Squidget1031
Posts: 19 +0
Hi Bobbye,
About nine months ago you helped me remove some spyware/malware from my home computer. Recently, my husband has been having some new problems: When he tries to log in to his Hotmail account the first entry of his password always fails, but works the second time. Then, when he goes into his Inbox, he can't read or delete his mail. I'm not sure if this is a Hotmail problem, or if it has to do with a repeat spyware/malware issue?
We recently changed internet providers and have a new "security" system and I'm wondering if that may have led to some of these new problems. He also seems to be having trouble on other websites where new windows need to pop up. These problems do not seem to be affecting my user profile.
The logs from the 8-step process are below:
MALWAREBYTES:
Malwarebytes' Anti-Malware 1.44
Database version: 3928
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
3/29/2010 2:50:32 PM
mbam-log-2010-03-29 (14-50-32).txt
Scan type: Quick Scan
Objects scanned: 236386
Time elapsed: 22 minute(s), 57 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 10
Registry Values Infected: 3
Registry Data Items Infected: 1
Folders Infected: 1
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\secfile\shell\open\command\(default) (Rogue.MultipleAV) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
C:\Documents and Settings\All Users\Application Data\gwr (Rogue.GreenAV) -> Quarantined and deleted successfully.
Files Infected:
C:\Documents and Settings\HelpAssistant.AREBRO\Local Settings\Temp\agsbgi.dll (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\gwr\Viruses.dat (Rogue.GreenAV) -> Quarantined and deleted successfully.
DDS.TXT
DDS (Ver_10-12-12.02) - NTFSx86
Run by Emily at 21:31:15.64 on Sun 12/19/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.160 [GMT -5:00]
AV: CA Anti-Virus Plus *Enabled/Updated* {6B98D35F-BB76-41C0-876B-A50645ED099A}
FW: CA Personal Firewall *Enabled*
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\CA\CA Internet Security Suite\ccEvtMgr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\caamsvc.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe
C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\mdmcls32.exe
C:\WINDOWS\system32\svcprs32.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\CA\CA Internet Security Suite\casc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Emily\My Documents\Downloads\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://att.yahoo.com
mSearch Bar = hxxp://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://search.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
mWinlogon: Userinit=userinit.exe,
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: CA Anti-Phishing Toolbar Helper: {45011cf5-e4a9-4f13-9093-f30a784eb9b2} - c:\program files\ca\ca internet security suite\rrr anti-phishing\toolbar\caIEToolbar.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
BHO: YahooTaggedBM Class: {65d886a2-7ca7-479b-bb95-14d1efb7946a} - c:\progra~1\yahoo!\common\YIeTagBm.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\googleafe\GoogleAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: CA Anti-Phishing Toolbar: {0123b506-0ad9-43aa-b0cf-916c122ad4c5} - c:\program files\ca\ca internet security suite\rrr anti-phishing\toolbar\caIEToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Yahoo! Pager] 1
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Motive SmartBridge] c:\progra~1\sbcsel~1\smartb~1\MotiveSB.exe
mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [Corel Photo Downloader] c:\program files\corel\corel photo album 6\MediaDetect.exe
mRun: [TkBellExe] "realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [cctray] "c:\program files\ca\ca internet security suite\casc.exe"
mRun: [capfupgrade] c:\program files\ca\ca internet security suite\ca personal firewall\capfupgrade.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\sbcsel~1.lnk - c:\program files\sbc self support tool\bin\matcli.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
LSP: c:\windows\system32\winsflt.dll
LSP: c:\windows\system32\VetRedir.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - hxxp://www.trueswitch.com/sbcyahoo/TrueInstallSBC.exe
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
Notify: PFW - UmxWnp.Dll
AppInit_DLLs: UmxSbxExw.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\emily\applic~1\mozilla\firefox\profiles\smny8jtr.default\
FF - component: c:\program files\ca\ca internet security suite\rrr anti-phishing\toolbar\firefox\components\CAFxToolBar.dll
FF - plugin: c:\documents and settings\emily\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: CA Anti-Phishing Toolbar: caaphishtoolbar@ca.com - c:\program files\ca\ca internet security suite\rrr anti-phishing\toolbar\Firefox
============= SERVICES / DRIVERS ===============
R0 KmxAMRT;KmxAMRT;c:\windows\system32\drivers\KmxAMRT.sys [2010-9-17 135248]
R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [2010-5-3 108112]
R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [2010-3-22 79864]
R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [2010-9-24 61008]
R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [2010-9-24 115792]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 66632]
R2 CAAMSvc;CAAMSvc;c:\program files\ca\ca internet security suite\ca anti-virus plus\CAAMSvc.exe [2010-11-29 206152]
R2 CAISafe;CAISafe;c:\program files\ca\ca internet security suite\ca anti-virus plus\isafe.exe [2010-11-29 212992]
R2 ccSchedulerSVC;CA Common Scheduler Service;c:\program files\ca\ca internet security suite\ccschedulersvc.exe [2010-11-29 206160]
R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [2010-9-24 146000]
R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [2010-9-24 61008]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 UmxAgent;HIPS Event Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxAgent.exe [2009-8-4 887288]
R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\ca\sharedcomponents\hipsengine\UmxCfg.exe [2010-8-24 740160]
R2 UmxPol;HIPS Policy Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxPol.exe [2010-9-17 301648]
R2 WinExtManager;WinSock Extention Manager;c:\windows\system32\mdmcls32.exe [2010-11-29 2347760]
R2 WinSvchostManager;WinSock Svchost Manager;c:\windows\system32\svcprs32.exe [2010-11-29 1377008]
R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [2010-6-9 244304]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-7 135664]
S3 KmxAMVet;KmxAMVet;c:\windows\system32\drivers\KmxAMVet.sys [2009-3-27 598656]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]
=============== Created Last 30 ================
2010-12-19 21:04:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-19 21:04:12 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-19 21:04:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-18 21:24:08 -------- d-----w- c:\windows\system32\wbem\repository\FS
2010-12-18 21:24:08 -------- d-----w- c:\windows\system32\wbem\Repository
2010-12-18 21:21:55 -------- d-----w- c:\program files\ISSThirdParty
2010-12-18 21:18:14 -------- d-----w- c:\docume~1\emily\applic~1\VirtualStore
2010-12-15 20:01:35 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-15 20:01:02 45568 ------w- c:\windows\system32\dllcache\wab.exe
2010-11-30 01:52:20 7 ----a-w- c:\windows\system32\mkghj.dll
2010-11-30 01:50:01 -------- d-----w- c:\program files\CA
2010-11-21 00:21:00 -------- d-----w- c:\program files\iPod
2010-11-21 00:20:39 -------- d-----w- c:\program files\iTunes
==================== Find3M ====================
2010-12-19 16:48:16 3350 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-11-30 02:26:31 1054032 ----a-w- c:\windows\system32\cfgmig32.dll
2010-11-30 02:26:25 95568 ----a-w- c:\windows\system32\vetredir.dll
2010-11-30 02:26:25 128336 ----a-w- c:\windows\system32\isafeif.dll
2010-11-30 01:51:34 5845744 ----a-w- c:\windows\system32\win32cpr.dll
2010-11-30 01:51:34 1872624 ----a-w- c:\windows\system32\winsflt.dll
2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec
2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys
2010-09-28 20:44:52 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-09-24 16:16:18 272976 ----a-w- c:\windows\system32\UmxSbxw.dll
2010-09-24 16:16:18 113232 ----a-w- c:\windows\system32\UmxSbxExw.dll
============= FINISH: 21:38:49.01 ===============
ATTACH.TXT
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-12-12.02)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 2/4/2006 5:01:11 PM
System Uptime: 12/19/2010 9:17:38 PM (0 hours ago)
Motherboard: Dell Inc. | | 0JC474
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | Microprocessor | 2793/800mhz
==== Disk Partitions =========================
A: is Removable
C: is FIXED (NTFS) - 144 GiB total, 115.772 GiB free.
D: is CDROM ()
E: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP159: 9/21/2010 7:27:28 AM - System Checkpoint
RP160: 9/22/2010 8:27:28 AM - System Checkpoint
RP161: 9/23/2010 9:11:14 AM - System Checkpoint
RP162: 9/24/2010 9:28:50 AM - System Checkpoint
RP163: 9/25/2010 10:50:58 AM - System Checkpoint
RP164: 9/26/2010 12:40:49 PM - System Checkpoint
RP165: 9/27/2010 1:25:52 PM - System Checkpoint
RP166: 9/28/2010 1:28:49 PM - System Checkpoint
RP167: 9/29/2010 3:00:19 AM - Software Distribution Service 3.0
RP168: 9/30/2010 4:28:48 AM - System Checkpoint
RP169: 10/1/2010 3:00:22 AM - Software Distribution Service 3.0
RP170: 10/2/2010 3:22:03 AM - System Checkpoint
RP171: 10/3/2010 3:34:01 AM - System Checkpoint
RP172: 10/4/2010 4:34:01 AM - System Checkpoint
RP173: 10/5/2010 5:02:32 AM - System Checkpoint
RP174: 10/6/2010 5:21:59 AM - System Checkpoint
RP175: 10/7/2010 6:34:22 AM - System Checkpoint
RP176: 10/8/2010 7:51:51 AM - System Checkpoint
RP177: 10/9/2010 8:39:49 AM - System Checkpoint
RP178: 10/10/2010 9:03:48 AM - System Checkpoint
RP179: 10/11/2010 11:11:23 AM - System Checkpoint
RP180: 10/12/2010 11:58:15 AM - System Checkpoint
RP181: 10/13/2010 3:00:24 AM - Software Distribution Service 3.0
RP182: 10/14/2010 3:28:45 AM - System Checkpoint
RP183: 10/15/2010 4:29:00 AM - System Checkpoint
RP184: 10/16/2010 5:40:40 AM - System Checkpoint
RP185: 10/17/2010 6:28:40 AM - System Checkpoint
RP186: 10/18/2010 7:16:38 AM - System Checkpoint
RP187: 10/19/2010 8:04:38 AM - System Checkpoint
RP188: 10/20/2010 9:04:35 AM - System Checkpoint
RP189: 10/21/2010 10:40:33 AM - System Checkpoint
RP190: 10/22/2010 11:52:34 AM - System Checkpoint
RP191: 10/23/2010 12:29:34 PM - System Checkpoint
RP192: 10/24/2010 1:04:29 PM - System Checkpoint
RP193: 10/25/2010 1:28:29 PM - System Checkpoint
RP194: 10/26/2010 2:16:26 PM - System Checkpoint
RP195: 10/27/2010 3:40:25 PM - System Checkpoint
RP196: 10/28/2010 4:10:15 PM - System Checkpoint
RP197: 10/29/2010 4:28:24 PM - System Checkpoint
RP198: 10/30/2010 5:04:19 PM - System Checkpoint
RP199: 10/31/2010 6:52:19 PM - System Checkpoint
RP200: 11/1/2010 7:10:44 PM - System Checkpoint
RP201: 11/2/2010 10:02:51 PM - System Checkpoint
RP202: 11/3/2010 10:46:46 PM - System Checkpoint
RP203: 11/4/2010 11:44:37 PM - System Checkpoint
RP204: 11/6/2010 12:35:59 AM - System Checkpoint
RP205: 11/7/2010 1:26:17 AM - System Checkpoint
RP206: 11/8/2010 2:22:36 AM - System Checkpoint
RP207: 11/9/2010 3:28:32 AM - System Checkpoint
RP208: 11/10/2010 4:46:32 AM - System Checkpoint
RP209: 11/11/2010 3:00:34 AM - Software Distribution Service 3.0
RP210: 11/11/2010 8:27:50 PM - Software Distribution Service 3.0
RP211: 11/12/2010 8:55:05 PM - System Checkpoint
RP212: 11/13/2010 10:10:32 PM - System Checkpoint
RP213: 11/14/2010 10:38:24 PM - System Checkpoint
RP214: 11/15/2010 10:47:57 PM - System Checkpoint
RP215: 11/16/2010 11:34:00 PM - System Checkpoint
RP216: 11/18/2010 12:10:23 AM - System Checkpoint
RP217: 11/19/2010 1:10:23 AM - System Checkpoint
RP218: 11/20/2010 2:10:23 AM - System Checkpoint
RP219: 11/21/2010 2:54:56 AM - System Checkpoint
RP220: 11/22/2010 3:54:56 AM - System Checkpoint
RP221: 11/23/2010 4:54:53 AM - System Checkpoint
RP222: 11/24/2010 5:54:51 AM - System Checkpoint
RP223: 11/25/2010 6:54:50 AM - System Checkpoint
RP224: 11/26/2010 2:27:33 PM - System Checkpoint
RP225: 11/27/2010 2:55:55 PM - System Checkpoint
RP226: 11/28/2010 3:10:30 PM - System Checkpoint
RP227: 11/29/2010 3:21:22 PM - System Checkpoint
RP228: 11/29/2010 8:50:00 PM - CA Internet Security Suite
RP229: 11/29/2010 9:42:04 PM - Software Distribution Service 3.0
RP230: 11/30/2010 9:51:58 PM - System Checkpoint
RP231: 12/1/2010 10:36:44 PM - System Checkpoint
RP232: 12/2/2010 11:04:15 PM - System Checkpoint
RP233: 12/4/2010 12:32:47 AM - System Checkpoint
RP234: 12/5/2010 12:37:03 AM - System Checkpoint
RP235: 12/6/2010 1:15:56 AM - System Checkpoint
RP236: 12/7/2010 1:50:20 AM - System Checkpoint
RP237: 12/7/2010 9:26:08 PM - Software Distribution Service 3.0
RP238: 12/8/2010 10:48:26 PM - System Checkpoint
RP239: 12/9/2010 10:54:18 PM - System Checkpoint
RP240: 12/10/2010 11:51:21 PM - System Checkpoint
RP241: 12/12/2010 1:14:38 AM - System Checkpoint
RP242: 12/13/2010 1:50:09 AM - System Checkpoint
RP243: 12/14/2010 2:50:09 AM - System Checkpoint
RP244: 12/15/2010 5:02:08 AM - System Checkpoint
RP245: 12/16/2010 3:00:20 AM - Software Distribution Service 3.0
RP246: 12/17/2010 3:16:39 AM - System Checkpoint
RP247: 12/17/2010 11:02:23 PM - Software Distribution Service 3.0
RP248: 12/18/2010 3:56:51 PM - Restore Operation
RP249: 12/18/2010 4:16:45 PM - Restore Operation
RP250: 12/19/2010 7:02:52 PM - System Checkpoint
==== Installed Programs ======================
Adobe Acrobat - Reader 6.0.2 Update
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 6.0.1
Adobe Shockwave Player
AIM 6
AMRT
AntiPhishing
AOL Uninstaller (Choose which Products to Remove)
AOLIcon
APH placeholder
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoBase 3
ArcSoft PhotoStudio 5
AT&T Yahoo! Applications
Audacity 1.2.6
Bonjour
BroadJump Client Foundation
CA Anti-Virus Plus
CA Backup and Migration
CA Internet Security Suite
CA Parental Controls
CA Personal Firewall
Canon CanoScan Toolbox 4.0
CCleaner
Corel Photo Album 6
Critical Update for Windows Media Player 11 (KB959772)
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Game Console
Dell System Restore
DellSupport
Digital Content Portal
Digital Photo Navigator 1.5
DNAMigrator
Easy CD & DVD Creator 6
EducateU
ESET Online Scanner v3
ESPNMotion
Evil Dead Regeneration
Facebook Plug-In
FUJIFILM USB Driver
Google AFE
Google Desktop
Google Toolbar for Internet Explorer
Google Update Helper
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) 537EP V9x DF PCI Modem
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet for Wired Connections
iTunes
Java 2 Runtime Environment, SE v1.4.2_03
Java Auto Updater
Java(TM) 6 Update 18
Learn2 Player (Uninstall Only)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office XP Professional with FrontPage
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
MicroStaff WINASPI
Modem Event Monitor
Modem Helper
Modem On Hold
Mozilla Firefox (3.6.13)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Musicmatch for Windows Media Player
NetZeroInstallers
OmniPage SE
Otto
Pinball Panic
PowerCinema NE for Everio
PowerDirector Express
PowerDVD 5.5
PowerProducer
QuickTime
Qurb
RAW FILE CONVERTER LE
RealPlayer
SBC Self Support Tool
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Sonic Encoders
SUPERAntiSpyware Free Edition
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update Rollup 2 for Windows XP Media Center Edition 2005
Viewpoint Manager (Remove Only)
Viewpoint Media Player
WebFldrs XP
WildTangent Web Driver
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player 11
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
Yahoo! Photos Easy Upload Tool
Yahoo! Photos Print-at-Home Tool
Yahoo! Toolbar
==== Event Viewer Messages From Past Week ========
12/19/2010 9:12:36 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
12/19/2010 9:12:35 PM, error: Service Control Manager [7034] - The WinSock Svchost Manager service terminated unexpectedly. It has done this 1 time(s).
12/19/2010 9:12:35 PM, error: Service Control Manager [7034] - The WinSock Extention Manager service terminated unexpectedly. It has done this 1 time(s).
12/19/2010 9:12:35 PM, error: Service Control Manager [7034] - The CaCCProvSP service terminated unexpectedly. It has done this 1 time(s).
12/19/2010 9:12:34 PM, error: Service Control Manager [7034] - The Cyberlink RichVideo Service(CRVS) service terminated unexpectedly. It has done this 1 time(s).
12/19/2010 9:12:34 PM, error: Service Control Manager [7034] - The CA Common Scheduler Service service terminated unexpectedly. It has done this 1 time(s).
12/19/2010 9:12:33 PM, error: Service Control Manager [7034] - The CAISafe service terminated unexpectedly. It has done this 1 time(s).
12/19/2010 9:12:33 PM, error: Service Control Manager [7034] - The CAAMSvc service terminated unexpectedly. It has done this 1 time(s).
12/19/2010 9:12:32 PM, error: Service Control Manager [7034] - The HIPS Policy Manager service terminated unexpectedly. It has done this 1 time(s).
12/19/2010 9:12:32 PM, error: Service Control Manager [7034] - The HIPS Firewall Helper service terminated unexpectedly. It has done this 1 time(s).
12/19/2010 9:12:32 PM, error: Service Control Manager [7034] - The HIPS Event Manager service terminated unexpectedly. It has done this 1 time(s).
12/19/2010 9:12:32 PM, error: Service Control Manager [7034] - The HIPS Configuration Interpreter service terminated unexpectedly. It has done this 1 time(s).
12/19/2010 9:12:32 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
12/19/2010 9:12:32 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/17/2010 11:06:46 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8024002d: Office XP Service Pack 3.
12/17/2010 11:02:32 AM, error: Dhcp [1002] - The IP address lease 192.168.0.100 for the Network Card with network address 001320B469C1 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
12/16/2010 5:13:08 PM, error: Print [23] - Printer Lexmark 640 Series,0 failed to initialize because a suitable Lexmark 640 Series driver could not be found.
==== End Of File ===========================
About nine months ago you helped me remove some spyware/malware from my home computer. Recently, my husband has been having some new problems: When he tries to log in to his Hotmail account the first entry of his password always fails, but works the second time. Then, when he goes into his Inbox, he can't read or delete his mail. I'm not sure if this is a Hotmail problem, or if it has to do with a repeat spyware/malware issue?
We recently changed internet providers and have a new "security" system and I'm wondering if that may have led to some of these new problems. He also seems to be having trouble on other websites where new windows need to pop up. These problems do not seem to be affecting my user profile.
The logs from the 8-step process are below:
MALWAREBYTES:
Malwarebytes' Anti-Malware 1.44
Database version: 3928
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
3/29/2010 2:50:32 PM
mbam-log-2010-03-29 (14-50-32).txt
Scan type: Quick Scan
Objects scanned: 236386
Time elapsed: 22 minute(s), 57 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 10
Registry Values Infected: 3
Registry Data Items Infected: 1
Folders Infected: 1
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\secfile\shell\open\command\(default) (Rogue.MultipleAV) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
C:\Documents and Settings\All Users\Application Data\gwr (Rogue.GreenAV) -> Quarantined and deleted successfully.
Files Infected:
C:\Documents and Settings\HelpAssistant.AREBRO\Local Settings\Temp\agsbgi.dll (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\gwr\Viruses.dat (Rogue.GreenAV) -> Quarantined and deleted successfully.
DDS.TXT
DDS (Ver_10-12-12.02) - NTFSx86
Run by Emily at 21:31:15.64 on Sun 12/19/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.160 [GMT -5:00]
AV: CA Anti-Virus Plus *Enabled/Updated* {6B98D35F-BB76-41C0-876B-A50645ED099A}
FW: CA Personal Firewall *Enabled*
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\CA\CA Internet Security Suite\ccEvtMgr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\caamsvc.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe
C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\mdmcls32.exe
C:\WINDOWS\system32\svcprs32.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\CA\CA Internet Security Suite\casc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Emily\My Documents\Downloads\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://att.yahoo.com
mSearch Bar = hxxp://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://search.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
mWinlogon: Userinit=userinit.exe,
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: CA Anti-Phishing Toolbar Helper: {45011cf5-e4a9-4f13-9093-f30a784eb9b2} - c:\program files\ca\ca internet security suite\rrr anti-phishing\toolbar\caIEToolbar.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
BHO: YahooTaggedBM Class: {65d886a2-7ca7-479b-bb95-14d1efb7946a} - c:\progra~1\yahoo!\common\YIeTagBm.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\googleafe\GoogleAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: CA Anti-Phishing Toolbar: {0123b506-0ad9-43aa-b0cf-916c122ad4c5} - c:\program files\ca\ca internet security suite\rrr anti-phishing\toolbar\caIEToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Yahoo! Pager] 1
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Motive SmartBridge] c:\progra~1\sbcsel~1\smartb~1\MotiveSB.exe
mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [Corel Photo Downloader] c:\program files\corel\corel photo album 6\MediaDetect.exe
mRun: [TkBellExe] "realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [cctray] "c:\program files\ca\ca internet security suite\casc.exe"
mRun: [capfupgrade] c:\program files\ca\ca internet security suite\ca personal firewall\capfupgrade.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\sbcsel~1.lnk - c:\program files\sbc self support tool\bin\matcli.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
LSP: c:\windows\system32\winsflt.dll
LSP: c:\windows\system32\VetRedir.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - hxxp://www.trueswitch.com/sbcyahoo/TrueInstallSBC.exe
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
Notify: PFW - UmxWnp.Dll
AppInit_DLLs: UmxSbxExw.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\emily\applic~1\mozilla\firefox\profiles\smny8jtr.default\
FF - component: c:\program files\ca\ca internet security suite\rrr anti-phishing\toolbar\firefox\components\CAFxToolBar.dll
FF - plugin: c:\documents and settings\emily\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: CA Anti-Phishing Toolbar: caaphishtoolbar@ca.com - c:\program files\ca\ca internet security suite\rrr anti-phishing\toolbar\Firefox
============= SERVICES / DRIVERS ===============
R0 KmxAMRT;KmxAMRT;c:\windows\system32\drivers\KmxAMRT.sys [2010-9-17 135248]
R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [2010-5-3 108112]
R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [2010-3-22 79864]
R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [2010-9-24 61008]
R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [2010-9-24 115792]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 66632]
R2 CAAMSvc;CAAMSvc;c:\program files\ca\ca internet security suite\ca anti-virus plus\CAAMSvc.exe [2010-11-29 206152]
R2 CAISafe;CAISafe;c:\program files\ca\ca internet security suite\ca anti-virus plus\isafe.exe [2010-11-29 212992]
R2 ccSchedulerSVC;CA Common Scheduler Service;c:\program files\ca\ca internet security suite\ccschedulersvc.exe [2010-11-29 206160]
R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [2010-9-24 146000]
R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [2010-9-24 61008]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 UmxAgent;HIPS Event Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxAgent.exe [2009-8-4 887288]
R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\ca\sharedcomponents\hipsengine\UmxCfg.exe [2010-8-24 740160]
R2 UmxPol;HIPS Policy Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxPol.exe [2010-9-17 301648]
R2 WinExtManager;WinSock Extention Manager;c:\windows\system32\mdmcls32.exe [2010-11-29 2347760]
R2 WinSvchostManager;WinSock Svchost Manager;c:\windows\system32\svcprs32.exe [2010-11-29 1377008]
R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [2010-6-9 244304]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-7 135664]
S3 KmxAMVet;KmxAMVet;c:\windows\system32\drivers\KmxAMVet.sys [2009-3-27 598656]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]
=============== Created Last 30 ================
2010-12-19 21:04:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-19 21:04:12 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-19 21:04:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-18 21:24:08 -------- d-----w- c:\windows\system32\wbem\repository\FS
2010-12-18 21:24:08 -------- d-----w- c:\windows\system32\wbem\Repository
2010-12-18 21:21:55 -------- d-----w- c:\program files\ISSThirdParty
2010-12-18 21:18:14 -------- d-----w- c:\docume~1\emily\applic~1\VirtualStore
2010-12-15 20:01:35 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-15 20:01:02 45568 ------w- c:\windows\system32\dllcache\wab.exe
2010-11-30 01:52:20 7 ----a-w- c:\windows\system32\mkghj.dll
2010-11-30 01:50:01 -------- d-----w- c:\program files\CA
2010-11-21 00:21:00 -------- d-----w- c:\program files\iPod
2010-11-21 00:20:39 -------- d-----w- c:\program files\iTunes
==================== Find3M ====================
2010-12-19 16:48:16 3350 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-11-30 02:26:31 1054032 ----a-w- c:\windows\system32\cfgmig32.dll
2010-11-30 02:26:25 95568 ----a-w- c:\windows\system32\vetredir.dll
2010-11-30 02:26:25 128336 ----a-w- c:\windows\system32\isafeif.dll
2010-11-30 01:51:34 5845744 ----a-w- c:\windows\system32\win32cpr.dll
2010-11-30 01:51:34 1872624 ----a-w- c:\windows\system32\winsflt.dll
2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec
2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys
2010-09-28 20:44:52 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-09-24 16:16:18 272976 ----a-w- c:\windows\system32\UmxSbxw.dll
2010-09-24 16:16:18 113232 ----a-w- c:\windows\system32\UmxSbxExw.dll
============= FINISH: 21:38:49.01 ===============
ATTACH.TXT
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-12-12.02)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 2/4/2006 5:01:11 PM
System Uptime: 12/19/2010 9:17:38 PM (0 hours ago)
Motherboard: Dell Inc. | | 0JC474
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | Microprocessor | 2793/800mhz
==== Disk Partitions =========================
A: is Removable
C: is FIXED (NTFS) - 144 GiB total, 115.772 GiB free.
D: is CDROM ()
E: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP159: 9/21/2010 7:27:28 AM - System Checkpoint
RP160: 9/22/2010 8:27:28 AM - System Checkpoint
RP161: 9/23/2010 9:11:14 AM - System Checkpoint
RP162: 9/24/2010 9:28:50 AM - System Checkpoint
RP163: 9/25/2010 10:50:58 AM - System Checkpoint
RP164: 9/26/2010 12:40:49 PM - System Checkpoint
RP165: 9/27/2010 1:25:52 PM - System Checkpoint
RP166: 9/28/2010 1:28:49 PM - System Checkpoint
RP167: 9/29/2010 3:00:19 AM - Software Distribution Service 3.0
RP168: 9/30/2010 4:28:48 AM - System Checkpoint
RP169: 10/1/2010 3:00:22 AM - Software Distribution Service 3.0
RP170: 10/2/2010 3:22:03 AM - System Checkpoint
RP171: 10/3/2010 3:34:01 AM - System Checkpoint
RP172: 10/4/2010 4:34:01 AM - System Checkpoint
RP173: 10/5/2010 5:02:32 AM - System Checkpoint
RP174: 10/6/2010 5:21:59 AM - System Checkpoint
RP175: 10/7/2010 6:34:22 AM - System Checkpoint
RP176: 10/8/2010 7:51:51 AM - System Checkpoint
RP177: 10/9/2010 8:39:49 AM - System Checkpoint
RP178: 10/10/2010 9:03:48 AM - System Checkpoint
RP179: 10/11/2010 11:11:23 AM - System Checkpoint
RP180: 10/12/2010 11:58:15 AM - System Checkpoint
RP181: 10/13/2010 3:00:24 AM - Software Distribution Service 3.0
RP182: 10/14/2010 3:28:45 AM - System Checkpoint
RP183: 10/15/2010 4:29:00 AM - System Checkpoint
RP184: 10/16/2010 5:40:40 AM - System Checkpoint
RP185: 10/17/2010 6:28:40 AM - System Checkpoint
RP186: 10/18/2010 7:16:38 AM - System Checkpoint
RP187: 10/19/2010 8:04:38 AM - System Checkpoint
RP188: 10/20/2010 9:04:35 AM - System Checkpoint
RP189: 10/21/2010 10:40:33 AM - System Checkpoint
RP190: 10/22/2010 11:52:34 AM - System Checkpoint
RP191: 10/23/2010 12:29:34 PM - System Checkpoint
RP192: 10/24/2010 1:04:29 PM - System Checkpoint
RP193: 10/25/2010 1:28:29 PM - System Checkpoint
RP194: 10/26/2010 2:16:26 PM - System Checkpoint
RP195: 10/27/2010 3:40:25 PM - System Checkpoint
RP196: 10/28/2010 4:10:15 PM - System Checkpoint
RP197: 10/29/2010 4:28:24 PM - System Checkpoint
RP198: 10/30/2010 5:04:19 PM - System Checkpoint
RP199: 10/31/2010 6:52:19 PM - System Checkpoint
RP200: 11/1/2010 7:10:44 PM - System Checkpoint
RP201: 11/2/2010 10:02:51 PM - System Checkpoint
RP202: 11/3/2010 10:46:46 PM - System Checkpoint
RP203: 11/4/2010 11:44:37 PM - System Checkpoint
RP204: 11/6/2010 12:35:59 AM - System Checkpoint
RP205: 11/7/2010 1:26:17 AM - System Checkpoint
RP206: 11/8/2010 2:22:36 AM - System Checkpoint
RP207: 11/9/2010 3:28:32 AM - System Checkpoint
RP208: 11/10/2010 4:46:32 AM - System Checkpoint
RP209: 11/11/2010 3:00:34 AM - Software Distribution Service 3.0
RP210: 11/11/2010 8:27:50 PM - Software Distribution Service 3.0
RP211: 11/12/2010 8:55:05 PM - System Checkpoint
RP212: 11/13/2010 10:10:32 PM - System Checkpoint
RP213: 11/14/2010 10:38:24 PM - System Checkpoint
RP214: 11/15/2010 10:47:57 PM - System Checkpoint
RP215: 11/16/2010 11:34:00 PM - System Checkpoint
RP216: 11/18/2010 12:10:23 AM - System Checkpoint
RP217: 11/19/2010 1:10:23 AM - System Checkpoint
RP218: 11/20/2010 2:10:23 AM - System Checkpoint
RP219: 11/21/2010 2:54:56 AM - System Checkpoint
RP220: 11/22/2010 3:54:56 AM - System Checkpoint
RP221: 11/23/2010 4:54:53 AM - System Checkpoint
RP222: 11/24/2010 5:54:51 AM - System Checkpoint
RP223: 11/25/2010 6:54:50 AM - System Checkpoint
RP224: 11/26/2010 2:27:33 PM - System Checkpoint
RP225: 11/27/2010 2:55:55 PM - System Checkpoint
RP226: 11/28/2010 3:10:30 PM - System Checkpoint
RP227: 11/29/2010 3:21:22 PM - System Checkpoint
RP228: 11/29/2010 8:50:00 PM - CA Internet Security Suite
RP229: 11/29/2010 9:42:04 PM - Software Distribution Service 3.0
RP230: 11/30/2010 9:51:58 PM - System Checkpoint
RP231: 12/1/2010 10:36:44 PM - System Checkpoint
RP232: 12/2/2010 11:04:15 PM - System Checkpoint
RP233: 12/4/2010 12:32:47 AM - System Checkpoint
RP234: 12/5/2010 12:37:03 AM - System Checkpoint
RP235: 12/6/2010 1:15:56 AM - System Checkpoint
RP236: 12/7/2010 1:50:20 AM - System Checkpoint
RP237: 12/7/2010 9:26:08 PM - Software Distribution Service 3.0
RP238: 12/8/2010 10:48:26 PM - System Checkpoint
RP239: 12/9/2010 10:54:18 PM - System Checkpoint
RP240: 12/10/2010 11:51:21 PM - System Checkpoint
RP241: 12/12/2010 1:14:38 AM - System Checkpoint
RP242: 12/13/2010 1:50:09 AM - System Checkpoint
RP243: 12/14/2010 2:50:09 AM - System Checkpoint
RP244: 12/15/2010 5:02:08 AM - System Checkpoint
RP245: 12/16/2010 3:00:20 AM - Software Distribution Service 3.0
RP246: 12/17/2010 3:16:39 AM - System Checkpoint
RP247: 12/17/2010 11:02:23 PM - Software Distribution Service 3.0
RP248: 12/18/2010 3:56:51 PM - Restore Operation
RP249: 12/18/2010 4:16:45 PM - Restore Operation
RP250: 12/19/2010 7:02:52 PM - System Checkpoint
==== Installed Programs ======================
Adobe Acrobat - Reader 6.0.2 Update
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 6.0.1
Adobe Shockwave Player
AIM 6
AMRT
AntiPhishing
AOL Uninstaller (Choose which Products to Remove)
AOLIcon
APH placeholder
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoBase 3
ArcSoft PhotoStudio 5
AT&T Yahoo! Applications
Audacity 1.2.6
Bonjour
BroadJump Client Foundation
CA Anti-Virus Plus
CA Backup and Migration
CA Internet Security Suite
CA Parental Controls
CA Personal Firewall
Canon CanoScan Toolbox 4.0
CCleaner
Corel Photo Album 6
Critical Update for Windows Media Player 11 (KB959772)
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Game Console
Dell System Restore
DellSupport
Digital Content Portal
Digital Photo Navigator 1.5
DNAMigrator
Easy CD & DVD Creator 6
EducateU
ESET Online Scanner v3
ESPNMotion
Evil Dead Regeneration
Facebook Plug-In
FUJIFILM USB Driver
Google AFE
Google Desktop
Google Toolbar for Internet Explorer
Google Update Helper
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) 537EP V9x DF PCI Modem
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet for Wired Connections
iTunes
Java 2 Runtime Environment, SE v1.4.2_03
Java Auto Updater
Java(TM) 6 Update 18
Learn2 Player (Uninstall Only)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office XP Professional with FrontPage
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
MicroStaff WINASPI
Modem Event Monitor
Modem Helper
Modem On Hold
Mozilla Firefox (3.6.13)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Musicmatch for Windows Media Player
NetZeroInstallers
OmniPage SE
Otto
Pinball Panic
PowerCinema NE for Everio
PowerDirector Express
PowerDVD 5.5
PowerProducer
QuickTime
Qurb
RAW FILE CONVERTER LE
RealPlayer
SBC Self Support Tool
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Sonic Encoders
SUPERAntiSpyware Free Edition
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update Rollup 2 for Windows XP Media Center Edition 2005
Viewpoint Manager (Remove Only)
Viewpoint Media Player
WebFldrs XP
WildTangent Web Driver
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player 11
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
Yahoo! Photos Easy Upload Tool
Yahoo! Photos Print-at-Home Tool
Yahoo! Toolbar
==== Event Viewer Messages From Past Week ========
12/19/2010 9:12:36 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
12/19/2010 9:12:35 PM, error: Service Control Manager [7034] - The WinSock Svchost Manager service terminated unexpectedly. It has done this 1 time(s).
12/19/2010 9:12:35 PM, error: Service Control Manager [7034] - The WinSock Extention Manager service terminated unexpectedly. It has done this 1 time(s).
12/19/2010 9:12:35 PM, error: Service Control Manager [7034] - The CaCCProvSP service terminated unexpectedly. It has done this 1 time(s).
12/19/2010 9:12:34 PM, error: Service Control Manager [7034] - The Cyberlink RichVideo Service(CRVS) service terminated unexpectedly. It has done this 1 time(s).
12/19/2010 9:12:34 PM, error: Service Control Manager [7034] - The CA Common Scheduler Service service terminated unexpectedly. It has done this 1 time(s).
12/19/2010 9:12:33 PM, error: Service Control Manager [7034] - The CAISafe service terminated unexpectedly. It has done this 1 time(s).
12/19/2010 9:12:33 PM, error: Service Control Manager [7034] - The CAAMSvc service terminated unexpectedly. It has done this 1 time(s).
12/19/2010 9:12:32 PM, error: Service Control Manager [7034] - The HIPS Policy Manager service terminated unexpectedly. It has done this 1 time(s).
12/19/2010 9:12:32 PM, error: Service Control Manager [7034] - The HIPS Firewall Helper service terminated unexpectedly. It has done this 1 time(s).
12/19/2010 9:12:32 PM, error: Service Control Manager [7034] - The HIPS Event Manager service terminated unexpectedly. It has done this 1 time(s).
12/19/2010 9:12:32 PM, error: Service Control Manager [7034] - The HIPS Configuration Interpreter service terminated unexpectedly. It has done this 1 time(s).
12/19/2010 9:12:32 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
12/19/2010 9:12:32 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/17/2010 11:06:46 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8024002d: Office XP Service Pack 3.
12/17/2010 11:02:32 AM, error: Dhcp [1002] - The IP address lease 192.168.0.100 for the Network Card with network address 001320B469C1 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
12/16/2010 5:13:08 PM, error: Print [23] - Printer Lexmark 640 Series,0 failed to initialize because a suitable Lexmark 640 Series driver could not be found.
==== End Of File ===========================