Solved Problem with Mal/Emogen-M

Create a new profile for her first. Then you can copy docs, pictures, etc from her old account to the new one prior to deleting the account. If she uses Outlook Express, you will need to get her address book, emails and email account settings too. When the profile is deleted, you will be offered to save the files. Not a bad idea to do just in case something is missed, provided you aren't limited on hard drive space.

Let me know if you need specifics for doing any of the above.

 

I dont think I need to save anything of hers, I have all of the pictures on my external HDD. Will deleting her profile be a fix thought or will the infection still be present?

 

I'm not convinced at this point that there is actually an infection present. As I pointed out, the SpySweeper detection is behavior based, which tells us only that something is 'behaving' like the named infection. It may well be a legitimate file or process and a false positive identification. Since SpySweeper does not give us a filename, location or process name, tracking it down may well be a challenge. Are there any scan logs that may reveal something?

 

Ok, I deleted moms account and made a new one. I havent tried it out yet. Do you want a dss and a hijack this of dads account now?

Also, I havent scanned for several days because I didnt want to contradict what you were having me do.

Edit: hers is better now, I can actually drag things to the recycle bin, and she has a wallpaper.

 

Yes, post a dss log from Dad's.

 

heres the deckards from dads account. Sorry it took so long, its been a busy weekend.

Deckard's System Scanner v20071014.68
Run by Robert Reilly on 2007-12-17 13:07:37
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 1.11 GiB (less than 15%) free.


-- HijackThis (run as Robert Reilly.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:07:48 PM, on 12/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
C:\Program Files\Sony\giga pocket\GPVSvr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\htpatch.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\ctfmon.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\AOL\1162598441\ee\aolsoftware.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Documents and Settings\Robert Reilly\Desktop\dss.exe
C:\DOCUME~1\JEANIN~1\Desktop\Robert Reilly.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/comcast.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe "
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe "
O4 - HKLM\..\Run: [IPHSend] "C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe "
O4 - HKLM\..\Run: [HP Software Update] "D:\Program Files\HP\HP Software Update\HPWuSchd2.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe "
O4 - HKCU\..\Run: [AIM] "C:\Program Files\AIM\aim.exe" -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - ?p=ZB
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\PACSPT~1.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server (Application) (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (Application) (VAIOMediaPlatform-PhotoServer-AppServer) - Unknown owner - C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (Application) (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\giga pocket\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 10988 bytes

-- Files created between 2007-11-17 and 2007-12-17 -----------------------------

2007-12-15 21:53:34 0 d-------- C:\Documents and Settings\Jeanine Reilly.PATHAILEY\Application Data\Mozilla
2007-12-15 21:53:07 0 d-------- C:\Documents and Settings\Jeanine Reilly.PATHAILEY\Application Data\Webroot
2007-12-15 21:51:42 0 d-------- C:\Documents and Settings\Jeanine Reilly.PATHAILEY\Application Data\Identities
2007-12-15 21:51:42 0 d-------- C:\Documents and Settings\Jeanine Reilly.PATHAILEY\Application Data\Adobe
2007-12-15 21:51:41 0 d-------- C:\Documents and Settings\Jeanine Reilly.PATHAILEY\WINDOWS
2007-12-15 21:51:41 0 d--h----- C:\Documents and Settings\Jeanine Reilly.PATHAILEY\Templates
2007-12-15 21:51:41 0 dr------- C:\Documents and Settings\Jeanine Reilly.PATHAILEY\Start Menu
2007-12-15 21:51:41 0 dr-h----- C:\Documents and Settings\Jeanine Reilly.PATHAILEY\SendTo
2007-12-15 21:51:41 0 dr-h----- C:\Documents and Settings\Jeanine Reilly.PATHAILEY\Recent
2007-12-15 21:51:41 0 d--h----- C:\Documents and Settings\Jeanine Reilly.PATHAILEY\PrintHood
2007-12-15 21:51:41 1572864 --ah----- C:\Documents and Settings\Jeanine Reilly.PATHAILEY\NTUSER.DAT
2007-12-15 21:51:41 0 d--h----- C:\Documents and Settings\Jeanine Reilly.PATHAILEY\NetHood
2007-12-15 21:51:41 0 dr------- C:\Documents and Settings\Jeanine Reilly.PATHAILEY\My Documents
2007-12-15 21:51:41 0 d--h----- C:\Documents and Settings\Jeanine Reilly.PATHAILEY\Local Settings
2007-12-15 21:51:41 0 dr------- C:\Documents and Settings\Jeanine Reilly.PATHAILEY\Favorites
2007-12-15 21:51:41 0 d-------- C:\Documents and Settings\Jeanine Reilly.PATHAILEY\Desktop
2007-12-15 21:51:41 0 d--hs---- C:\Documents and Settings\Jeanine Reilly.PATHAILEY\Cookies
2007-12-15 21:51:41 0 dr-h----- C:\Documents and Settings\Jeanine Reilly.PATHAILEY\Application Data
2007-12-15 21:51:41 0 d-------- C:\Documents and Settings\Jeanine Reilly.PATHAILEY\Application Data\VERITAS
2007-12-15 21:51:41 0 d-------- C:\Documents and Settings\Jeanine Reilly.PATHAILEY\Application Data\Sony Corporation
2007-12-15 21:51:41 0 d-------- C:\Documents and Settings\Jeanine Reilly.PATHAILEY\Application Data\Real
2007-12-15 21:51:41 0 d-------- C:\Documents and Settings\Jeanine Reilly.PATHAILEY\Application Data\MSN6
2007-12-15 21:51:41 0 d---s---- C:\Documents and Settings\Jeanine Reilly.PATHAILEY\Application Data\Microsoft
2007-12-15 21:51:41 0 d-------- C:\Documents and Settings\Jeanine Reilly.PATHAILEY\Application Data\InterTrust
2007-12-04 16:07:54 0 dr-h----- C:\Documents and Settings\Patrick Reilly\Recent
2007-12-03 15:36:33 0 d-------- C:\Documents and Settings\Patrick Reilly\Application Data\Walgreens
2007-12-01 23:20:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-01 23:19:59 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-12-01 11:28:07 0 d-------- C:\Documents and Settings\Jeanine Reilly\Application Data\Webroot
2007-11-29 16:11:17 0 d-------- C:\Documents and Settings\Robert Reilly\Application Data\Webroot
2007-11-29 14:11:01 0 d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2007-11-29 14:10:47 0 d-------- C:\Program Files\Webroot
2007-11-29 14:10:47 0 d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2007-11-29 14:06:21 0 d-------- C:\Documents and Settings\Patrick Reilly\Application Data\Webroot


-- Find3M Report ---------------------------------------------------------------

2007-12-04 16:51:39 0 d-------- C:\Program Files\Microsoft Money
2007-11-21 16:08:04 0 d-------- C:\Program Files\McAfee
2007-11-11 17:44:58 0 d-------- C:\Program Files\McAfee.com
2007-11-11 17:42:06 0 d-------- C:\Program Files\Common Files\McAfee
2007-11-11 17:38:43 0 d-------- C:\Program Files\Common Files
2007-10-29 21:19:56 0 d-------- C:\Program Files\AIM6
2007-10-28 13:10:34 0 --a----c- C:\WINDOWS\system32\ISHARE


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HTpatch "= "C:\WINDOWS\htpatch.exe" [10/30/2002 07:40 PM]
"NvCplDaemon "= "RUNDLL32.exe" [08/04/2004 01:56 AM C:\WINDOWS\system32\rundll32.exe]
"AGRSMMSG "= "AGRSMMSG.exe" [10/18/2002 01:07 PM C:\WINDOWS\AGRSMMSG.exe]
"CTHelper "= "CTHELPER.EXE" [11/08/2002 12:46 PM C:\WINDOWS\system32\cthelper.exe]
"ezShieldProtector for Px "= "C:\WINDOWS\System32\ezSP_Px.exe" [08/20/2002 12:29 PM]
"StorageGuard "= "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" [06/18/2002 02:01 AM]
"IntelliPoint "= "C:\Program Files\Microsoft IntelliPoint\point32.exe" [03/23/2005 05:26 PM]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 12:11 AM]
"IPHSend "= "C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [02/17/2006 10:59 AM]
"HP Software Update "= "D:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [02/12/2004 01:38 PM]
"QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [02/16/2007 09:54 AM]
"SpySweeper "= "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [10/01/2007 04:40 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MoneyAgent "= "C:\Program Files\Microsoft Money\System\mnyexpr.exe" []
"AIM "= "C:\Program Files\AIM\aim.exe" [08/05/2005 03:08 PM]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 01:56 AM]
"Aim6 "=" " []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AOL Fast Start "= "C:\Program Files\America Online 9.0a\AOL.EXE" -b

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [1/30/2003 1:31:15 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= D:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
D:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 12:41 PM 294912 D:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=" "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@= "Volume shadow copy "




-- End of Deckard's System Scanner: finished at 2007-12-17 13:08:27 ------------

 

Don't see anything out of the ordinary there either. Did you notice something trying to install upon logon to Dad's account, as he suggested? Run ATF cleaner on Dad's to clean out the Current User temps then reboot.

Lets see if another scanner reveals anything, from whatever account you were logged onto when SpySweeper made the infection identification.

Please download System Repair Engineer by Smallfrogs and save it to the desktop.

1. Extract it to it's own folder & double click SREng.exe to run it
2. Select 'Smart Scan' & tick "Verify Digital Signatures"
3. Click on the [Scan] button
4. When finished, click on the [Save Reports] button & save the log to Desktop
5. Post the contents of that log here

 

There was something trying to install on his account, but it was something that we didnt use so I just removed it all together from the system. I will do that scan tomorrow when I get home from work.

 

here it is from my account, I need to do 2 posts its too long

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Home Edition Service Pack 2 (Build 2600) - Administrative User - Completed Functions Allowed

Follow item(s) have been choosed:
All Boot Items (Including Registry, Startup Folders, Services and so on)
Browser Add-ons
Runing Processes (Including process model information)
File Associations
Winsock Provider
Autorun.Inf
HOSTS File
Process Privileges Scan


Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
<Aim6>< "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp> [(Verified)AOL LLC]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<HTpatch><C:\WINDOWS\htpatch.exe> []
<NvCplDaemon>< "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<AGRSMMSG><AGRSMMSG.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<CTHelper><CTHELPER.EXE> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<ezShieldProtector for Px><C:\WINDOWS\System32\ezSP_Px.exe> [Easy Systems Japan Ltd.]
<StorageGuard>< "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r> [VERITAS Software, Inc.]
<IntelliPoint>< "C:\Program Files\Microsoft IntelliPoint\point32.exe "> [Microsoft Corporation]
<SunJavaUpdateSched>< "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe "> [(Verified) "Sun Microsystems, Inc."]
<IPHSend>< "C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe "> [(Verified) "Americ]
<HP Software Update>< "D:\Program Files\HP\HP Software Update\HPWuSchd2.exe "> [Hewlett-Packard Company]
<QuickTime Task>< "C:\Program Files\QuickTime\qttask.exe" -atboottime> [Apple Computer, Inc.]
<SpySweeper><C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray> [(Verified) "Webroot Software, Inc."]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}><D:\Program Files\SUPERAntiSpyware\SASSEH.DLL> [SuperAdBlocker.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
<WinlogonNotify: !SASWinLogon><D:\Program Files\SUPERAntiSpyware\SASWINLO.dll> [SUPERAntiSpyware.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
<WinlogonNotify: WgaLogon><WgaLogon.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]
<WinlogonNotify: WRNotifier><WRLogonNTF.dll> [(Verified) "Webroot Software, Inc."]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
<IE7 Uninstall Stub><C:\WINDOWS\system32\ieudinit.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6>< "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<Address Book 6>< "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
<N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8b15971b-5355-4c82-8c07-7e181ea07608}]
<Fax><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser> [(Verified)Microsoft Windows Publisher]

==================================
Startup Folders
[Adobe Gamma Loader]
<C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk --> C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [Adobe Systems, Inc.]><N>

==================================
Services
[Application Management / AppMgmt][Stopped/Manual Start]
<C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[ASP.NET State Service / aspnet_state][Stopped/Manual Start]
<C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[McAfee E-mail Proxy / Emproxy][Stopped/Manual Start]
<C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe><McAfee, Inc.>
[EPSON Printer Status Agent2 / EPSONStatusAgent2][Running/Auto Start]
<C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe><SEIKO EPSON CORPORATION>
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
< "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe "><Macrovision Corporation>
[iPod Service / iPod Service][Stopped/Manual Start]
< "C:\Program Files\iPod\bin\iPodService.exe "><N/A>
[McAfee HackerWatch Service / McAfee HackerWatch Service][Running/Auto Start]
< "C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe "><McAfee, Inc.>
[McAfee Update Manager / mcmispupdmgr][Stopped/Manual Start]
<C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe><McAfee, Inc.>
[McAfee Services / mcmscsvc][Running/Auto Start]
<C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe><McAfee, Inc.>
[McAfee Network Agent / McNASvc][Running/Auto Start]
< "c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe "><McAfee, Inc.>
[McAfee Scanner / McODS][Running/Auto Start]
<C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe><McAfee, Inc.>
[McAfee Protection Manager / mcpromgr][Running/Auto Start]
<C:\PROGRA~1\McAfee\MSC\mcpromgr.exe><McAfee, Inc.>
[McAfee Proxy Service / McProxy][Running/Auto Start]
<c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe><McAfee, Inc.>
[McAfee Redirector Service / McRedirector][Running/Auto Start]
<c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe><McAfee, Inc.>
[McAfee Real-time Scanner / McShield][Running/Auto Start]
<C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe><McAfee, Inc.>
[McAfee SystemGuards / McSysmon][Running/Auto Start]
<C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe><McAfee, Inc.>
[McAfee Personal Firewall Service / MpfService][Running/Auto Start]
< "C:\Program Files\McAfee\MPF\MPFSrv.exe "><McAfee, Inc.>
[McAfee Privacy Service / MPS9][Running/Auto Start]
<C:\PROGRA~1\McAfee\MPS\mps.exe><McAfee, Inc.>
[NVIDIA Driver Helper Service / NVSvc][Running/Auto Start]
<C:\WINDOWS\System32\nvsvc32.exe><NVIDIA Corporation>
[PACSPTISVR / PACSPTISVR][Stopped/Manual Start]
<C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\PACSPT~1.EXE><Sony Corporation>
[Pml Driver HPZ12 / Pml Driver HPZ12][Stopped/Manual Start]
<C:\WINDOWS\system32\HPZipm12.exe><HP>
[Sony SPTI Service / SPTISRV][Stopped/Manual Start]
<C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe><Sony Corporation>
[VAIO Media Music Server (Application) / VAIOMediaPlatform-MusicServer-AppServer][Stopped/Auto Start]
< "C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName= "VAIO Media Music Server (Application) "><Sony Corporation>
[VAIO Media Music Server (HTTP) / VAIOMediaPlatform-MusicServer-HTTP][Stopped/Auto Start]
< "C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot= "Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt= "Applications\MusicServer\HTTP "><Sony Corporation>
[VAIO Media Music Server (UPnP) / VAIOMediaPlatform-MusicServer-UPnP][Stopped/Auto Start]
<C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe><Sony Corporation>
[VAIO Media Photo Server (Application) / VAIOMediaPlatform-PhotoServer-AppServer][Running/Auto Start]
<C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe><>
[VAIO Media Photo Server (HTTP) / VAIOMediaPlatform-PhotoServer-HTTP][Running/Auto Start]
< "C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot= "Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt= "\Applications\PhotoServer\HTTP "><Sony Corporation>
[VAIO Media Photo Server (UPnP) / VAIOMediaPlatform-PhotoServer-UPnP][Running/Auto Start]
<C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe><Sony Corporation>
[VAIO Media Video Server (Application) / VAIOMediaPlatform-VideoServer-AppServer][Running/Auto Start]
< "C:\Program Files\Sony\giga pocket\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName= "VAIO Media Video Server (Application) "><Sony Corporation>
[VAIO Media Video Server (HTTP) / VAIOMediaPlatform-VideoServer-HTTP][Running/Auto Start]
< "C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot= "SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt= "\Applications\VideoServer\HTTP "><Sony Corporation>
[VAIO Media Video Server (UPnP) / VAIOMediaPlatform-VideoServer-UPnP][Running/Auto Start]
<C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe><Sony Corporation>
[Viewpoint Manager Service / Viewpoint Manager Service][Stopped/Disabled]
< "C:\Program Files\Viewpoint\Common\ViewpointService.exe "><Viewpoint Corporation>
[Webroot Spy Sweeper Engine / WebrootSpySweeperService][Running/Auto Start]
< "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe "><Webroot Software, Inc.>

==================================
Drivers
[Agere Systems Soft Modem / AgereSoftModem][Running/Manual Start]
<System32\DRIVERS\AGRSM.sys><Agere Systems>
[Creative AC3 Software Decoder / ctac32k][Stopped/Manual Start]
<system32\drivers\ctac32k.sys><Creative Technology Ltd>
[Creative Audio Driver (WDM) / ctaud2k][Stopped/Manual Start]
<system32\drivers\ctaud2k.sys><Creative Technology Ltd>
[Creative Proxy Driver / ctprxy2k][Stopped/Manual Start]
<system32\drivers\ctprxy2k.sys><Creative Technology Ltd>
[Creative SoundFont Management Device Driver / ctsfm2k][Stopped/Manual Start]
<system32\drivers\ctsfm2k.sys><Creative Technology Ltd>
[Dual-Mode DSC(2770) / DCamUSBSQTECH][Stopped/Manual Start]
<System32\Drivers\SQcaptur.sys><Service & Quality Technology.>
[Sony DMI Call service / DMICall][Running/System Start]
<System32\DRIVERS\DMICall.sys><Sony Corporation>
[E-mu Plug-in Architecture Driver / emupia][Stopped/Manual Start]
<system32\drivers\emupia2k.sys><Creative Technology Ltd>
[Creative Hardware Abstract Layer Driver / ha10kx2k][Stopped/Manual Start]
<system32\drivers\ha10kx2k.sys><Creative Technology Ltd>
[IEEE-1284.4 Driver HPZid412 / HPZid412][Stopped/Manual Start]
<system32\DRIVERS\HPZid412.sys><HP>
[Print Class Driver for IEEE-1284.4 HPZipr12 / HPZipr12][Stopped/Manual Start]
<system32\DRIVERS\HPZipr12.sys><HP>
[USB to IEEE-1284.4 Translation Driver HPZius12 / HPZius12][Stopped/Manual Start]
<system32\DRIVERS\HPZius12.sys><HP>
[McAfee Inc. / mfeavfk][Running/Manual Start]
<system32\drivers\mfeavfk.sys><McAfee, Inc.>
[McAfee Inc. / mfebopk][Running/Manual Start]
<system32\drivers\mfebopk.sys><McAfee, Inc.>
[McAfee Inc. / mfehidk][Running/Manual Start]
<system32\drivers\mfehidk.sys><McAfee, Inc.>
[McAfee Inc. / mferkdk][Stopped/Manual Start]
<system32\drivers\mferkdk.sys><McAfee, Inc.>
[McAfee Inc. / mfesmfk][Running/Manual Start]
<system32\drivers\mfesmfk.sys><McAfee, Inc.>
[MHAATGRX / MHAATGRX][Stopped/Auto Start]
<\??\C:\WINDOWS\system32\mhaatgrx.kau><N/A>
[MPFP / MPFP][Running/System Start]
<System32\Drivers\Mpfp.sys><McAfee, Inc.>
[nv / nv][Running/Manual Start]
<System32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Creative OS Services Driver / ossrv][Stopped/Manual Start]
<system32\drivers\ctoss2k.sys><Creative Technology Ltd.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\PxHelp20.sys><VERITAS Software, Inc.>
[Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver / rtl8139][Running/Manual Start]
<System32\DRIVERS\R8139n51.SYS><Realtek Semiconductor Corporation>
[SASDIFSV / SASDIFSV][Running/System Start]
<\??\D:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS><>
[SASENUM / SASENUM][Stopped/Manual Start]
<\??\D:\Program Files\SUPERAntiSpyware\SASENUM.SYS><SuperAdBlocker, Inc.>
[SASKUTIL / SASKUTIL][Running/System Start]
<\??\D:\Program Files\SUPERAntiSpyware\SASKUTIL.sys><>
[Secdrv / Secdrv][Running/Auto Start]
<System32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[SiS315 / SiS315][Stopped/Manual Start]
<System32\DRIVERS\sisgrp.sys><Silicon Integrated Systems Corporation>
[SiS AGP Filter / sisagp][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\SISAGPX.sys><Silicon Integrated Systems Corporation>
[SiSkp / SiSkp][Running/System Start]
<system32\drivers\srvkp.sys><N/A>
[SOMA Service / soma][Running/Manual Start]
<System32\DRIVERS\soma.sys><Sony Corporation>
[Sony Digital Imaging Video2 / sonypvs1][Stopped/Manual Start]
<System32\DRIVERS\sonypvs1.sys><Sony Corporation>
[Sony USB Filter Driver (SONYPVU1) / SONYPVU1][Stopped/Manual Start]
<System32\DRIVERS\SONYPVU1.SYS><Sony Corporation>
[Sony Memory Stick controller(WB) / SONYWBMS][Running/Manual Start]
<System32\DRIVERS\SonyWBMS.SYS><Sony Corporation>
[sptd / sptd][Running/Boot Start]
<\SystemRoot\System32\Drivers\sptd.sys><N/A>
[Spy Sweeper File System Filer Driver: 0BB9 / SSFS0BB9][Running/Boot Start]
<\SystemRoot\SYSTEM32\Drivers\SSFS0BB9.SYS><Webroot Software Inc (www.webroot.com)>
[Spy Sweeper Hookrack MiniDriver / SSHRMD][Running/Boot Start]
<\SystemRoot\SYSTEM32\Drivers\SSHRMD.SYS><Webroot Software Inc (www.webroot.com)>
[Spy Sweeper Interdiction Driver / SSIDRV][Running/Boot Start]
<\SystemRoot\SYSTEM32\Drivers\SSIDRV.SYS><Webroot Software Inc (www.webroot.com)>
[Webroot Spy Sweeper Keylogger Shield Keyboard Filter / SSKBFD][Running/Manual Start]
<System32\Drivers\sskbfd.sys><Webroot Software Inc (www.webroot.com)>
[tmcomm / tmcomm][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\tmcomm.sys><Trend Micro Inc.>
[WAN Miniport (ATW) / wanatw][Running/Manual Start]
<System32\DRIVERS\wanatw4.sys><America Online, Inc.>
[YAMAHA AC-XG Audio Device / WDM_YAMAHAAC97][Running/Manual Start]
<system32\drivers\yacxgc.sys><YAMAHA CORPORATION>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
<System32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>

==================================
Browser Add-ons
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx, >
[SSVHelper Class]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[scriptproxy]
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} <c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll, McAfee, Inc.>
[Java Plug-in 1.6.0_03]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[ComcastHSI]
{669B269B-0D4E-41FB-A3D8-FD67CA94F646} <http://www.comcast.net/, N/A>
[Support]
{8828075D-D097-4055-AA02-2DBFA9D85E8A} <http://www.comcastsupport.com/, N/A>
[Help]
{97809617-3937-4F84-B335-9BB05EF1A8D4} <http://online.comcast.net/help/, N/A>
[AIM]
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} <C:\Program Files\AIM\aim.exe, America Online, Inc.>
[]
{e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, N/A>
[CKAVWebScan Object]
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} <C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll, Kaspersky Lab>
[Shockwave ActiveX Control]
{166B1BCA-3F9C-11CF-8075-444553540000} <C:\WINDOWS\system32\macromed\Director\SwDir.dll, Adobe Systems, Inc.>
[McAfee.com Operating System Class]
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} <C:\WINDOWS\system32\mcinsctl.dll, McAfee, Inc>
[Java Plug-in 1.6.0_03]
{8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[DwnldGroupMgr Class]
{BCC0FF27-31D9-4614-A68E-C18E1ADA4389} <C:\WINDOWS\system32\McGDMgr.dll, McAfee, Inc>
[Java Plug-in 1.3.1_04]
{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.5.0_06]
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.5.0_09]
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.5.0_10]
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.5.0_11]
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_01]
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_02]
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_03]
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_03]
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll, Sun Microsystems, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx, Adobe Systems, Inc.>
[Microsoft Outlook 8.0 Object Library]
{0006F033-0000-0000-C000-000000000046} <, N/A>
[Microsoft Outlook]
{0006F03A-0000-0000-C000-000000000046} <, N/A>
[QuickTime Object]
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} <C:\Program Files\QuickTime\QTPlugin.ocx, Apple Computer, Inc.>
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx, >
[Web Browser Applet Control]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\WINDOWS\System32\msjava.dll, Microsoft Corporation>
[CKAVWebScan Object]
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} <C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll, Kaspersky Lab>
[PeerDraw Class]
{10072CEC-8CC1-11D1-986E-00A0C955B42E} <%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll, N/A>
[Shockwave ActiveX Control]
{166B1BCA-3F9C-11CF-8075-444553540000} <C:\WINDOWS\system32\macromed\Director\SwDir.dll, Adobe Systems, Inc.>
[XML DOM Document]
{2933BF90-7B36-11D2-B20E-00C04F983E60} <%SystemRoot%\system32\msxml3.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[XML Document]
{48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\system32\msxml3.dll, N/A>
[Shell Name Space]
{55136805-B2DE-11D1-B9F2-00A0C98BC547} <C:\WINDOWS\system32\ieframe.dll, Microsoft Corporation>
[CKAVReportCtrl Object]
{6117669B-8C2D-41FA-A6D9-9E484B999CF0} <C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll, Kaspersky Lab>
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[Active Desktop Mover]
{72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
[SSVHelper Class]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[scriptproxy]
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} <c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll, McAfee, Inc.>
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx, Adobe Systems, Inc.>
[XML HTTP Request]
{ED8C108E-4349-11D2-91A4-00C04F7969E8} <%SystemRoot%\system32\msxml3.dll, N/A>
[&AOL Toolbar search]
<res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML, N/A>
[&Search]
<?p=ZB, N/A>
[E&xport to Microsoft Excel]
<res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000, N/A>

 

==================================
Running Processes
[PID: 516 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 580 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 604 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\Program Files\SUPERAntiSpyware\SASWINLO.dll] [SUPERAntiSpyware.com, 1, 0, 0, 1046]
[C:\WINDOWS\system32\WRLogonNTF.dll] [Webroot Software, Inc., 3,5,6,91]
[PID: 652 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 664 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 812 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 868 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 936 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 988 / NETWORK SERVICE][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1084 / LOCAL SERVICE][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1260 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[C:\WINDOWS\system32\EBPMON2.DLL] [SEIKO EPSON CORPORATION, 2, 23, 0, 0]
[C:\WINDOWS\system32\hpzlnt10.dll] [HP, 2.323.0.0]
[PID: 1388 / SYSTEM][C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe] [SEIKO EPSON CORPORATION, 2, 2, 0, 0]
[C:\WINDOWS\system32\EBAPI2.DLL] [SEIKO EPSON CORPORATION, 1, 4, 0, 0]
[C:\Program Files\Common Files\EPSON\EBAPI\EBPLPT.DLL] [SEIKO EPSON CORPORATION, 2, 18, 0, 0]
[PID: 1428 / SYSTEM][C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe] [McAfee, Inc., 8.3.105.0]
[c:\PROGRA~1\COMMON~1\mcafee\core\mccoreps.dll] [McAfee, Inc., 2,2,103,0]
[c:\PROGRA~1\COMMON~1\mcafee\HACKER~1\hwapips.dll] [McAfee, Inc., 8.3.105.0]
[PID: 1460 / SYSTEM][C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe] [McAfee, Inc., 7,2,142,0]
[C:\PROGRA~1\McAfee\MSC\McRes.dll] [McAfee, Inc., 7,2,142,0]
[C:\PROGRA~1\McAfee\MSC\McLocRes.dll] [McAfee, Inc., 7,2,142,0]
[C:\Program Files\McAfee\MSC\oem\108\Mccobres.dll] [McAfee, Inc., 7,2,142,0]
[C:\PROGRA~1\McAfee\MSC\Mccobres.dll] [McAfee, Inc., 7,2,142,0]
[C:\PROGRA~1\COMMON~1\McAfee\MSC\sqlite3.dll] [McAfee, Inc., 7,2,112,0]
[c:\PROGRA~1\COMMON~1\mcafee\core\mccoreps.dll] [McAfee, Inc., 2,2,103,0]
[c:\PROGRA~1\mcafee\msc\mcshllps.dll] [McAfee, Inc., 7,2,142,0]
[c:\PROGRA~1\mcafee\msc\mcmispps.dll] [McAfee, Inc., 7,2,142,0]
[c:\PROGRA~1\mcafee\msc\mcdbmgr.dll] [McAfee, Inc., 7,2,142,0]
[PID: 1500 / SYSTEM][c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe] [McAfee, Inc., 1,2,108,0]
[C:\PROGRA~1\COMMON~1\McAfee\MSC\McUtil.dll] [McAfee, Inc., 7,2,112,0]
[c:\PROGRA~1\mcafee\msc\mcnmcsrv.dll] [McAfee, Inc., 1,2,108,0]
[c:\PROGRA~1\COMMON~1\mcafee\core\mccoreps.dll] [McAfee, Inc., 2,2,103,0]
[c:\PROGRA~1\mcafee\msc\mcshllps.dll] [McAfee, Inc., 7,2,142,0]
[c:\PROGRA~1\COMMON~1\mcafee\mna\MCNASV~1.DLL] [McAfee, Inc., 1,2,108,0]
[c:\PROGRA~1\mcafee\msc\mcnmcsps.dll] [McAfee, Inc., 1,2,108,0]
[C:\WINDOWS\system32\msxml4.dll] [Microsoft Corporation, 4.20.9848.0]
[c:\PROGRA~1\mcafee\msc\mcregobj\7_2_14~1\mcregobj.dll] [McAfee, Inc., 7,2,142,0]
[c:\PROGRA~1\mcafee\msc\mcmismgr.dll] [McAfee, Inc., 7,2,142,0]
[C:\PROGRA~1\McAfee\MSC\McRes.dll] [McAfee, Inc., 7,2,142,0]
[C:\PROGRA~1\McAfee\MSC\McLocRes.dll] [McAfee, Inc., 7,2,142,0]
[C:\Program Files\McAfee\MSC\oem\108\Mccobres.dll] [McAfee, Inc., 7,2,142,0]
[C:\PROGRA~1\McAfee\MSC\Mccobres.dll] [McAfee, Inc., 7,2,142,0]
[c:\PROGRA~1\mcafee\msc\mcsubmgr\7_2_14~1\mcsubmgr.dll] [McAfee, Inc., 7,2,147,0]
[c:\PROGRA~1\COMMON~1\mcafee\mna\mcuj.dll] [McAfee, Inc., 1,2,108,0]
[C:\PROGRA~1\McAfee\MSC\McNmcRes.dll] [McAfee, Inc., 1,2,108,0]
[C:\PROGRA~1\McAfee\MSC\McNmcLoR.dll] [McAfee, Inc., 1,2,108,0]
[C:\PROGRA~1\McAfee\MSC\McNmcCoR.dll] [McAfee, Inc., 1,2,108,0]
[PID: 1580 / SYSTEM][C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe] [McAfee, Inc., 11,2,121,0]
[PID: 1612 / SYSTEM][C:\PROGRA~1\McAfee\MSC\mcpromgr.exe] [McAfee, Inc., 7,2,142,0]
[C:\PROGRA~1\McAfee\MSC\McRes.dll] [McAfee, Inc., 7,2,142,0]
[C:\PROGRA~1\McAfee\MSC\McLocRes.dll] [McAfee, Inc., 7,2,142,0]
[C:\Program Files\McAfee\MSC\oem\108\Mccobres.dll] [McAfee, Inc., 7,2,142,0]
[C:\PROGRA~1\McAfee\MSC\Mccobres.dll] [McAfee, Inc., 7,2,142,0]
[C:\PROGRA~1\COMMON~1\McAfee\MSC\McUtil.dll] [McAfee, Inc., 7,2,112,0]
[c:\PROGRA~1\COMMON~1\mcafee\core\mccoreps.dll] [McAfee, Inc., 2,2,103,0]
[c:\PROGRA~1\mcafee\msc\mcmispps.dll] [McAfee, Inc., 7,2,142,0]
[c:\PROGRA~1\mcafee\msc\mcshllps.dll] [McAfee, Inc., 7,2,142,0]
[c:\PROGRA~1\mcafee\msc\mcsubmgr\7_2_14~1\mcsubmgr.dll] [McAfee, Inc., 7,2,147,0]
[c:\PROGRA~1\mcafee\msc\mcmscver.dll] [McAfee, Inc., 7,2,142,0]
[c:\PROGRA~1\mcafee\VIRUSS~1\mvsap.dll] [McAfee, Inc., 11,2,121,0]
[C:\WINDOWS\system32\msxml4.dll] [Microsoft Corporation, 4.20.9848.0]
[c:\PROGRA~1\mcafee\mpf\mc\mpfmisp.dll] [McAfee, Inc., 8.2.118.0]
[C:\Program Files\McAfee\MPF\L10N.DLL] [McAfee Security, 8.2.118.0]
[c:\PROGRA~1\mcafee\mps\mpsmisp.dll] [McAfee, Inc., 9.2.134.0]
[c:\PROGRA~1\mcafee\mps\mpsps.dll] [McAfee, Inc., 9.2.134.0]
[C:\Program Files\McAfee\MPS\MpsRes.DLL] [McAfee, Inc., 9.2.134.0]
[c:\PROGRA~1\mcafee\VIRUSS~1\mcvspp.dll] [McAfee, Inc., 11,2,121,0]
[c:\PROGRA~1\mcafee\msc\mcprotpv.dll] [McAfee, Inc., 7,2,142,0]
[c:\PROGRA~1\mcafee\mbk\mbkprov.dll] [McAfee, 1.0.0.3]
[c:\PROGRA~1\mcafee\msc\mcnmcprv.dll] [McAfee, Inc., 1,2,108,0]
[C:\PROGRA~1\McAfee\MSC\McNmcRes.dll] [McAfee, Inc., 1,2,108,0]
[C:\PROGRA~1\McAfee\MSC\McNmcLoR.dll] [McAfee, Inc., 1,2,108,0]
[C:\PROGRA~1\McAfee\MSC\McNmcCoR.dll] [McAfee, Inc., 1,2,108,0]
[c:\PROGRA~1\COMMON~1\mcafee\mna\MCNASV~1.DLL] [McAfee, Inc., 1,2,108,0]
[c:\PROGRA~1\mcafee\msc\mcnmcsps.dll] [McAfee, Inc., 1,2,108,0]
[c:\PROGRA~1\mcafee\VIRUSS~1\mvscfg.dll] [McAfee, Inc., 11,2,134,0]
[c:\PROGRA~1\mcafee\VIRUSS~1\naiannps.dll] [McAfee, Inc., 11,2,127,0]
[c:\PROGRA~1\mcafee\msc\mcregobj\7_2_14~1\mcregobj.dll] [McAfee, Inc., 7,2,142,0]
[c:\PROGRA~1\mcafee\mpf\mc\mpfp.dll] [McAfee, Inc., 8.2.118.0]
[C:\PROGRA~1\McAfee\MSC\McProHlp.dll] [McAfee, Inc., 7,2,142,0]
[c:\PROGRA~1\mcafee\mps\mpsver.dll] [McAfee, Inc., 9.2.134.0]
[c:\PROGRA~1\COMMON~1\mcafee\mcproxy\proxyver.dll] [McAfee, Inc., 1,2,138,0]
[c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirver.dll] [McAfee, Inc., 1,3,109,0]
[c:\PROGRA~1\COMMON~1\mcafee\core\mcevtbrk.dll] [McAfee, Inc., 2,2,103,0]
[c:\PROGRA~1\mcafee\VIRUSS~1\mvsver.dll] [McAfee, Inc., 11,2,132,0]
[c:\PROGRA~1\COMMON~1\mcafee\emproxy\empxyver.dll] [McAfee, Inc., 11,2,206,0]
[c:\PROGRA~1\mcafee\msc\mcnmcver.dll] [McAfee, Inc., 1,2,108,0]
[c:\PROGRA~1\mcafee\mqc\qcmisp.dll] [McAfee, Inc., 7,2,115,0]
[c:\PROGRA~1\mcafee\mqc\QcLite.dll] [McAfee, Inc., 7,2,119,0]
[c:\PROGRA~1\mcafee.com\agent\mcagntps.dll] [McAfee, Inc., 7,2,142,0]
[PID: 1644 / SYSTEM][c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe] [McAfee, Inc., 1,2,138,0]
[c:\PROGRA~1\mcafee\mps\mpsppm.dll] [McAfee, Inc., 9.2.134.0]
[c:\PROGRA~1\COMMON~1\mcafee\core\mcevtbrk.dll] [McAfee, Inc., 2,2,103,0]
[c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirps.dll] [McAfee, Inc., 1,3,109,0]
[PID: 1696 / SYSTEM][c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe] [McAfee, Inc., 1,3,109,0]
[c:\PROGRA~1\COMMON~1\mcafee\core\mcevtbrk.dll] [McAfee, Inc., 2,2,103,0]
[c:\PROGRA~1\COMMON~1\mcafee\core\mccoreps.dll] [McAfee, Inc., 2,2,103,0]
[c:\PROGRA~1\COMMON~1\mcafee\HACKER~1\hwapips.dll] [McAfee, Inc., 8.3.105.0]
[c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirps.dll] [McAfee, Inc., 1,3,109,0]
[PID: 1748 / SYSTEM][C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe] [McAfee, Inc., VSCORE.13.3.2.116.x86]
[C:\PROGRA~1\McAfee\VIRUSS~1\LockDown.dll] [McAfee, Inc., VSCORE.13.3.2.116.x86]
[C:\PROGRA~1\McAfee\VIRUSS~1\mytilus.dll] [McAfee, Inc., VSCORE.13.3.2.116.x86]
[C:\PROGRA~1\McAfee\VIRUSS~1\mytilus2.dll] [McAfee, Inc., VSCORE.13.3.2.116.x86]
[C:\PROGRA~1\McAfee\VIRUSS~1\RES00\McShield.dll] [McAfee, Inc., VSCORE.13.3.2.116]
[C:\PROGRA~1\McAfee\VIRUSS~1\FTL.Dll] [McAfee, Inc., VSCORE.13.3.2.116.x86]
[C:\PROGRA~1\McAfee\VIRUSS~1\naiann.dll] [McAfee, Inc., 11,2,127,0]
[c:\PROGRA~1\COMMON~1\mcafee\core\mccoreps.dll] [McAfee, Inc., 2,2,103,0]
[c:\PROGRA~1\mcafee\VIRUSS~1\mcvsps.dll] [McAfee, Inc., 11,2,127,0]
[c:\PROGRA~1\mcafee\VIRUSS~1\naiannps.dll] [McAfee, Inc., 11,2,127,0]
[c:\PROGRA~1\mcafee\VIRUSS~1\mvscfg.dll] [McAfee, Inc., 11,2,134,0]
[c:\PROGRA~1\mcafee\VIRUSS~1\mcvsqt.dll] [McAfee, Inc., 11,2,127,0]
[C:\PROGRA~1\McAfee\VIRUSS~1\McQtLib.dll] [McAfee, Inc., 11,2,127,0]
[c:\PROGRA~1\COMMON~1\mcafee\core\mcevtbrk.dll] [McAfee, Inc., 2,2,103,0]
[C:\PROGRA~1\McAfee\VIRUSS~1\mvslog.dll] [McAfee, Inc., 11,2,121,0]
[C:\PROGRA~1\McAfee\VIRUSS~1\scriptsv.dll] [McAfee, Inc., VSCORE.13.3.2.116.x86]
[C:\Program Files\McAfee\VirusScan\mcscan32.dll] [McAfee, Inc., 5.2.00]
[C:\PROGRA~1\McAfee\VIRUSS~1\mfebopa.dll] [McAfee, Inc., SYSCORE.13.3.0.136.x86]
[C:\PROGRA~1\McAfee\VIRUSS~1\mfehida.dll] [McAfee, Inc., SYSCORE.13.3.0.136.x86]
[C:\PROGRA~1\McAfee\VIRUSS~1\mfeavfa.dll] [McAfee, Inc., SYSCORE.13.3.0.136.x86]
[c:\PROGRA~1\mcafee\msc\mcmispps.dll] [McAfee, Inc., 7,2,142,0]
[PID: 1804 / SYSTEM][C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe] [McAfee, Inc., 11,2,131,0]
[C:\PROGRA~1\McAfee\VIRUSS~1\mvslog.dll] [McAfee, Inc., 11,2,121,0]
[C:\PROGRA~1\McAfee\VIRUSS~1\mfesmfa.dll] [McAfee, Inc., SYSCORE.13.3.0.136.x86]
[C:\PROGRA~1\McAfee\VIRUSS~1\mfehida.dll] [McAfee, Inc., SYSCORE.13.3.0.136.x86]
[c:\PROGRA~1\COMMON~1\mcafee\core\mccoreps.dll] [McAfee, Inc., 2,2,103,0]
[c:\PROGRA~1\COMMON~1\mcafee\HACKER~1\hwapips.dll] [McAfee, Inc., 8.3.105.0]
[c:\PROGRA~1\mcafee\VIRUSS~1\mvscfg.dll] [McAfee, Inc., 11,2,134,0]
[c:\PROGRA~1\mcafee\msc\mcsubmgr\7_2_14~1\mcsubmgr.dll] [McAfee, Inc., 7,2,147,0]
[c:\PROGRA~1\mcafee\msc\mcmispps.dll] [McAfee, Inc., 7,2,142,0]
[PID: 1896 / SYSTEM][C:\Program Files\McAfee\MPF\MPFSrv.exe] [McAfee, Inc., 8.2.122.0]
[c:\PROGRA~1\COMMON~1\mcafee\core\mccoreps.dll] [McAfee, Inc., 2,2,103,0]
[c:\PROGRA~1\COMMON~1\mcafee\HACKER~1\hwapips.dll] [McAfee, Inc., 8.3.105.0]
[c:\PROGRA~1\COMMON~1\mcafee\core\mcevtbrk.dll] [McAfee, Inc., 2,2,103,0]
[c:\PROGRA~1\mcafee\mpf\mc\mpfmisp.dll] [McAfee, Inc., 8.2.118.0]
[c:\PROGRA~1\mcafee\msc\mcmispps.dll] [McAfee, Inc., 7,2,142,0]
[C:\WINDOWS\system32\msxml4.dll] [Microsoft Corporation, 4.20.9848.0]
[c:\PROGRA~1\mcafee\mpf\mc\mpfaltps.dll] [McAfee, Inc., 8.2.118.0]
[PID: 1924 / SYSTEM][C:\PROGRA~1\McAfee\MPS\mps.exe] [McAfee, Inc., 9.2.134.0]
[C:\WINDOWS\system32\Dunzip32.dll] [Inner Media, Inc., 5.00.06]
[c:\PROGRA~1\COMMON~1\mcafee\core\mcevtbrk.dll] [McAfee, Inc., 2,2,103,0]
[c:\PROGRA~1\COMMON~1\mcafee\core\mccoreps.dll] [McAfee, Inc., 2,2,103,0]
[c:\PROGRA~1\mcafee\mps\mpsps.dll] [McAfee, Inc., 9.2.134.0]
[PID: 2012 / SYSTEM][C:\WINDOWS\System32\nvsvc32.exe] [NVIDIA Corporation, 6.13.10.4106]
[PID: 268 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 468 / SYSTEM][C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe] [, 2, 0, 1,10301]
[PID: 552 / SYSTEM][C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe] [Sony Corporation, 2.0.00.07170]
[C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_HttpdAPI.dll] [Sony Corporation, 2.0.00.07170]
[C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\VmpSec.dll] [Sony Corporation, 2.0.00.07150]
[PID: 584 / SYSTEM][C:\Program Files\Sony\giga pocket\GPVSvr.exe] [Sony Corporation, 2, 0, 00, 07181]
[C:\Program Files\Sony\giga pocket\SGPDB.dll] [Sony Corporation, 5.0.01.10311]
[C:\Program Files\Sony\giga pocket\sgppq.dll] [Sony Corporation, 5.0.00.08271]
[PID: 996 / SYSTEM][C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe] [Webroot Software, Inc., 3,5,6,91]
[C:\Program Files\Webroot\Spy Sweeper\pcre.dll] [RenatoMancuso.com, 6.1.0.0]
[C:\Program Files\Webroot\Spy Sweeper\ztvunrar3.dll] [N/A, ]
[C:\Program Files\Webroot\Spy Sweeper\MailShld.DLL] [N/A, ]
[C:\Program Files\Webroot\Spy Sweeper\AntiVirus\SAVI.DLL] [Sophos Plc, 6.2.1.0301]
[C:\Program Files\Webroot\Spy Sweeper\AntiVirus\OSDP.DLL] [Sophos Plc, 1.37.1501]
[C:\Program Files\Webroot\Spy Sweeper\AntiVirus\VEEX.DLL] [Sophos Plc, 2.52.1.0301]
[PID: 2260 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2360 / SYSTEM][C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe] [Sony Corporation, 2.0.02.11060]
[C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\VmpSec.dll] [Sony Corporation, 2.0.00.07150]
[PID: 2392 / SYSTEM][C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe] [Sony Corporation, 2.0.00.07170]
[C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_HttpdAPI.dll] [Sony Corporation, 2.0.00.07170]
[C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\VmpSec.dll] [Sony Corporation, 2.0.00.07150]
[PID: 2496 / SYSTEM][C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe] [Sony Corporation, 2.0.02.11060]
[C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\VmpSec.dll] [Sony Corporation, 2.0.00.07150]
[PID: 3272 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3808 / Patrick Reilly][C:\Program Files\McAfee\MPS\mpsevh.exe] [McAfee, Inc., 9.2.134.0]
[C:\PROGRA~1\McAfee\MSC\McAltLib.dll] [McAfee, Inc., 7,2,142,0]
[C:\PROGRA~1\McAfee\MSC\McRes.dll] [McAfee, Inc., 7,2,142,0]
[C:\PROGRA~1\McAfee\MSC\McLocRes.dll] [McAfee, Inc., 7,2,142,0]
[C:\Program Files\McAfee\MSC\oem\108\Mccobres.dll] [McAfee, Inc., 7,2,142,0]
[C:\PROGRA~1\McAfee\MSC\Mccobres.dll] [McAfee, Inc., 7,2,142,0]
[c:\PROGRA~1\mcafee\mps\mpsps.dll] [McAfee, Inc., 9.2.134.0]
[c:\PROGRA~1\mcafee\mps\mpsmisp.dll] [McAfee, Inc., 9.2.134.0]
[c:\PROGRA~1\COMMON~1\mcafee\core\mccoreps.dll] [McAfee, Inc., 2,2,103,0]
[c:\PROGRA~1\mcafee\msc\mcmispps.dll] [McAfee, Inc., 7,2,142,0]
[PID: 3828 / Patrick Reilly][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
[c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll] [McAfee, Inc., VSCORE.13.3.2.116.x86]
[C:\Program Files\Adobe\photoshop elements 2\PSICON.DLL] [Adobe Systems, Incorporated, 2.0]
[PID: 368 / Patrick Reilly][c:\PROGRA~1\mcafee.com\agent\mcagent.exe] [McAfee, Inc., 7,2,142,0]
[C:\PROGRA~1\McAfee\MSC\McRes.dll] [McAfee, Inc., 7,2,142,0]
[C:\PROGRA~1\McAfee\MSC\McLocRes.dll] [McAfee, Inc., 7,2,142,0]
[C:\Program Files\McAfee\MSC\oem\108\Mccobres.dll] [McAfee, Inc., 7,2,142,0]
[C:\PROGRA~1\McAfee\MSC\Mccobres.dll] [McAfee, Inc., 7,2,142,0]
[c:\PROGRA~1\mcafee\msc\mcsubmgr\7_2_14~1\mcsubmgr.dll] [McAfee, Inc., 7,2,147,0]
[c:\PROGRA~1\mcafee\msc\mcregobj\7_2_14~1\mcregobj.dll] [McAfee, Inc., 7,2,142,0]
[C:\WINDOWS\system32\msxml4.dll] [Microsoft Corporation, 4.20.9848.0]
[c:\PROGRA~1\COMMON~1\mcafee\core\mccoreps.dll] [McAfee, Inc., 2,2,103,0]
[c:\PROGRA~1\mcafee\msc\mcmispps.dll] [McAfee, Inc., 7,2,142,0]
[c:\PROGRA~1\mcafee.com\agent\mcagntps.dll] [McAfee, Inc., 7,2,142,0]
[c:\PROGRA~1\mcafee\msc\mccfgpv.dll] [McAfee, Inc., 7,2,142,0]
[c:\PROGRA~1\mcafee\msc\mcuicfg.dll] [McAfee, Inc., 7,2,142,0]
[PID: 2848 / Patrick Reilly][C:\WINDOWS\htpatch.exe] [N/A, ]
[C:\WINDOWS\WINIO.dll] [http://www.internals.com, 2.0]
[PID: 1092 / Patrick Reilly][C:\WINDOWS\AGRSMMSG.exe] [Agere Systems, 2.1.20 2.1.20 10/18/2002 10:07:17]
[PID: 2348 / Patrick Reilly][C:\WINDOWS\System32\ezSP_Px.exe] [Easy Systems Japan Ltd., 1, 0, 0, 0]
[PID: 2516 / Patrick Reilly][C:\Program Files\Microsoft IntelliPoint\point32.exe] [Microsoft Corporation, 5.30.607.0]
[C:\Program Files\Microsoft IntelliPoint\point32.dll] [Microsoft Corporation, 5.30.606.0]
[C:\Program Files\Microsoft IntelliPoint\dpgmkb.dll] [Microsoft Corporation, 5.30.606.0]
[C:\Program Files\Microsoft IntelliPoint\dpgcmd.dll] [Microsoft Corporation, 5.30.606.0]
[C:\Program Files\Microsoft IntelliPoint\srres.dll] [Microsoft Corporation, 5.30.606.0]
[C:\Program Files\Microsoft IntelliPoint\ipres.dll] [Microsoft Corporation, 5.30.606.0]
[PID: 2688 / Patrick Reilly][C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe] [Sun Microsystems, Inc., 6.0.30.5]
[PID: 784 / Patrick Reilly][D:\Program Files\HP\HP Software Update\HPWuSchd2.exe] [Hewlett-Packard Company, 2, 0, 39, 0]
[PID: 1244 / Patrick Reilly][C:\Program Files\QuickTime\qttask.exe] [Apple Computer, Inc., 7.1.5]
[PID: 2840 / Patrick Reilly][C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe] [Webroot Software, Inc., 5,5,7,103]
[C:\Program Files\Webroot\Spy Sweeper\wrid.dll] [N/A, ]
[C:\Program Files\Webroot\Spy Sweeper\language.dll] [Webroot Software, Inc., 5,5,7,103]
[C:\WINDOWS\system32\msxml4.dll] [Microsoft Corporation, 4.20.9848.0]
[PID: 2772 / Patrick Reilly][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2548 / Patrick Reilly][C:\Program Files\AIM6\aim6.exe] [AOL LLC, 1.4.9.1]
[C:\Program Files\AIM6\xprt5.dll] [AOL LLC, 5.2.7.5225]
[C:\Program Files\AIM6\AOLSvcMgr.dll] [AOL LLC, 15.5.1.2]
[C:\Program Files\AIM6\xprt6.dll] [AOL LLC, 6.5.5.5711]
[C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll] [AOL LLC, 3.3.14.1]
[c:\program files\aim6\services\notification\ver6_4_1_1\Notify.dll] [AOL LLC, 6.4.1.1]
[c:\program files\aim6\services\imApp\ver6_5_5_2\imAppService.dll] [AOL LLC, 6.5.5.2]
[C:\Program Files\AIM6\acccore.dll] [AOL LLC, 1.5.0.1805]
[C:\Program Files\AIM6\coolcore49.dll] [AOL LLC, 4.9.0.5711]
[C:\Program Files\AIM6\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[c:\program files\aim6\services\boxelyrenderer\ver2_4_5_1\boxelyRenderer.dll] [AOL LLC, 2.4.5.1]
[c:\program files\aim6\services\preferences\ver5_2_1_1\preferences.dll] [AOL LLC, 5.2.1.1]
[c:\program files\aim6\services\localStorage\ver7_3_2_1\clsSvc.dll] [AOL LLC, 7.3.2.1]
[c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll] [McAfee, Inc., VSCORE.13.3.2.116.x86]
[PID: 3264 / Patrick Reilly][C:\Program Files\Common Files\AOL\1162598441\ee\aolsoftware.exe] [America Online, Inc., 1.5.3.1]
[C:\Program Files\Common Files\AOL\1162598441\ee\xprt5.dll] [AOL LLC, 5.2.3.5014]
[C:\Program Files\Common Files\AOL\1162598441\ee\AOLSvcMgr.dll] [America Online, Inc., 1.5.3.1]
[C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll] [AOL LLC, 3.3.14.1]
[C:\Program Files\Common Files\AOL\1162598441\ee\AOLHostMgr.dll] [America Online, Inc., 1.5.3.1]
[c:\program files\common files\aol\1162598441\ee\services\os\ver4_2_7_1\OS.dll] [America Online, Inc., 4.2.7.1]
[c:\program files\common files\aol\1162598441\ee\services\os\ver4_2_7_1\AOLIdleMon.dll] [America Online, Inc., 4.2.7.1]
[c:\program files\common files\aol\1162598441\ee\services\notification\ver6_2_5_2\Notify.dll] [America Online, Inc., 6.2.5.2]
[c:\program files\common files\aol\1162598441\ee\services\localStorage\ver4_7_2_1\clsSvc.dll] [America Online, Inc., 4.7.2.1]
[PID: 2176 / Patrick Reilly][C:\Program Files\Mozilla Firefox\firefox.exe] [Mozilla Corporation, 1.8.1.11: 2007112718]
[C:\Program Files\Mozilla Firefox\js3250.dll] [Netscape Communications Corporation, 4.0]
[C:\Program Files\Mozilla Firefox\nspr4.dll] [Netscape Communications Corporation, 4.6.7]
[C:\Program Files\Mozilla Firefox\xpcom_core.dll] [Mozilla Foundation, 1.8.1.11: 2007112718]
[C:\Program Files\Mozilla Firefox\plc4.dll] [Netscape Communications Corporation, 4.6.7]
[C:\Program Files\Mozilla Firefox\plds4.dll] [Netscape Communications Corporation, 4.6.7]
[C:\Program Files\Mozilla Firefox\smime3.dll] [Mozilla Foundation, 3.11.5 Basic ECC]
[C:\Program Files\Mozilla Firefox\nss3.dll] [Mozilla Foundation, 3.11.5 Basic ECC]
[C:\Program Files\Mozilla Firefox\softokn3.dll] [Mozilla Foundation, 3.11.4 Basic ECC]
[C:\Program Files\Mozilla Firefox\ssl3.dll] [Mozilla Foundation, 3.11.5 Basic ECC]
[C:\Program Files\Mozilla Firefox\xpcom_compat.dll] [Mozilla Foundation, 1.8.1.11: 2007112718]
[C:\Program Files\Mozilla Firefox\components\myspell.dll] [Mozilla Foundation, 1.8.1.11: 2007112718]
[C:\Documents and Settings\Patrick Reilly\Application Data\Mozilla\Firefox\Profiles\qxu5ebtc.default\extensions\{7378B8C2-FC38-41b8-A8C9-875D1F5B0A24}\components\ImageShackCom.dll] [N/A, ]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Mozilla Firefox\xpcom.dll] [Mozilla Foundation, 1.8.1.11: 2007112718]
[C:\Program Files\Mozilla Firefox\components\jar50.dll] [Mozilla Foundation, 1.8.1.11: 2007112718]
[C:\Program Files\Mozilla Firefox\freebl3.dll] [Mozilla Foundation, 3.11.4 Basic ECC]
[C:\Program Files\Mozilla Firefox\nssckbi.dll] [Mozilla Foundation, 1.64]
[C:\Program Files\Mozilla Firefox\components\spellchk.dll] [Mozilla Foundation, 1.8.1.11: 2007112718]
[PID: 3196 / Patrick Reilly][C:\Program Files\AIM6\aolsoftware.exe] [AOL LLC, 15.5.1.2]
[C:\Program Files\AIM6\AOLSvcMgr.dll] [AOL LLC, 15.5.1.2]
[C:\Program Files\AIM6\xprt6.dll] [AOL LLC, 6.5.5.5711]
[C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll] [AOL LLC, 3.3.14.1]
[c:\program files\aim6\services\os\ver5_2_1_1\OS.dll] [AOL LLC, 5.2.1.1]
[C:\Program Files\AIM6\xprt5.dll] [AOL LLC, 5.2.7.5225]
[c:\program files\aim6\services\os\ver5_2_1_1\AOLIdleMon.dll] [AOL LLC, 5.2.1.1]
[c:\program files\aim6\services\notification\ver6_4_1_1\Notify.dll] [AOL LLC, 6.4.1.1]
[c:\program files\aim6\services\localStorage\ver7_3_2_1\clsSvc.dll] [AOL LLC, 7.3.2.1]
[c:\program files\aim6\services\softwareUpdate\ver2_14_11_12\stic.dll] [AOL LLC, 2.14.11.12]
[PID: 3776 / SYSTEM][C:\Program Files\Webroot\Spy Sweeper\SSU.EXE] [N/A, ]
[PID: 3368 / Patrick Reilly][C:\Documents and Settings\Patrick Reilly\Desktop\scanner\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
[C:\Documents and Settings\Patrick Reilly\Desktop\scanner\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]

==================================
File Associations
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. [ "%1" %*]
.COM OK. [ "%1" %*]
.PIF OK. [ "%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. [ "%1" %*]
.SCR OK. [ "%1" /S]
.CHM OK. [ "C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock Provider
N/A

==================================
Autorun.Inf
N/A

==================================
HOSTS File
N/A

==================================
Process Privileges Scan
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 2848, C:\WINDOWS\HTPATCH.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 2348, C:\WINDOWS\SYSTEM32\EZSP_PX.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 2516, C:\PROGRAM FILES\MICROSOFT INTELLIPOINT\POINT32.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 784, D:\PROGRAM FILES\HP\HP SOFTWARE UPDATE\HPWUSCHD2.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 1244, C:\PROGRAM FILES\QUICKTIME\QTTASK.EXE]

==================================
API HOOK
N/A

==================================
Hidden Process
N/A

 

Hi Boz,

Please copy the bolded command below.

sc stop MHAATGRX

Click Start>Run and paste it in then hit enter. Now copy the next command and repeat.

sc delete MHAATGRX

Now click Start>Run and type cmd then hit enter. Highlight and copy the following bolded blue text (all of it) and paste it in the command window using right click.

echo.> "%userprofile%\desktop\check.txt "
if exist C:\WINDOWS\system32\mhaatgrx.kau echo present>> "%userprofile%\desktop\check.txt "
attrib -h -r -s C:\WINDOWS\system32\mhaatgrx.kau
del /q C:\WINDOWS\system32\mhaatgrx.kau
if exist C:\WINDOWS\system32\mhaatgrx.kau echo still present>> "%userprofile%\desktop\check.txt "
cls
start notepad "%userprofile%\desktop\check.txt "
cls

check.txt should open. Let me know what it shows, if anything.

 

It made a blank notepad document show up.

 

That's good. You can delete the check.txt file from your desktop. Lets get a dss log from the next account. Go ahead and run another SpySweeper scan too. If it again reports Mal/Emogen, try to get some kind of info about the detection .... from the log, quarantine, something.

 

Ok, I'm running another spysweeper scan as I type this. I will try and find something about it if it does pop up again. I will post up what I find out.

 

So I just got home and the scan is done. Good news is there is no Mal/Emogen-m just a bunch of spyware cookies. I guess everything is ok now? BTW there is no other account, just mine, my moms, and my dads.

 

Sounds good Boz. Does everyone's profile seem to be working OK? Any other issues?

 

Yea, everything seems to be in order again. I thank you again for all of your help.

 

Great! Glad I could help.

Recommend you clear your System Restore points.

Clear past system restore points and create a new one.
Right click My Computer and select Properties. On the System Restore tab, check the box to turn System Restore off. Click Apply. Now, uncheck the box and click Apply. Click OK, then OK to close the System Properties dialog.

Verify a new restore point was created.
Click Start>All Programs>Accessories>System Tools>System Restore
Select 'Restore my computer to an earlier time', then click next.
You should have a newly created System Checkpoint available. If so, click Cancel. If not, click Back and select 'Create a restore point' then click Next. Give the restore point a name and click next.


Geri has posted some very helpful information and recommendations regarding future protection in the following link.

http://www.windowsbbs.com/showthread.php?t=67958

Surf safe!