLL
        C:\WINDOWS\eHome\ehProxy.dll
        C:\WINDOWS\system32\WINTRUST.dll
        C:\WINDOWS\system32\CRYPT32.dll
        C:\WINDOWS\system32\MSASN1.dll
        C:\WINDOWS\system32\wdmaud.drv
        C:\WINDOWS\system32\msacm32.drv
        C:\WINDOWS\system32\MSACM32.dll
        C:\WINDOWS\system32\midimap.dll
    ProcID:256    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
        C:\WINDOWS\system32\ntdll.dll
        C:\WINDOWS\system32\kernel32.dll
        C:\WINDOWS\system32\USER32.dll
        C:\WINDOWS\system32\GDI32.dll
        C:\WINDOWS\system32\ADVAPI32.dll
        C:\WINDOWS\system32\RPCRT4.dll
        C:\WINDOWS\system32\Secur32.dll
        C:\WINDOWS\system32\SHELL32.dll
        C:\WINDOWS\system32\msvcrt.dll
        C:\WINDOWS\system32\SHLWAPI.dll
        C:\WINDOWS\system32\ole32.dll
        C:\WINDOWS\system32\IMM32.DLL
        C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
        C:\WINDOWS\system32\comctl32.dll
        C:\WINDOWS\system32\imagehlp.dll
        C:\WINDOWS\system32\WININET.dll
        C:\WINDOWS\system32\Normaliz.dll
        C:\WINDOWS\system32\iertutil.dll
        C:\WINDOWS\system32\WS2_32.dll
        C:\WINDOWS\system32\WS2HELP.dll
        C:\WINDOWS\system32\dnsapi.dll
        C:\WINDOWS\system32\uxtheme.dll
        C:\WINDOWS\system32\msctfime.ime
        C:\WINDOWS\system32\CLBCATQ.DLL
        C:\WINDOWS\system32\COMRes.dll
        C:\WINDOWS\system32\OLEAUT32.dll
        C:\WINDOWS\system32\VERSION.dll
        C:\Program Files\CyberLink\PowerDVD\CLRCEngine2.dll
        C:\WINDOWS\system32\xpsp2res.dll
        C:\Program Files\Logitech\SetPoint\GameHook.dll
        C:\Program Files\Logitech\SetPoint\lgscroll.dll
        C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll
        C:\WINDOWS\system32\NTMARTA.DLL
        C:\WINDOWS\system32\SAMLIB.dll
        C:\WINDOWS\system32\WLDAP32.dll
        C:\WINDOWS\system32\MSCTF.dll
    ProcID:288    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
        C:\WINDOWS\system32\ntdll.dll
        C:\WINDOWS\system32\kernel32.dll
        C:\WINDOWS\system32\USER32.dll
        C:\WINDOWS\system32\GDI32.dll
        C:\WINDOWS\system32\ADVAPI32.dll
        C:\WINDOWS\system32\RPCRT4.dll
        C:\WINDOWS\system32\Secur32.dll
        C:\WINDOWS\system32\ole32.dll
        C:\WINDOWS\system32\msvcrt.dll
        C:\WINDOWS\system32\VERSION.dll
        C:\WINDOWS\system32\IMM32.DLL
        C:\WINDOWS\system32\imagehlp.dll
        C:\WINDOWS\system32\SHLWAPI.dll
        C:\WINDOWS\system32\WININET.dll
        C:\WINDOWS\system32\Normaliz.dll
        C:\WINDOWS\system32\iertutil.dll
        C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
        C:\WINDOWS\system32\WS2_32.dll
        C:\WINDOWS\system32\WS2HELP.dll
        C:\WINDOWS\system32\dnsapi.dll
        C:\WINDOWS\system32\uxtheme.dll
        C:\WINDOWS\system32\CLBCATQ.DLL
        C:\WINDOWS\system32\COMRes.dll
        C:\WINDOWS\system32\OLEAUT32.dll
        C:\WINDOWS\system32\SynCOM.dll
        C:\WINDOWS\system32\SynTPFcs.dll
        C:\WINDOWS\system32\msctfime.ime
        C:\WINDOWS\system32\MSCTF.dll
        C:\Program Files\Logitech\SetPoint\GameHook.dll
        C:\Program Files\Logitech\SetPoint\lgscroll.dll
        C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll
        C:\WINDOWS\system32\NTMARTA.DLL
        C:\WINDOWS\system32\SAMLIB.dll
        C:\WINDOWS\system32\WLDAP32.dll
    ProcID:304    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
        C:\WINDOWS\system32\ntdll.dll
        C:\WINDOWS\system32\kernel32.dll
        C:\WINDOWS\system32\USER32.dll
        C:\WINDOWS\system32\GDI32.dll
        C:\WINDOWS\system32\comdlg32.dll
        C:\WINDOWS\system32\ADVAPI32.dll
        C:\WINDOWS\system32\RPCRT4.dll
        C:\WINDOWS\system32\Secur32.dll
        C:\WINDOWS\system32\COMCTL32.dll
        C:\WINDOWS\system32\SHELL32.dll
        C:\WINDOWS\system32\msvcrt.dll
        C:\WINDOWS\system32\SHLWAPI.dll
        C:\WINDOWS\system32\ole32.dll
        C:\WINDOWS\system32\OLEAUT32.dll
        C:\WINDOWS\system32\VERSION.dll
        C:\WINDOWS\system32\WINMM.dll
        C:\WINDOWS\system32\IMM32.DLL
        C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
        C:\WINDOWS\system32\imagehlp.dll
        C:\WINDOWS\system32\WININET.dll
        C:\WINDOWS\system32\Normaliz.dll
        C:\WINDOWS\system32\iertutil.dll
        C:\WINDOWS\system32\WS2_32.dll
        C:\WINDOWS\system32\WS2HELP.dll
        C:\WINDOWS\system32\dnsapi.dll
        C:\WINDOWS\system32\uxtheme.dll
        C:\WINDOWS\system32\msctfime.ime
        C:\WINDOWS\system32\CLBCATQ.DLL
        C:\WINDOWS\system32\COMRes.dll
        C:\WINDOWS\system32\SynCOM.dll
        C:\WINDOWS\system32\SynTPAPI.dll
        C:\WINDOWS\system32\SynTPFcs.dll
        C:\WINDOWS\system32\MSCTF.dll
        C:\Program Files\Logitech\SetPoint\GameHook.dll
        C:\Program Files\Logitech\SetPoint\lgscroll.dll
        C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll
        C:\WINDOWS\system32\NTMARTA.DLL
        C:\WINDOWS\system32\SAMLIB.dll
        C:\WINDOWS\system32\WLDAP32.dll
    ProcID:412    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
        C:\WINDOWS\system32\ntdll.dll
        C:\WINDOWS\system32\kernel32.dll
        C:\WINDOWS\system32\USER32.dll
        C:\WINDOWS\system32\GDI32.dll
        C:\WINDOWS\system32\SHELL32.dll
        C:\WINDOWS\system32\ADVAPI32.dll
        C:\WINDOWS\system32\RPCRT4.dll
        C:\WINDOWS\system32\Secur32.dll
        C:\WINDOWS\system32\msvcrt.dll
        C:\WINDOWS\system32\SHLWAPI.dll
        C:\WINDOWS\system32\VERSION.dll
        C:\WINDOWS\system32\ole32.dll
        C:\WINDOWS\system32\IMM32.DLL
        C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
        C:\WINDOWS\system32\comctl32.dll
        C:\WINDOWS\system32\imagehlp.dll
        C:\WINDOWS\system32\WININET.dll
        C:\WINDOWS\system32\Normaliz.dll
        C:\WINDOWS\system32\iertutil.dll
        C:\WINDOWS\system32\WS2_32.dll
        C:\WINDOWS\system32\WS2HELP.dll
        C:\WINDOWS\system32\dnsapi.dll
        C:\WINDOWS\system32\uxtheme.dll
        C:\WINDOWS\system32\SynTPFcs.dll
        C:\WINDOWS\system32\MSCTF.dll
        C:\WINDOWS\system32\CLBCATQ.DLL
        C:\WINDOWS\system32\COMRes.dll
        C:\WINDOWS\system32\OLEAUT32.dll
        C:\Program Files\ATI Technologies\ATI Control Panel\atipdsxx.dll
        C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATRPUIXX.ENU
        C:\WINDOWS\system32\msctfime.ime
        C:\Program Files\Logitech\SetPoint\GameHook.dll
        C:\Program Files\Logitech\SetPoint\lgscroll.dll
        C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll
        C:\WINDOWS\system32\NTMARTA.DLL
        C:\WINDOWS\system32\SAMLIB.dll
        C:\WINDOWS\system32\WLDAP32.dll
        C:\Program Files\ATI Technologies\ATI Control Panel\atipdxxx.dll
        C:\WINDOWS\system32\DINPUT8.dll
        C:\WINDOWS\system32\HID.DLL
        C:\WINDOWS\system32\SETUPAPI.DLL
        C:\WINDOWS\system32\WINMM.DLL
        C:\WINDOWS\system32\WINTRUST.dll
        C:\WINDOWS\system32\CRYPT32.dll
        C:\WINDOWS\system32\MSASN1.dll
    ProcID:424    C:\WINDOWS\system32\WLTRAY.EXE
        C:\WINDOWS\system32\ntdll.dll
        C:\WINDOWS\system32\kernel32.dll
        C:\WINDOWS\system32\MFC42.DLL
        C:\WINDOWS\system32\msvcrt.dll
        C:\WINDOWS\system32\GDI32.dll
        C:\WINDOWS\system32\USER32.dll
        C:\WINDOWS\system32\ADVAPI32.dll
        C:\WINDOWS\system32\RPCRT4.dll
        C:\WINDOWS\system32\Secur32.dll
        C:\WINDOWS\system32\SHELL32.dll
        C:\WINDOWS\system32\SHLWAPI.dll
        C:\WINDOWS\system32\ole32.dll
        C:\WINDOWS\system32\OLEAUT32.dll
        C:\WINDOWS\system32\VERSION.dll
        C:\WINDOWS\system32\IMM32.DLL
        C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
        C:\WINDOWS\system32\imagehlp.dll
        C:\WINDOWS\system32\WININET.dll
        C:\WINDOWS\system32\Normaliz.dll
        C:\WINDOWS\system32\iertutil.dll
        C:\WINDOWS\system32\WS2_32.dll
        C:\WINDOWS\system32\WS2HELP.dll
        C:\WINDOWS\system32\dnsapi.dll
        C:\WINDOWS\system32\uxtheme.dll
        C:\WINDOWS\system32\mfc42u.dll
        C:\WINDOWS\system32\msvcp60.dll
        C:\WINDOWS\system32\RICHED32.DLL
        C:\WINDOWS\system32\RICHED20.dll
        C:\WINDOWS\system32\msctfime.ime
        C:\WINDOWS\system32\Wtsapi32.dll
        C:\WINDOWS\system32\WINSTA.dll
        C:\WINDOWS\system32\NETAPI32.dll
        C:\WINDOWS\system32\CLBCATQ.DLL
        C:\WINDOWS\system32\COMRes.dll
        C:\WINDOWS\system32\xpsp2res.dll
        C:\WINDOWS\system32\MSCTF.dll
        C:\Program Files\Logitech\SetPoint\lgscroll.dll
        C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll
        C:\WINDOWS\system32\NTMARTA.DLL
        C:\WINDOWS\system32\SAMLIB.dll
        C:\WINDOWS\system32\WLDAP32.dll
        C:\Program Files\Logitech\SetPoint\GameHook.dll
    ProcID:436    C:\Program Files\QuickTime\QTTask.exe
        C:\WINDOWS\system32\ntdll.dll
        C:\WINDOWS\system32\kernel32.dll
        C:\WINDOWS\system32\VERSION.dll
        C:\WINDOWS\system32\USER32.dll
        C:\WINDOWS\system32\GDI32.dll
        C:\WINDOWS\system32\ADVAPI32.dll
        C:\WINDOWS\system32\RPCRT4.dll
        C:\WINDOWS\system32\Secur32.dll
        C:\WINDOWS\system32\SHELL32.dll
        C:\WINDOWS\system32\msvcrt.dll
        C:\WINDOWS\system32\SHLWAPI.dll
        C:\WINDOWS\system32\IMM32.DLL
        C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
        C:\WINDOWS\system32\comctl32.dll
        C:\WINDOWS\system32\imagehlp.dll
        C:\WINDOWS\system32\WININET.dll
        C:\WINDOWS\system32\Normaliz.dll
        C:\WINDOWS\system32\iertutil.dll
        C:\WINDOWS\system32\WS2_32.dll
        C:\WINDOWS\system32\WS2HELP.dll
        C:\WINDOWS\system32\dnsapi.dll
        C:\WINDOWS\system32\uxtheme.dll
        C:\WINDOWS\system32\msctfime.ime
        C:\WINDOWS\system32\ole32.dll
        C:\Program Files\Logitech\SetPoint\GameHook.dll
        C:\Program Files\Logitech\SetPoint\lgscroll.dll
        C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll
        C:\WINDOWS\system32\NTMARTA.DLL
        C:\WINDOWS\system32\SAMLIB.dll
        C:\WINDOWS\system32\WLDAP32.dll
        C:\WINDOWS\system32\MSCTF.dll
    ProcID:448    C:\Program Files\McAfee.com\Agent\mcagent.exe
        C:\WINDOWS\system32\ntdll.dll
        C:\WINDOWS\system32\kernel32.dll
        C:\WINDOWS\system32\VERSION.dll
        C:\WINDOWS\system32\WINTRUST.dll
        C:\WINDOWS\system32\ADVAPI32.dll
        C:\WINDOWS\system32\RPCRT4.dll
        C:\WINDOWS\system32\Secur32.dll
        C:\WINDOWS\system32\CRYPT32.dll
        C:\WINDOWS\system32\MSASN1.dll
        C:\WINDOWS\system32\msvcrt.dll
        C:\WINDOWS\system32\USER32.dll
        C:\WINDOWS\system32\GDI32.dll
        C:\WINDOWS\system32\IMAGEHLP.dll
        C:\WINDOWS\system32\SHELL32.dll
        C:\WINDOWS\system32\SHLWAPI.dll
        C:\WINDOWS\system32\ole32.dll
        C:\WINDOWS\system32\OLEAUT32.dll
        C:\WINDOWS\system32\WININET.dll
        C:\WINDOWS\system32\Normaliz.dll
        C:\WINDOWS\system32\iertutil.dll
        C:\WINDOWS\system32\IMM32.DLL
        C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
        C:\WINDOWS\system32\comctl32.dll
        C:\WINDOWS\system32\WS2_32.dll
        C:\WINDOWS\system32\WS2HELP.dll
        C:\WINDOWS\system32\dnsapi.dll
        C:\PROGRA~1\McAfee\MSC\McRes.dll
        C:\PROGRA~1\McAfee\MSC\McLocRes.dll
        C:\Program Files\McAfee\MSC\oem\370-9\Mccobres.dll
        C:\PROGRA~1\McAfee\MSC\Mccobres.dll
        C:\WINDOWS\system32\NTMARTA.DLL
        C:\WINDOWS\system32\SAMLIB.dll
        C:\WINDOWS\system32\WLDAP32.dll
        C:\WINDOWS\system32\uxtheme.dll
        C:\WINDOWS\system32\msctfime.ime
        C:\WINDOWS\system32\wtsapi32.dll
        C:\WINDOWS\system32\WINSTA.dll
        C:\WINDOWS\system32\NETAPI32.dll
        C:\WINDOWS\system32\CLBCATQ.DLL
        C:\WINDOWS\system32\COMRes.dll
        c:\WINDOWS\system32\msxml4.dll
        c:\PROGRA~1\mcafee\msc\mcsubmgr\8_1_13~1\mcsubmgr.dll
        C:\WINDOWS\system32\SETUPAPI.dll
        C:\WINDOWS\system32\psapi.dll
        C:\WINDOWS\system32\rsaenh.dll
        C:\WINDOWS\system32\xpsp2res.dll
        C:\WINDOWS\system32\userenv.dll
        C:\Program Files\Logitech\SetPoint\GameHook.dll
        C:\Program Files\Logitech\SetPoint\lgscroll.dll
        C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll
        C:\WINDOWS\system32\MSCTF.dll
        C:\Program Files\Common Files\McAfee\Core\mccoreps.dll
        C:\Program Files\McAfee\MSC\mcmispps.dll
        C:\WINDOWS\system32\msxml3.dll
        C:\WINDOWS\system32\winhttp.dll
        C:\WINDOWS\system32\RASAPI32.DLL
        C:\WINDOWS\system32\rasman.dll
        C:\WINDOWS\system32\TAPI32.dll
        C:\WINDOWS\system32\rtutils.dll
        C:\WINDOWS\system32\WINMM.dll
        C:\Program Files\McAfee.com\Agent\mcagntps.dll
        c:\PROGRA~1\mcafee\msc\mccfgpv.dll
        c:\PROGRA~1\mcafee\msc\mcshllps.dll
        c:\PROGRA~1\mcafee\msc\mcregobj\8_0_22~1\mcregobj.dll
        C:\Program Files\McAfee\SiteAdvisor\saHook.dll
        C:\WINDOWS\system32\SynTPFcs.dll
        C:\WINDOWS\system32\urlmon.dll
        C:\WINDOWS\system32\Apphelp.dll
    ProcID:508    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
        C:\WINDOWS\system32\ntdll.dll
        C:\WINDOWS\system32\kernel32.dll
        C:\WINDOWS\system32\ADVAPI32.dll
        C:\WINDOWS\system32\RPCRT4.dll
        C:\WINDOWS\system32\Secur32.dll
        C:\WINDOWS\system32\GDI32.dll
        C:\WINDOWS\system32\USER32.dll
        C:\WINDOWS\system32\WININET.dll
        C:\WINDOWS\system32\msvcrt.dll
        C:\WINDOWS\system32\SHLWAPI.dll
        C:\WINDOWS\system32\Normaliz.dll
        C:\WINDOWS\system32\iertutil.dll
        C:\WINDOWS\system32\ole32.dll
        C:\WINDOWS\system32\SHELL32.dll
        C:\WINDOWS\system32\OLEAUT32.dll
        C:\WINDOWS\system32\IMM32.DLL
        C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
        C:\WINDOWS\system32\comctl32.dll
        C:\WINDOWS\system32\imagehlp.dll
        C:\WINDOWS\system32\WS2_32.dll
        C:\WINDOWS\system32\WS2HELP.dll
        C:\WINDOWS\system32\dnsapi.dll
        C:\WINDOWS\system32\uxtheme.dll
    ProcID:528    C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
        C:\WINDOWS\system32\ntdll.dll
        C:\WINDOWS\system32\kernel32.dll
        C:\WINDOWS\system32\USER32.dll
        C:\WINDOWS\system32\GDI32.dll
        C:\WINDOWS\system32\WINSPOOL.DRV
        C:\WINDOWS\system32\ADVAPI32.dll
        C:\WINDOWS\system32\RPCRT4.dll
        C:\WINDOWS\system32\Secur32.dll
        C:\WINDOWS\system32\msvcrt.dll
        C:\WINDOWS\system32\SHELL32.dll
        C:\WINDOWS\system32\SHLWAPI.dll
        C:\WINDOWS\system32\COMCTL32.dll
        C:\WINDOWS\system32\IMM32.DLL
        C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
        C:\WINDOWS\system32\imagehlp.dll
        C:\WINDOWS\system32\WININET.dll
        C:\WINDOWS\system32\Normaliz.dll
        C:\WINDOWS\system32\iertutil.dll
        C:\WINDOWS\system32\WS2_32.dll
        C:\WINDOWS\system32\WS2HELP.dll
        C:\WINDOWS\system32\dnsapi.dll
        C:\WINDOWS\system32\uxtheme.dll
        C:\Program Files\Canon\MyPrinter\BJMyRes.dll
        C:\WINDOWS\system32\msctfime.ime
        C:\WINDOWS\system32\ole32.dll
        C:\Program Files\Logitech\SetPoint\GameHook.dll
        C:\Program Files\Logitech\SetPoint\lgscroll.dll
        C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll
        C:\WINDOWS\system32\NTMARTA.DLL
        C:\WINDOWS\system32\SAMLIB.dll
        C:\WINDOWS\system32\WLDAP32.dll
        C:\WINDOWS\system32\MSCTF.dll
    ProcID:592    C:\WINDOWS\system32\ctfmon.exe
        C:\WINDOWS\system32\ntdll.dll
        C:\WINDOWS\system32\kernel32.dll
        C:\WINDOWS\system32\msvcrt.dll
        C:\WINDOWS\system32\ADVAPI32.dll
        C:\WINDOWS\system32\RPCRT4.dll
        C:\WINDOWS\system32\Secur32.dll
        C:\WINDOWS\system32\USER32.dll
        C:\WINDOWS\system32\GDI32.dll
        C:\WINDOWS\system32\MSCTF.dll
        C:\WINDOWS\system32\MSUTB.dll
        C:\WINDOWS\system32\ShimEng.dll
        C:\WINDOWS\AppPatch\AcGenral.DLL
        C:\WINDOWS\system32\WINMM.dll
        C:\WINDOWS\system32\ole32.dll
        C:\WINDOWS\system32\OLEAUT32.dll
        C:\WINDOWS\system32\MSACM32.dll
        C:\WINDOWS\system32\VERSION.dll
        C:\WINDOWS\system32\SHELL32.dll
        C:\WINDOWS\system32\SHLWAPI.dll
        C:\WINDOWS\system32\USERENV.dll
        C:\WINDOWS\system32\UxTheme.dll
        C:\WINDOWS\system32\IMM32.DLL
        C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
        C:\WINDOWS\system32\imagehlp.dll
        C:\WINDOWS\system32\WININET.dll
        C:\WINDOWS\system32\Normaliz.dll
        C:\WINDOWS\system32\iertutil.dll
        C:\WINDOWS\system32\WS2_32.dll
        C:\WINDOWS\system32\WS2HELP.dll
        C:\WINDOWS\system32\dnsapi.dll
        C:\WINDOWS\system32\SynTPFcs.dll
        C:\WINDOWS\system32\msctfime.ime
        C:\Program Files\Logitech\SetPoint\lgscroll.dll
        C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll
        C:\WINDOWS\system32\NTMARTA.DLL
        C:\WINDOWS\system32\SAMLIB.dll
        C:\WINDOWS\system32\WLDAP32.dll
        C:\Program Files\Logitech\SetPoint\GameHook.dll
    ProcID:628    C:\WINDOWS\system32\smss.exe
    ProcID:680    C:\WINDOWS\system32\csrss.exe
    ProcID:684    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
        C:\WINDOWS\system32\ntdll.dll
        C:\WINDOWS\system32\kernel32.dll
        C:\WINDOWS\system32\USER32.dll
        C:\WINDOWS\system32\GDI32.dll
        C:\WINDOWS\system32\ADVAPI32.dll
        C:\WINDOWS\system32\RPCRT4.dll
        C:\WINDOWS\system32\Secur32.dll
        C:\WINDOWS\system32\IMM32.DLL
        C:\WINDOWS\system32\imagehlp.dll
        C:\WINDOWS\system32\msvcrt.dll
        C:\WINDOWS\system32\SHLWAPI.dll
        C:\WINDOWS\system32\WININET.dll
        C:\WINDOWS\system32\Normaliz.dll
        C:\WINDOWS\system32\iertutil.dll
        C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
        C:\WINDOWS\system32\WS2_32.dll
        C:\WINDOWS\system32\WS2HELP.dll
        C:\WINDOWS\system32\dnsapi.dll
        C:\Program Files\Logitech\Desktop Messenger\8876480\8.1.1.50-8876480SL\Program\backWeb.dll
        C:\Program Files\Logitech\Desktop Messenger\8876480\8.1.1.50-8876480SL\Program\bwsec.dll
        C:\Program Files\Logitech\Desktop Messenger\8876480\8.1.1.50-8876480SL\Program\clntutil.dll
        C:\WINDOWS\system32\ole32.dll
        C:\WINDOWS\system32\OLEAUT32.dll
        C:\WINDOWS\system32\snmpapi.dll
        C:\WINDOWS\system32\VERSION.dll
        C:\WINDOWS\system32\WINMM.dll
        C:\WINDOWS\system32\MFC42.DLL
        C:\WINDOWS\system32\SHELL32.dll
        C:\WINDOWS\system32\WSOCK32.dll
        C:\WINDOWS\system32\comctl32.dll
        C:\PROGRA~1\Logitech\DESKTO~1\8876480\811~1.50-\program\EN\ClientRC.dll
        C:\WINDOWS\system32\uxtheme.dll
        C:\WINDOWS\system32\SynTPFcs.dll
        C:\WINDOWS\system32\MSCTF.dll
        C:\WINDOWS\system32\xpsp2res.dll
        C:\WINDOWS\system32\CLBCATQ.DLL
        C:\WINDOWS\system32\COMRes.dll
        C:\WINDOWS\system32\feclient.dll
        C:\WINDOWS\system32\MPR.dll
        C:\WINDOWS\system32\USERENV.dll
        C:\WINDOWS\system32\CRYPT32.dll
        C:\WINDOWS\system32\MSASN1.dll
        C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWfiles-8876480.dll
        C:\Program Files\Logitech\Desktop Messenger\8876480\8.1.1.50-8876480SL\Program\BWfiles.dll
        C:\Program Files\Logitech\SetPoint\GameHook.dll
        C:\Program Files\Logitech\SetPoint\lgscroll.dll
        C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll
        C:\WINDOWS\system32\NTMARTA.DLL
        C:\WINDOWS\system32\SAMLIB.dll
        C:\WINDOWS\system32\WLDAP32.dll
        C:\WINDOWS\system32\msctfime.ime
        C:\WINDOWS\system32\wtsapi32.dll
        C:\WINDOWS\system32\WINSTA.dll
        C:\WINDOWS\system32\NETAPI32.dll
        C:\WINDOWS\system32\psapi.dll
        C:\Program Files\Logitech\Desktop Messenger\8876480\Program\SyncExt.dll
        C:\WINDOWS\system32\SETUPAPI.dll
        C:\WINDOWS\system32\inetmib1.dll
        C:\WINDOWS\system32\iphlpapi.dll
        C:\WINDOWS\system32\MPRAPI.dll
        C:\WINDOWS\system32\ACTIVEDS.dll
        C:\WINDOWS\system32\adsldpc.dll
        C:\WINDOWS\system32\ATL.DLL
        C:\WINDOWS\system32\rtutils.dll
        C:\WINDOWS\system32\mswsock.dll
        C:\WINDOWS\system32\hnetcfg.dll
        C:\WINDOWS\System32\wshtcpip.dll
        C:\WINDOWS\system32\WINTRUST.dll
        C:\WINDOWS\System32\winrnr.dll
        C:\WINDOWS\system32\rasadhlp.dll
        C:\Program Files\McAfee\SiteAdvisor\saHook.dll
        C:\WINDOWS\system32\SXS.DLL
    ProcID:704    C:\WINDOWS\system32\winlogon.exe
    ProcID:752    C:\WINDOWS\system32\services.exe
    ProcID:764    C:\WINDOWS\system32\lsass.exe
    ProcID:776    C:\Program Files\Logitech\SetPoint\SetPoint.exe
        C:\WINDOWS\system32\ntdll.dll
        C:\WINDOWS\system32\kernel32.dll
        C:\WINDOWS\system32\VERSION.dll
        C:\WINDOWS\system32\WINMM.dll
        C:\WINDOWS\system32\ADVAPI32.dll
        C:\WINDOWS\system32\RPCRT4.dll
        C:\WINDOWS\system32\Secur32.dll
        C:\WINDOWS\system32\GDI32.dll
        C:\WINDOWS\system32\USER32.dll
        C:\Program Files\Logitech\SetPoint\lgscroll.dll
        C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll
        C:\WINDOWS\system32\msvcrt.dll
        C:\WINDOWS\system32\KemXML.dll
        C:\WINDOWS\system32\kemutb.dll
        C:\WINDOWS\system32\KemUtil.dll
        C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\MFC80U.DLL
        C:\WINDOWS\system32\SHLWAPI.dll
        C:\WINDOWS\system32\comdlg32.dll
        C:\WINDOWS\system32\COMCTL32.dll
        C:\WINDOWS\system32\SHELL32.dll
        C:\WINDOWS\system32\ole32.dll
        C:\WINDOWS\system32\OLEAUT32.dll
        C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCP80.dll
        C:\WINDOWS\system32\KemWnd.dll
        C:\WINDOWS\system32\MSIMG32.dll
        C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\gdiplus.dll
        C:\Program Files\Logitech\SetPoint\SetPointCOM.dll
        C:\WINDOWS\system32\IMM32.DLL
        C:\WINDOWS\system32\NTMARTA.DLL
        C:\WINDOWS\system32\SAMLIB.dll
        C:\WINDOWS\system32\WLDAP32.dll
        C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\MFC80ENU.DLL
        C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
        C:\WINDOWS\system32\imagehlp.dll
        C:\WINDOWS\system32\WININET.dll
        C:\WINDOWS\system32\Normaliz.dll
        C:\WINDOWS\system32\iertutil.dll
        C:\WINDOWS\system32\WS2_32.dll
        C:\WINDOWS\system32\WS2HELP.dll
        C:\WINDOWS\system32\dnsapi.dll
        C:\WINDOWS\system32\uxtheme.dll
        C:\WINDOWS\system32\SynTPFcs.dll
        C:\WINDOWS\system32\MSCTF.dll
        C:\WINDOWS\system32\msctfime.ime
        C:\Program Files\Logitech\SetPoint\Macros\MacroCore.dll
        C:\Program Files\Logitech\SetPoint\IMHook.dll
        C:\Program Files\Logitech\SetPoint\WebBrowserSupport.dll
        C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_6e805841\ATL80.DLL
        C:\Program Files\Common Files\Logishrd\KHAL2\KhalApi.dll
        C:\Program Files\Common Files\Logitech\bluetooth\LBTServ.dll
        C:\Program Files\Logitech\SetPoint\kgame.dll
        C:\Program Files\Logitech\SetPoint\GameHook.dll
        C:\WINDOWS\system32\Apphelp.dll
        C:\Program Files\Logitech\SetPoint\LCabHandler.dll
        C:\Program Files\McAfee\SiteAdvisor\saHook.dll
        C:\WINDOWS\system32\netapi32.dll
        C:\WINDOWS\system32\SETUPAPI.dll
        C:\WINDOWS\system32\CLBCATQ.DLL
        C:\WINDOWS\system32\COMRes.dll
        C:\WINDOWS\system32\urlmon.dll
    ProcID:928    C:\WINDOWS\system32\ati2evxx.exe
    ProcID:944    C:\WINDOWS\system32\svchost.exe
    ProcID:1084    C:\WINDOWS\system32\svchost.exe
    ProcID:1180    C:\WINDOWS\system32\svchost.exe
    ProcID:1236    C:\WINDOWS\system32\svchost.exe
    ProcID:1244    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
        C:\WINDOWS\system32\ntdll.dll
        C:\WINDOWS\system32\kernel32.dll
        C:\WINDOWS\system32\USER32.dll
        C:\WINDOWS\system32\GDI32.dll
        C:\WINDOWS\system32\ADVAPI32.dll
        C:\WINDOWS\system32\RPCRT4.dll
        C:\WINDOWS\system32\Secur32.dll
        C:\WINDOWS\system32\IMM32.DLL
        C:\WINDOWS\system32\imagehlp.dll
        C:\WINDOWS\system32\msvcrt.dll
        C:\WINDOWS\system32\SHLWAPI.dll
        C:\WINDOWS\system32\WININET.dll
        C:\WINDOWS\system32\Normaliz.dll
        C:\WINDOWS\system32\iertutil.dll
        C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
        C:\WINDOWS\system32\WS2_32.dll
        C:\WINDOWS\system32\WS2HELP.dll
        C:\WINDOWS\system32\dnsapi.dll
        C:\Program Files\Common Files\Logishrd\KHAL2\KHALAPI.DLL
        C:\WINDOWS\system32\SHELL32.dll
        C:\WINDOWS\system32\comctl32.dll
        C:\WINDOWS\system32\NTMARTA.DLL
        C:\WINDOWS\system32\ole32.dll
        C:\WINDOWS\system32\SAMLIB.dll
        C:\WINDOWS\system32\WLDAP32.dll
        C:\WINDOWS\system32\uxtheme.dll
        C:\WINDOWS\system32\SynTPFcs.dll
        C:\WINDOWS\system32\VERSION.dll
        C:\WINDOWS\system32\MSCTF.dll
        C:\Program Files\Logitech\SetPoint\GameHook.dll
        C:\Program Files\Logitech\SetPoint\lgscroll.dll
        C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll
        C:\WINDOWS\system32\msctfime.ime
        C:\WINDOWS\system32\wtsapi32.dll
        C:\WINDOWS\system32\WINSTA.dll
        C:\WINDOWS\system32\NETAPI32.dll
        C:\Program Files\Common Files\Logitech\bluetooth\LBTServ.dll
        C:\WINDOWS\system32\setupapi.dll
        C:\WINDOWS\system32\cfgmgr32.dll
        C:\WINDOWS\system32\hid.dll
        C:\Program Files\Common Files\Logishrd\KHAL2\KHALITCH.DLL
        C:\Program Files\Common Files\Logishrd\KHAL2\KHALMW.DLL
        C:\Program Files\Common Files\Logishrd\KHAL2\KHALHPP.DLL
        C:\WINDOWS\system32\WINMM.dll
        C:\Program Files\Common Files\Logishrd\KHAL2\KHALMOU.DLL
        C:\Program Files\Common Files\Logishrd\KHAL2\KHALHID.DLL
        C:\Program Files\Common Files\Logishrd\KHAL2\KHALUSB.DLL
        C:\WINDOWS\system32\WINTRUST.dll
        C:\WINDOWS\system32\CRYPT32.dll
        C:\WINDOWS\system32\MSASN1.dll
    ProcID:1344    C:\WINDOWS\system32\svchost.exe
    ProcID:1692    C:\WINDOWS\system32\WLTRYSVC.EXE
    ProcID:1712    C:\WINDOWS\system32\ati2evxx.exe
    ProcID:1796    C:\WINDOWS\system32\BCMWLTRY.EXE
    ProcID:1816    C:\WINDOWS\explorer.exe
        C:\WINDOWS\system32\ntdll.dll
        C:\WINDOWS\system32\kernel32.dll
        C:\WINDOWS\system32\ADVAPI32.dll
        C:\WINDOWS\system32\RPCRT4.dll
        C:\WINDOWS\system32\Secur32.dll
        C:\WINDOWS\system32\BROWSEUI.dll
        C:\WINDOWS\system32\GDI32.dll
        C:\WINDOWS\system32\USER32.dll
        C:\WINDOWS\system32\msvcrt.dll
        C:\WINDOWS\system32\ole32.dll
        C:\WINDOWS\system32\SHLWAPI.dll
        C:\WINDOWS\system32\OLEAUT32.dll
        C:\WINDOWS\system32\SHDOCVW.dll
        C:\WINDOWS\system32\CRYPT32.dll
        C:\WINDOWS\system32\MSASN1.dll
        C:\WINDOWS\system32\CRYPTUI.dll
        C:\WINDOWS\system32\NETAPI32.dll
        C:\WINDOWS\system32\VERSION.dll
        C:\WINDOWS\system32\WININET.dll
        C:\WINDOWS\system32\Normaliz.dll
        C:\WINDOWS\system32\iertutil.dll
        C:\WINDOWS\system32\WINTRUST.dll
        C:\WINDOWS\system32\IMAGEHLP.dll
        C:\WINDOWS\system32\WLDAP32.dll
        C:\WINDOWS\system32\SHELL32.dll
        C:\WINDOWS\system32\UxTheme.dll
        C:\WINDOWS\system32\ShimEng.dll
        C:\WINDOWS\AppPatch\AcGenral.DLL
        C:\WINDOWS\system32\WINMM.dll
        C:\WINDOWS\system32\MSACM32.dll
        C:\WINDOWS\system32\USERENV.dll
        C:\WINDOWS\system32\IMM32.DLL
        C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
        C:\WINDOWS\system32\comctl32.dll
        C:\WINDOWS\system32\WS2_32.dll
        C:\WINDOWS\system32\WS2HELP.dll
        C:\WINDOWS\system32\dnsapi.dll
        C:\WINDOWS\system32\msctfime.ime
        C:\WINDOWS\system32\appHelp.dll
        C:\WINDOWS\system32\CLBCATQ.DLL
        C:\WINDOWS\system32\COMRes.dll
        C:\WINDOWS\System32\cscui.dll
        C:\WINDOWS\System32\CSCDLL.dll
        C:\WINDOWS\system32\themeui.dll
        C:\WINDOWS\system32\MSIMG32.dll
        C:\WINDOWS\system32\xpsp2res.dll
        C:\WINDOWS\system32\urlmon.dll
        C:\WINDOWS\system32\ieframe.dll
        C:\WINDOWS\system32\PSAPI.DLL
        C:\WINDOWS\system32\SAMLIB.dll
        C:\WINDOWS\system32\msi.dll
        C:\WINDOWS\system32\SETUPAPI.dll
        C:\WINDOWS\system32\LINKINFO.dll
        C:\WINDOWS\system32\ntshrui.dll
        C:\WINDOWS\system32\ATL.DLL
        C:\WINDOWS\system32\MLANG.dll
        C:\WINDOWS\system32\NETSHELL.dll
        C:\WINDOWS\system32\credui.dll
        C:\WINDOWS\system32\dot3api.dll
        C:\WINDOWS\system32\rtutils.dll
        C:\WINDOWS\system32\dot3dlg.dll
        C:\WINDOWS\system32\OneX.DLL
        C:\WINDOWS\system32\WTSAPI32.dll
        C:\WINDOWS\system32\WINSTA.dll
        C:\WINDOWS\system32\eappcfg.dll
        C:\WINDOWS\system32\MSVCP60.dll
        C:\WINDOWS\system32\eappprxy.dll
        C:\WINDOWS\system32\iphlpapi.dll
        C:\WINDOWS\system32\rsaenh.dll
        C:\WINDOWS\system32\MSCTF.dll
        C:\WINDOWS\system32\SynTPFcs.dll
        C:\Program Files\Logitech\SetPoint\lgscroll.dll
        C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll
        C:\WINDOWS\system32\NTMARTA.DLL
        C:\Program Files\Logitech\SetPoint\GameHook.dll
        C:\WINDOWS\system32\webcheck.dll
        C:\WINDOWS\system32\stobject.dll
        C:\WINDOWS\system32\BatMeter.dll
        C:\WINDOWS\system32\POWRPROF.dll
        C:\WINDOWS\system32\WPDShServiceObj.dll
        C:\WINDOWS\system32\WINHTTP.dll
        C:\WINDOWS\system32\mydocs.dll
        C:\WINDOWS\system32\PortableDeviceTypes.dll
        C:\WINDOWS\system32\PortableDeviceApi.dll
        C:\WINDOWS\system32\wdmaud.drv
        C:\WINDOWS\system32\msacm32.drv
        C:\WINDOWS\system32\midimap.dll
        C:\Program Files\McAfee\SiteAdvisor\saHook.dll
        C:\WINDOWS\system32\MPR.dll
        C:\WINDOWS\System32\drprov.dll
        C:\WINDOWS\System32\ntlanman.dll
        C:\WINDOWS\System32\NETUI0.dll
        C:\WINDOWS\System32\NETUI1.dll
        C:\WINDOWS\System32\NETRAP.dll
        C:\WINDOWS\system32\SXS.DLL
        C:\WINDOWS\System32\davclnt.dll
        C:\WINDOWS\system32\WZCSAPI.DLL
        C:\WINDOWS\system32\wzcdlg.dll
        C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
        C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
        c:\PROGRA~1\mcafee\VIRUSS~1\mcctxmnu.dll
        C:\WINDOWS\system32\actxprxy.dll
        C:\WINDOWS\system32\browselc.dll
    ProcID:1948    C:\WINDOWS\system32\spoolsv.exe
    ProcID:2052    C:\Program Files\Spyware Cease\SpywareCease.exe
        C:\WINDOWS\system32\ntdll.dll
        C:\WINDOWS\system32\kernel32.dll
        C:\WINDOWS\system32\user32.dll
        C:\WINDOWS\system32\GDI32.dll
        C:\WINDOWS\system32\advapi32.dll
        C:\WINDOWS\system32\RPCRT4.dll
        C:\WINDOWS\system32\Secur32.dll
        C:\WINDOWS\system32\oleaut32.dll
        C:\WINDOWS\system32\msvcrt.dll
        C:\WINDOWS\system32\ole32.dll
        C:\WINDOWS\system32\version.dll
        C:\WINDOWS\system32\comctl32.dll
        C:\WINDOWS\system32\shell32.dll
        C:\WINDOWS\system32\SHLWAPI.dll
        C:\WINDOWS\system32\comdlg32.dll
        C:\Program Files\Spyware Cease\networkdll.dll
        C:\WINDOWS\system32\WS2_32.dll
        C:\WINDOWS\system32\WS2HELP.dll
        C:\Program Files\Spyware Cease\zlib1.dll
        C:\WINDOWS\system32\WINSPOOL.DRV
        C:\Program Files\Spyware Cease\opfile.dll
        C:\Program Files\Spyware Cease\spkdll.dll
        C:\WINDOWS\system32\winmm.dll
        C:\WINDOWS\system32\IMM32.DLL
        C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
        C:\Program Files\Spyware Cease\md5.dll
        C:\Program Files\Spyware Cease\RkHitApi.dll
        C:\WINDOWS\system32\imagehlp.dll
        C:\WINDOWS\system32\WININET.dll
        C:\WINDOWS\system32\Normaliz.dll
        C:\WINDOWS\system32\iertutil.dll
        C:\WINDOWS\system32\dnsapi.dll
        C:\WINDOWS\system32\uxtheme.dll
        C:\Program Files\McAfee\SiteAdvisor\saHook.dll
        C:\WINDOWS\system32\SynTPFcs.dll
        C:\WINDOWS\system32\MSCTF.dll
        C:\Program Files\Logitech\SetPoint\GameHook.dll
        C:\Program Files\Logitech\SetPoint\lgscroll.dll
        C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll
        C:\WINDOWS\system32\NTMARTA.DLL
        C:\WINDOWS\system32\SAMLIB.dll
        C:\WINDOWS\system32\WLDAP32.dll
        C:\WINDOWS\system32\msctfime.ime
        C:\WINDOWS\system32\mswsock.dll
        C:\WINDOWS\system32\hnetcfg.dll
        C:\WINDOWS\System32\wshtcpip.dll
        C:\WINDOWS\System32\winrnr.dll
        C:\WINDOWS\system32\rasadhlp.dll
        C:\WINDOWS\system32\SETUPAPI.dll
        C:\WINDOWS\system32\appHelp.dll
        C:\WINDOWS\system32\CLBCATQ.DLL
        C:\WINDOWS\system32\COMRes.dll
        C:\WINDOWS\System32\cscui.dll
        C:\WINDOWS\System32\CSCDLL.dll
    ProcID:2060    C:\WINDOWS\ehome\ehrecvr.exe
    ProcID:2076    C:\WINDOWS\ehome\ehSched.exe
    ProcID:2132    C:\Program Files\Java\jre6\bin\jqs.exe
    ProcID:2228    C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    ProcID:2252    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    ProcID:2372    C:\WINDOWS\ehome\ehmsas.exe
        C:\WINDOWS\system32\ntdll.dll
        C:\WINDOWS\system32\kernel32.dll
        C:\WINDOWS\system32\msvcrt.dll
        C:\WINDOWS\system32\ATL.DLL
        C:\WINDOWS\system32\USER32.dll
        C:\WINDOWS\system32\GDI32.dll
        C:\WINDOWS\system32\ADVAPI32.dll
        C:\WINDOWS\system32\RPCRT4.dll
        C:\WINDOWS\system32\Secur32.dll
        C:\WINDOWS\system32\ole32.dll
        C:\WINDOWS\system32\OLEAUT32.dll
        C:\WINDOWS\system32\IMM32.DLL
        C:\WINDOWS\system32\imagehlp.dll
        C:\WINDOWS\system32\SHLWAPI.dll
        C:\WINDOWS\system32\WININET.dll
        C:\WINDOWS\system32\Normaliz.dll
        C:\WINDOWS\system32\iertutil.dll
        C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
        C:\WINDOWS\system32\WS2_32.dll
        C:\WINDOWS\system32\WS2HELP.dll
        C:\WINDOWS\system32\dnsapi.dll
        C:\WINDOWS\system32\uxtheme.dll
        C:\Program Files\McAfee\SiteAdvisor\saHook.dll
        C:\WINDOWS\system32\SynTPFcs.dll
        C:\WINDOWS\system32\VERSION.dll
        C:\WINDOWS\system32\MSCTF.dll
        C:\Program Files\Logitech\SetPoint\GameHook.dll
        C:\Program Files\Logitech\SetPoint\lgscroll.dll
        C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll
        C:\WINDOWS\system32\NTMARTA.DLL
        C:\WINDOWS\system32\SAMLIB.dll
        C:\WINDOWS\system32\WLDAP32.dll
        C:\WINDOWS\system32\CLBCATQ.DLL
        C:\WINDOWS\system32\COMRes.dll
        C:\WINDOWS\system32\xpsp2res.dll
        C:\WINDOWS\system32\SXS.DLL
    ProcID:2400    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    ProcID:2444    C:\PROGRA~1\McAfee\MSC\mcuimgr.exe
        C:\WINDOWS\system32\ntdll.dll
        C:\WINDOWS\system32\kernel32.dll
        C:\WINDOWS\system32\WINTRUST.dll
        C:\WINDOWS\system32\ADVAPI32.dll
        C:\WINDOWS\system32\RPCRT4.dll
        C:\WINDOWS\system32\Secur32.dll
        C:\WINDOWS\system32\CRYPT32.dll
        C:\WINDOWS\system32\MSASN1.dll
        C:\WINDOWS\system32\msvcrt.dll
        C:\WINDOWS\system32\USER32.dll
        C:\WINDOWS\system32\GDI32.dll
        C:\WINDOWS\system32\IMAGEHLP.dll
        C:\WINDOWS\system32\SHELL32.dll
        C:\WINDOWS\system32\SHLWAPI.dll
        C:\WINDOWS\system32\ole32.dll
        C:\WINDOWS\system32\OLEAUT32.dll
        C:\WINDOWS\system32\IMM32.DLL
        C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
        C:\WINDOWS\system32\comctl32.dll
        C:\WINDOWS\system32\WININET.dll
        C:\WINDOWS\system32\Normaliz.dll
        C:\WINDOWS\system32\iertutil.dll
        C:\WINDOWS\system32\WS2_32.dll
        C:\WINDOWS\system32\WS2HELP.dll
        C:\WINDOWS\system32\dnsapi.dll
        C:\WINDOWS\system32\uxtheme.dll
        C:\Program Files\McAfee\SiteAdvisor\saHook.dll
        C:\WINDOWS\system32\SynTPFcs.dll
        C:\WINDOWS\system32\VERSION.dll
        C:\WINDOWS\system32\MSCTF.dll
        C:\Program Files\Logitech\SetPoint\GameHook.dll
        C:\Program Files\Logitech\SetPoint\lgscroll.dll
        C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll
        C:\WINDOWS\system32\NTMARTA.DLL
        C:\WINDOWS\system32\SAMLIB.dll
        C:\WINDOWS\system32\WLDAP32.dll
        C:\WINDOWS\system32\CLBCATQ.DLL
        C:\WINDOWS\system32\COMRes.dll
        C:\WINDOWS\system32\xpsp2res.dll
        C:\WINDOWS\system32\msctfime.ime
        C:\Program Files\Common Files\McAfee\Core\mccoreps.dll
        c:\PROGRA~1\mcafee\msc\mcshllps.dll
        C:\PROGRA~1\McAfee\MSC\McRes.dll
        C:\PROGRA~1\McAfee\MSC\McLocRes.dll
        C:\Program Files\McAfee\MSC\oem\370-9\Mccobres.dll
        C:\PROGRA~1\McAfee\MSC\Mccobres.dll
        C:\WINDOWS\system32\SXS.DLL
    ProcID:2480    C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
    ProcID:2504    C:\WINDOWS\system32\dllhost.exe
    ProcID:2556    C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
    ProcID:2608    C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
    ProcID:2688    C:\Program Files\McAfee\MPF\MpfSrv.exe
    ProcID:2764    C:\Program Files\McAfee\MSK\msksrver.exe
    ProcID:2856    C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    ProcID:3020    C:\WINDOWS\system32\svchost.exe
    ProcID:3128    C:\WINDOWS\system32\svchost.exe
    ProcID:3296    C:\WINDOWS\ehome\mcrdsvc.exe
    ProcID:3528    C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
        C:\WINDOWS\system32\ntdll.dll
        C:\WINDOWS\system32\kernel32.dll
        C:\WINDOWS\system32\USER32.dll
        C:\WINDOWS\system32\GDI32.dll
        C:\WINDOWS\system32\ADVAPI32.dll
        C:\WINDOWS\system32\RPCRT4.dll
        C:\WINDOWS\system32\Secur32.dll
        C:\WINDOWS\system32\SHELL32.dll
        C:\WINDOWS\system32\msvcrt.dll
        C:\WINDOWS\system32\SHLWAPI.dll
        C:\WINDOWS\system32\MSVCP71.dll
        C:\WINDOWS\system32\MSVCR71.dll
        C:\WINDOWS\system32\IMM32.DLL
        C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
        C:\WINDOWS\system32\imagehlp.dll
        C:\WINDOWS\system32\WININET.dll
        C:\WINDOWS\system32\Normaliz.dll
        C:\WINDOWS\system32\iertutil.dll
        C:\WINDOWS\system32\WS2_32.dll
        C:\WINDOWS\system32\WS2HELP.dll
        C:\WINDOWS\system32\dnsapi.dll
        C:\Program Files\Adobe\Acrobat 7.0\Reader\BIB.dll
        C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.dll
        C:\Program Files\Adobe\Acrobat 7.0\Reader\AGM.dll
        C:\Program Files\Adobe\Acrobat 7.0\Reader\CoolType.dll
        C:\WINDOWS\system32\ole32.dll
        C:\WINDOWS\system32\VERSION.dll
        C:\WINDOWS\system32\OLEAUT32.dll
        C:\Program Files\Adobe\Acrobat 7.0\Reader\ACE.dll
        C:\WINDOWS\system32\WINMM.dll
        C:\WINDOWS\system32\uxtheme.dll
        C:\Program Files\McAfee\SiteAdvisor\saHook.dll
        C:\WINDOWS\system32\SynTPFcs.dll
        C:\WINDOWS\system32\MSCTF.dll
        C:\Program Files\Logitech\SetPoint\GameHook.dll
        C:\Program Files\Logitech\SetPoint\lgscroll.dll
        C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll
        C:\WINDOWS\system32\NTMARTA.DLL
        C:\WINDOWS\system32\SAMLIB.dll
        C:\WINDOWS\system32\WLDAP32.dll
        C:\WINDOWS\system32\msctfime.ime
        C:\WINDOWS\system32\xpsp2res.dll
        C:\WINDOWS\system32\SETUPAPI.dll
        C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\Accessibility.api
        C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\AcroForm.api
        C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\Annots.api
        C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\Checkers.api
        C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\DigSig.api
        C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\eBook.api
        C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\EScript.api
        C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\EWH32.api
        C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\HLS.api
        C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\IA32.api
        C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\ImageViewer.API
        C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\LegalPDF.api
        C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\MakeAccessible.api
        C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\Multimedia.api
        C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\PDDom.api
        C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\PictureTasks.api
        C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\PPKLite.api
        C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\reflow.api
        C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\SaveAsRTF.api
        C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\Search.api
        C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\Search5.api
        C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\SendMail.api
        C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\Soap.api
        C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\Spelling.api
        C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\Updater.api
        C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\weblink.api
        C:\WINDOWS\system32\CLBCATQ.DLL
        C:\WINDOWS\system32\COMRes.dll
        C:\WINDOWS\System32\mswsock.dll
        C:\WINDOWS\System32\winrnr.dll
        C:\WINDOWS\system32\rasadhlp.dll
        C:\WINDOWS\system32\ieframe.dll
        C:\WINDOWS\system32\PSAPI.DLL
        C:\WINDOWS\system32\SXS.DLL
        C:\WINDOWS\system32\urlmon.dll
        C:\WINDOWS\system32\Wtsapi32.dll
        C:\WINDOWS\system32\WINSTA.dll
        C:\WINDOWS\system32\NETAPI32.dll
        C:\WINDOWS\system32\mscms.dll
        C:\WINDOWS\system32\WINSPOOL.DRV
    ProcID:3784    C:\WINDOWS\system32\alg.exe
HOSTS
    127.0.0.1       localhost
System services
    Alerter
        C:\WINDOWS\system32\svchost.exe -k LocalService
    ALG
        C:\WINDOWS\System32\alg.exe
    AppMgmt
        C:\WINDOWS\system32\svchost.exe -k netsvcs
    aspnet_state
        C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
    Ati HotKey Poller
        C:\WINDOWS\system32\Ati2evxx.exe
    AudioSrv
        C:\WINDOWS\System32\svchost.exe -k netsvcs
    BITS
        C:\WINDOWS\system32\svchost.exe -k netsvcs
    Browser
        C:\WINDOWS\system32\svchost.exe -k netsvcs
    CiSvc
        C:\WINDOWS\system32\cisvc.exe
    ClipSrv
        C:\WINDOWS\system32\clipsrv.exe
    clr_optimization_v2.0.50727_32
        C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    COMSysApp
        C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
    CryptSvc
        C:\WINDOWS\system32\svchost.exe -k netsvcs
    DcomLaunch
        C:\WINDOWS\system32\svchost -k DcomLaunch
    Dhcp
        C:\WINDOWS\system32\svchost.exe -k netsvcs
    dmadmin
        C:\WINDOWS\System32\dmadmin.exe /com
    dmserver
        C:\WINDOWS\System32\svchost.exe -k netsvcs
    Dnscache
        C:\WINDOWS\system32\svchost.exe -k NetworkService
    Dot3svc
        C:\WINDOWS\System32\svchost.exe -k dot3svc
    EapHost
        C:\WINDOWS\System32\svchost.exe -k eapsvcs
    ehRecvr
        C:\WINDOWS\eHome\ehRecvr.exe
    ehSched
        C:\WINDOWS\eHome\ehSched.exe
    ERSvc
        C:\WINDOWS\System32\svchost.exe -k netsvcs
    Eventlog
        C:\WINDOWS\system32\services.exe
    EventSystem
        C:\WINDOWS\system32\svchost.exe -k netsvcs
    FastUserSwitchingCompatibility
        C:\WINDOWS\System32\svchost.exe -k netsvcs
    helpsvc
        C:\WINDOWS\System32\svchost.exe -k netsvcs
    HidServ
        C:\WINDOWS\System32\svchost.exe -k netsvcs
    hkmsvc
        C:\WINDOWS\System32\svchost.exe -k netsvcs
    HTTPFilter
        C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    IDriverT
        "C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe"
    ImapiService
        C:\WINDOWS\system32\imapi.exe
    JavaQuickStarterService
        "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
    lanmanserver
        C:\WINDOWS\system32\svchost.exe -k netsvcs
    lanmanworkstation
        C:\WINDOWS\system32\svchost.exe -k netsvcs
    LBTServ
        C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
    LmHosts
        C:\WINDOWS\system32\svchost.exe -k LocalService
    McAfee SiteAdvisor Service
        "C:\Program Files\McAfee\SiteAdvisor\McSACore.exe"
    mcmscsvc
        C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    McNASvc
        "c:\program files\common files\mcafee\mna\mcnasvc.exe"
    McODS
        C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    McProxy
        c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    McrdSvc
        C:\WINDOWS\ehome\mcrdsvc.exe
    McShield
        C:\Program Files\McAfee\VirusScan\McShield.exe
    McSysmon
        C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    Messenger
        C:\WINDOWS\system32\svchost.exe -k netsvcs
    MHN
        C:\WINDOWS\System32\svchost.exe -k netsvcs
    mnmsrvc
        C:\WINDOWS\system32\mnmsrvc.exe
    MpfService
        "C:\Program Files\McAfee\MPF\MPFSrv.exe"
    MSDTC
        C:\WINDOWS\system32\msdtc.exe
    MSIServer
        C:\WINDOWS\system32\msiexec.exe /V
    MSK80Service
        "C:\Program Files\McAfee\MSK\MskSrver.exe"
    napagent
        C:\WINDOWS\System32\svchost.exe -k netsvcs
    NetDDE
        C:\WINDOWS\system32\netdde.exe
    NetDDEdsdm
        C:\WINDOWS\system32\netdde.exe
    Netlogon
        C:\WINDOWS\system32\lsass.exe
    Netman
        C:\WINDOWS\System32\svchost.exe -k netsvcs
    Nla
        C:\WINDOWS\system32\svchost.exe -k netsvcs
    NtLmSsp
        C:\WINDOWS\system32\lsass.exe
    NtmsSvc
        C:\WINDOWS\system32\svchost.exe -k netsvcs
    ose
        "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
    PlugPlay
        C:\WINDOWS\system32\services.exe
    PolicyAgent
        C:\WINDOWS\system32\lsass.exe
    PrismXL
        C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    ProtectedStorage
        C:\WINDOWS\system32\lsass.exe
    RasAuto
        C:\WINDOWS\system32\svchost.exe -k netsvcs
    RasMan
        C:\WINDOWS\system32\svchost.exe -k netsvcs
    RDSessMgr
        C:\WINDOWS\system32\sessmgr.exe
    RemoteAccess
        C:\WINDOWS\system32\svchost.exe -k netsvcs
    RemoteRegistry
        C:\WINDOWS\system32\svchost.exe -k LocalService
    RpcLocator
        C:\WINDOWS\system32\locator.exe
    RpcSs
        C:\WINDOWS\system32\svchost -k rpcss
    RSVP
        C:\WINDOWS\system32\rsvp.exe
    SamSs
        C:\WINDOWS\system32\lsass.exe
    SCardSvr
        C:\WINDOWS\System32\SCardSvr.exe
    Schedule
        C:\WINDOWS\System32\svchost.exe -k netsvcs
    seclogon
        C:\WINDOWS\System32\svchost.exe -k netsvcs
    SENS
        C:\WINDOWS\system32\svchost.exe -k netsvcs
    SharedAccess
        C:\WINDOWS\system32\svchost.exe -k netsvcs
    ShellHWDetection
        C:\WINDOWS\System32\svchost.exe -k netsvcs
    Spooler
        C:\WINDOWS\system32\spoolsv.exe
    SQLWriter
        "c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
    srservice
        C:\WINDOWS\system32\svchost.exe -k netsvcs
    SSDPSRV
        C:\WINDOWS\system32\svchost.exe -k LocalService
    stisvc
        C:\WINDOWS\system32\svchost.exe -k imgsvc
    SwPrv
        C:\WINDOWS\system32\dllhost.exe /Processid:{0A3B4C01-E04B-4BC1-8F9B-40D53973ABCB}
    SysmonLog
        C:\WINDOWS\system32\smlogsvc.exe
    TapiSrv
        C:\WINDOWS\System32\svchost.exe -k netsvcs
    TermService
        C:\WINDOWS\System32\svchost -k DComLaunch
    Themes
        C:\WINDOWS\System32\svchost.exe -k netsvcs
    TlntSvr
        C:\WINDOWS\system32\tlntsvr.exe
    TrkWks
        C:\WINDOWS\system32\svchost.exe -k netsvcs
    upnphost
        C:\WINDOWS\system32\svchost.exe -k LocalService
    UPS
        C:\WINDOWS\System32\ups.exe
    Viewpoint Manager Service
        "C:\Program Files\Viewpoint\Common\ViewpointService.exe"
    VSS
        C:\WINDOWS\System32\vssvc.exe
    W32Time
        C:\WINDOWS\System32\svchost.exe -k netsvcs
    WebClient
        C:\WINDOWS\system32\svchost.exe -k LocalService
    winmgmt
        C:\WINDOWS\system32\svchost.exe -k netsvcs
    wltrysvc
        C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe
    WmdmPmSN
        C:\WINDOWS\System32\svchost.exe -k netsvcs
    Wmi
        C:\WINDOWS\System32\svchost.exe -k netsvcs
    WmiApSrv
        C:\WINDOWS\system32\wbem\wmiapsrv.exe
    WMPNetworkSvc
        "C:\Program Files\Windows Media Player\WMPNetwk.exe"
    wscsvc
        C:\WINDOWS\System32\svchost.exe -k netsvcs
    wuauserv
        C:\WINDOWS\system32\svchost.exe -k netsvcs
    WudfSvc
        C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    WZCSVC
        C:\WINDOWS\System32\svchost.exe -k netsvcs
    xmlprov
        C:\WINDOWS\System32\svchost.exe -k netsvcs
Windows registry
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
        ehTray || C:\WINDOWS\ehome\ehtray.exe
        NeroFilterCheck || C:\WINDOWS\system32\NeroCheck.exe
        RemoteControl || "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
        SynTPLpr || C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
        SynTPEnh || C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
        Reminder || %WINDIR%\Creator\Remind_XP.exe
        Recguard || %WINDIR%\SMINST\RECGUARD.EXE
        ATIPTA || C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
        Broadcom Wireless Manager UI || C:\WINDOWS\system32\WLTRAY
        QuickTime Task || "C:\Program Files\QuickTime\QTTask.exe" -atboottime
        mcagent_exe || C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
        SunJavaUpdateSched ||

windows-virus

Edited 11 Years Ago by mike_2000_17 because: Fixed formatting

3 Contributors
18 Replies
335 Views
1 Week Discussion Span
Latest Post 15 Years Ago Latest Post by crunchie

All 18 Replies

cohen 17 Practically a Posting Shark

15 Years Ago

Hello,

Can you pls do the following:

1. - Download Malwarebytes' Anti-Malware (http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?part=dl-10804572&subj=dl&tag=button) to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure to checkmark the Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Make sure that you restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

2. - Download hijackthis and post the log.

In your reply, post the logs (in this order):
1. - Malware Bytes Log
2. - Hijackthis Log

Thanks,

Cohen

crunchie 990 Most Valuable Poster

15 Years Ago

after you click on the link to download it, change the name of the application, then save it to your pc.
Try it then.

crunchie 990 Most Valuable Poster

15 Years Ago

Change the file extension of MBAM to .com and try again.

crunchie 990 Most Valuable Poster

15 Years Ago

Please download ComboFix by sUBs from HERE or HERE You must rename combofix BEFORE saving it to your pc.

You must download it to and run it from your Desktop
Physically disconnect from the internet.
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
Re-enable all the programs that were disabled during the running of ComboFix..
Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

cohen 17 Practically a Posting Shark

15 Years Ago

Alright, Now can you follow my instructions above, regarding the MBA-M and see if you can do that.

Thanks,

Cohen

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

myhangel 0 Newbie Poster · Answer 1 · 2008-12-12T05:43:55+00:00

Hi Cohen,

I downloaded MalwareBytes several times (after uninstalling each time of course), but no matter what I do, the program will not launch. What else can I do?

Thanks

myhangel 0 Newbie Poster · Answer 2 · 2008-12-12T07:55:14+00:00

myhangel 0 Newbie Poster

15 Years Ago

just tried that. still won't launch...

myhangel 0 Newbie Poster · Answer 3 · 2008-12-12T21:09:42+00:00

Ok, I tried changing the file extention to .com and still nothing. I have the MBAM installed but when I double click to launch it, my cursor turns into an hour glass for three seconds and then goes away and nothing happens. Just me staring at the monitor like a dummy hoping and waiting for something to come up.

I'm ready to give up on this dang thing and ask Santa to bring me a new one for Christmas.

myhangel 0 Newbie Poster · Answer 4 · 2008-12-16T05:02:32+00:00

I had to use a friend's computer to download combofix onto a thumb drive so that I could get it onto my computer since it was not letting me. I was seriously doubtful but it worked! Finally something worked! Here are my logs from Combofix and HJT:

ComboFix 08-12-09.03 - Owner 2008-12-15 11:37:00.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.579 [GMT -8:00]
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\DelSelf.bat
c:\windows\system32\drivers\TDSSmxoe.sys
c:\windows\system32\TDSSirxy.dll
c:\windows\system32\TDSSktpa.dll
c:\windows\system32\TDSSmqlt.log
c:\windows\system32\TDSSncun.dll
c:\windows\system32\TDSSnmxh.log
c:\windows\system32\TDSSoiqh.log
c:\windows\system32\TDSSqqcn.dll
c:\windows\system32\TDSSsahc.dll
c:\windows\system32\TDSSwupe.dat
c:\windows\system32\TDSSyavu.dll
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_TDSSSERV.SYS
-------\Legacy_TDSSSERV.SYS

((((((((((((((((((((((((( Files Created from 2008-11-15 to 2008-12-15 )))))))))))))))))))))))))))))))
.

2008-12-12 18:12 . 2008-12-12 18:45 <DIR> d-------- c:\program files\Again
2008-12-12 17:20 . 2008-12-12 17:20 330 --a------ C:\END
2008-12-11 17:57 . 2008-12-11 17:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-11 17:36 . 2008-12-12 15:12 <DIR> d-------- c:\program files\Crunchie
2008-12-10 22:53 . 2008-10-08 16:29 28,672 --a------ c:\windows\system32\drivers\RKHit.sys
2008-12-10 21:05 . 2008-12-10 21:05 <DIR> d-------- c:\program files\Trend Micro
2008-11-28 07:16 . 2008-11-28 07:16 410,976 --a------ c:\windows\system32\deploytk.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-11 03:59 --------- d-----w c:\program files\LimeWire
2008-12-11 03:59 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-12-11 03:57 --------- d-----w c:\program files\Creative
2008-12-11 03:56 --------- d-----w c:\program files\Common Files\AOL
2008-12-11 03:55 --------- d-----w c:\program files\Common Files\Nullsoft
2008-12-11 03:54 --------- d-----w c:\program files\Common Files\Apple
2008-12-10 02:29 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2008-12-10 02:27 --------- d-----w c:\program files\Google
2008-12-05 02:40 --------- d-----w c:\documents and settings\Owner.PHIMMASONE\Application Data\Move Networks
2008-11-28 15:16 --------- d-----w c:\program files\Java
2008-11-25 07:07 --------- d-----w c:\documents and settings\LocalService\Application Data\SACore
2008-11-19 13:48 --------- d-----w c:\documents and settings\All Users\Application Data\AOL Downloads
2008-11-15 04:57 --------- d-----w c:\documents and settings\Owner.PHIMMASONE\Application Data\LimeWire
2008-11-15 02:00 --------- d-----w c:\program files\McAfee
2008-10-28 03:59 --------- d-----w c:\program files\Common Files\Logitech
2008-10-28 03:59 --------- d-----w c:\program files\Common Files\Logishrd
2008-10-28 03:58 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-19 23:58 --------- d-----w c:\documents and settings\Owner.PHIMMASONE\Application Data\Apple Computer
2008-10-19 23:55 --------- d-----w c:\program files\QuickTime
2008-10-19 03:47 --------- d-----w c:\documents and settings\Owner.PHIMMASONE\Application Data\Canon
2008-09-01 15:32 72,456 ----a-w c:\documents and settings\Owner.PHIMMASONE\Application Data\GDIPFONTCACHEV1.DAT
2008-08-06 01:21 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008080520080806\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"AbacastDistributedOnDemand:11"="c:\documents and settings\Owner.PHIMMASONE\Local Settings\Application Data\AbacastDistributedOnDemand\Node\11\AbacastDistributedOnDemand.exe" [2008-09-29 54776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY" [X]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-05 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-05 688218]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-02-25 966656]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-28 344064]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-08-04 582992]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-04-03 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"MBkLogOnHook"="c:\program files\McAfee\MBK\LogOnHook.exe" [2007-01-08 20480]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]

c:\documents and settings\Owner.PHIMMASONE\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [2006-02-23 256000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
BigFix.lnk - c:\program files\BigFix\BigFix.exe [2006-01-05 1742384]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-01-01 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-10-27 805392]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\McAfee\SiteAdvisor\McSACore.exe" [2008-09-25 203280]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\DRIVERS\HSFHWATI.sys [2006-01-05 200576]
S2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" []
S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\DRIVERS\el575nd5.sys [2005-11-22 69692]
S3 RkHit;RkHit;\??\c:\windows\system32\drivers\RKHit.sys [2008-12-10 28672]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a29a0265-b0c0-11da-bdfa-00038a000015}]
\Shell\AutoRun\command - rundll32.exe url.dll,FileProtocolHandler LapNetWizard.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b6646b0c-cd31-11db-be4b-00038a000015}]
\Shell\AutoRun\command - F:\Installer.exe
.
Contents of the 'Scheduled Tasks' folder

2006-02-06 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2008-04-13 16:12]

2006-02-06 c:\windows\Tasks\ISP signup reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2008-04-13 16:12]

2006-02-06 c:\windows\Tasks\ISP signup reminder 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2008-04-13 16:12]

2008-10-15 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]

2008-12-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

c:\windows\Downloaded Program Files\PogoWebLauncher.ocx - O16 -: {3107C2A8-9F0B-4404-A58B-21BD85268FBC}
hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB

c:\windows\Downloaded Program Files\EconPlayer.ocx - O16 -: {EEC9DBCC-04AD-4A1B-BEA7-C6DAD9515D5A}
hxxp://asp.mathxl.com/books/_Players/EconPlayer.cab
FireFox -: Profile - c:\documents and settings\Owner.PHIMMASONE\Application Data\Mozilla\Firefox\Profiles\7o7ayljo.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.msn.com/
FF -: plugin - c:\documents and settings\Owner.PHIMMASONE\Application Data\Mozilla\plugins\npAbacast.dll
FF -: plugin - c:\documents and settings\Owner.PHIMMASONE\Application Data\Mozilla\plugins\NPAbacheck.dll
FF -: plugin - c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\nppopcaploader.dll
FF -: plugin - c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-15 11:50:42
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(700)
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(1968)
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\windows\system32\ati2evxx.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\program files\Common Files\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\program files\McAfee\MSK\msksrver.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\WLTRAY.EXE
c:\windows\ehome\ehmsas.exe
c:\progra~1\BigFix\BigFix.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\progra~1\McAfee\MSC\mcuimgr.exe
c:\windows\system32\verclsid.exe
.
**************************************************************************
.
Completion time: 2008-12-15 11:56:01 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-15 19:54:39

Pre-Run: 56,171,859,968 bytes free
Post-Run: 57,113,497,600 bytes free

208 --- E O F --- 2008-12-12 23:39:37

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:59:01 AM, on 12/15/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\WINDOWS\explorer.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AbacastDistributedOnDemand:11] C:\Documents and Settings\Owner.PHIMMASONE\Local Settings\Application Data\AbacastDistributedOnDemand\Node\11\AbacastDistributedOnDemand.exe -r:11 -x:1
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
O16 - DPF: {EEC9DBCC-04AD-4A1B-BEA7-C6DAD9515D5A} (Pearson MyEconLab Player Control) - http://asp.mathxl.com/books/_Players/EconPlayer.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 8549 bytes

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 5 · 2008-12-16T06:13:06+00:00

I need you to do something before you do anything else, so please wait until my next reply.

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 6 · 2008-12-16T06:32:48+00:00

My previous directions for running combofix included you having to disable all your security programs. You left your AV running.
Please disable all security programs before doing the next step. (Obviously disconnect from the net first).

1. Please open Notepad

Click Start , then Run
Type notepad.exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

File::
c:\windows\system32\TDSSSERV.SYS
Driver::
TDSSSERV

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Save the above as CFScript.txt

4. Physically disconnect from the internet.

5. Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.

6. Then drag the CFScript.txt into ComboFix.exe. This will start ComboFix again.

7. After reboot, (in case it asks to reboot), please post the following reports/logs into your next replyafter you re-enable all the programs that were disabled during the running of ComboFix:

Combofix.txt
A new HijackThis log.

Please take note:

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

myhangel 0 Newbie Poster · Answer 7 · 2008-12-17T09:04:34+00:00

I tried to stop all programs I could. Some were hard to figure out how to stop from automatically running. I hope I was able to do what you asked. Here is the new logs:

ComboFix 08-12-15.04 - Owner 2008-12-16 18:41:02.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.575 [GMT -8:00]
Running from: c:\documents and settings\Owner.PHIMMASONE\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Owner.PHIMMASONE\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
c:\windows\system32\TDSSSERV.SYS
.

((((((((((((((((((((((((( Files Created from 2008-11-17 to 2008-12-17 )))))))))))))))))))))))))))))))
.

2008-12-15 14:52 . 2008-12-15 14:52 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-15 14:52 . 2008-12-15 14:52 <DIR> d-------- c:\documents and settings\Owner.PHIMMASONE\Application Data\Malwarebytes
2008-12-15 14:52 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-15 14:52 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-12 18:12 . 2008-12-12 18:45 <DIR> d-------- c:\program files\Again
2008-12-11 17:57 . 2008-12-11 17:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-11 17:36 . 2008-12-12 15:12 <DIR> d-------- c:\program files\Crunchie
2008-12-10 22:53 . 2008-10-08 16:29 28,672 --a------ c:\windows\system32\drivers\RKHit.sys
2008-12-10 21:05 . 2008-12-10 21:05 <DIR> d-------- c:\program files\Trend Micro
2008-11-28 07:16 . 2008-11-28 07:16 410,976 --a------ c:\windows\system32\deploytk.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-17 01:54 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-12-15 22:58 --------- d-----w c:\program files\McAfee
2008-12-11 03:59 --------- d-----w c:\program files\LimeWire
2008-12-11 03:57 --------- d-----w c:\program files\Creative
2008-12-11 03:56 --------- d-----w c:\program files\Common Files\AOL
2008-12-11 03:55 --------- d-----w c:\program files\Common Files\Nullsoft
2008-12-11 03:54 --------- d-----w c:\program files\Common Files\Apple
2008-12-10 02:29 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2008-12-10 02:27 --------- d-----w c:\program files\Google
2008-12-05 02:40 --------- d-----w c:\documents and settings\Owner.PHIMMASONE\Application Data\Move Networks
2008-11-28 15:16 --------- d-----w c:\program files\Java
2008-11-25 07:07 --------- d-----w c:\documents and settings\LocalService\Application Data\SACore
2008-11-19 13:48 --------- d-----w c:\documents and settings\All Users\Application Data\AOL Downloads
2008-11-15 04:57 --------- d-----w c:\documents and settings\Owner.PHIMMASONE\Application Data\LimeWire
2008-10-28 03:59 --------- d-----w c:\program files\Common Files\Logitech
2008-10-28 03:59 --------- d-----w c:\program files\Common Files\Logishrd
2008-10-28 03:58 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-19 23:58 --------- d-----w c:\documents and settings\Owner.PHIMMASONE\Application Data\Apple Computer
2008-10-19 23:55 --------- d-----w c:\program files\QuickTime
2008-10-19 03:47 --------- d-----w c:\documents and settings\Owner.PHIMMASONE\Application Data\Canon
2008-09-01 15:32 72,456 ----a-w c:\documents and settings\Owner.PHIMMASONE\Application Data\GDIPFONTCACHEV1.DAT
2008-08-06 01:21 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008080520080806\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-12-15_11.53.53.06 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-15 19:25:34 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-12-17 01:50:42 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-12-15 19:25:34 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-12-17 01:50:42 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-12-17 02:44:42 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_76c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"AbacastDistributedOnDemand:11"="c:\documents and settings\Owner.PHIMMASONE\Local Settings\Application Data\AbacastDistributedOnDemand\Node\11\AbacastDistributedOnDemand.exe" [2008-09-29 54776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY" [X]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-05 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-05 688218]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-02-25 966656]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-28 344064]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-08-04 582992]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-04-03 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"MBkLogOnHook"="c:\program files\McAfee\MBK\LogOnHook.exe" [2007-01-08 20480]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2008-12-03 399504]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]