Rackman

No infections found. Thanks for all the help.

Rooter.exe (v1.0.2) by Eric_71 . SeDebugPrivilege granted successfully ... . Windows XP . (5.1.2600) Service Pack 3 [32_bits] - x86 Family 6 Model 15 Stepping 11, GenuineIntel . [wscsvc] (Security Center) RUNNING (state:4) [sharedAccess] RUNNING (state:4) Windows Firewall -> Disabled ! . Internet Explorer 8.0.6001.18702 Mozilla Firefox 3.5.5 (en-US) . A:\ [Removable] C:\ [Fixed-NTFS] .. ( Total:138 Go - Free:33 Go ) D:\ [Fixed-NTFS] .. ( Total:279 Go - Free:38 Go ) E:\ [CD_Rom] . Scan : 21:07.42 Path : C:\Documents and Settings\swr\Desktop\HJT\Rooter.exe User : swr ( Administrator -> YES ) . ----------------------\\ Processes . Locked [system Process] (0) ______ System (4) ______ \SystemRoot\System32\smss.exe (764) ______ \??\C:\WINDOWS\system32\csrss.exe (1260) ______ \??\C:\WINDOWS\system32\winlogon.exe (1284) ______ C:\WINDOWS\system32\services.exe (1328) ______ C:\WINDOWS\system32\lsass.exe (1340) ______ C:\WINDOWS\system32\svchost.exe (1508) ______ C:\WINDOWS\system32\svchost.exe (1588) ______ C:\WINDOWS\System32\svchost.exe (1784) ______ C:\WINDOWS\system32\svchost.exe (340) ______ C:\WINDOWS\system32\svchost.exe (432) ______ C:\WINDOWS\system32\spoolsv.exe (592) ______ C:\WINDOWS\Explorer.EXE (984) ______ C:\Program Files\Scansoft\PaperPort\pptd40nt.exe (1132) ______ C:\WINDOWS\system32\taskswitch.exe (1168) ______ C:\Program Files\Analog Devices\Core\smax4pnp.exe (1184) ______ C:\WINDOWS\system32\RUNDLL32.EXE (1224) ______ C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (1228) ______ C:\Program Files\Common Files\Java\Java Update\jusched.exe (1244) ______ C:\WINDOWS\system32\svchost.exe (1768) ______ C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (1840) ______ C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (1860) ______ C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE (1884) ______ C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe (1936) ______ C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (1960) ______ C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe (1996) ______ C:\WINDOWS\system32\nvsvc32.exe (272) ______ C:\Program Files\Raxco\PerfectDisk2008\PDAgent.exe (416) ______ C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe (2260) ______ C:\Program Files\CyberLink\Shared Files\RichVideo.exe (2552) ______ C:\WINDOWS\system32\svchost.exe (3020) ______ C:\WINDOWS\System32\alg.exe (368) ______ C:\Program Files\Raxco\PerfectDisk2008\PDAgentS1.exe (3104) ______ C:\Documents and Settings\swr\Desktop\HJT\Rooter.exe (2468) . ----------------------\\ Device\Harddisk0\ . \Device\Harddisk0 [sectors : 63 x 512 Bytes] . \Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:32256 | Length:148696579584) . ----------------------\\ Scheduled Tasks . C:\WINDOWS\Tasks\desktop.ini C:\WINDOWS\Tasks\SA.DAT . ----------------------\\ Registry . . ----------------------\\ Files & Folders . ----------------------\\ Scan completed at 21:07.46 . C:\Rooter$\Rooter_1.txt - (23/06/2010 | 21:07.46)

Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4224 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 6/22/2010 8:19:14 AM mbam-log-2010-06-22 (08-19-14).txt Scan type: Quick scan Objects scanned: 149772 Time elapsed: 5 minute(s), 15 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) MBAM did not detect any of the items found by Kasperski. I had detected a possible issue with MagicDVDripper in the past and contacted them. Here is their reply. I'm so sorry for this inconvenience. We can guarantee our program is 100% clean. It may be ripper use some resource when running that the anti-spy softwares focus on. Now please use the the following way to try again: 1) close the our program Magic DVD Ripper 2) add ripper to the white list of the anti-spy softwares 3) launch the program again, let us know the result. Best regards, Sam - Customer service representative Magic DVD Software (http://www.magicdvdripper.com) The fresh download showed the same test results.

Java has been updated. Here is the log. -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: scan report Tuesday, June 22, 2010 Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Monday, June 21, 2010 17:44:44 Records in database: 4306235 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: A:\ C:\ D:\ E:\ F:\ Scan statistics: Objects scanned: 270715 Threats found: 4 Infected objects found: 9 Suspicious objects found: 0 Scan duration: 05:24:50 File name / Threat / Threats count C:\Documents and Settings\swr\DoctorWeb\Quarantine\6d1d8a0e-4f6ce360 Infected: Trojan-Downloader.Java.Agent.ak 1 C:\Program Files\MagicDVDRipper\MagicDVDRipper.bad Infected: Trojan.Win32.Cosmu.mjj 1 C:\Program Files\MagicDVDRipper\MagicDVDRipper.exe Infected: Trojan.Win32.Cosmu.mjj 1 C:\Program Files\Scansoft\PaperPort\Visioneer.exe Infected: Backdoor.Win32.Rbot.akpt 1 C:\swr\4 gb thumb drive encr bu\8100.exe Infected: Backdoor.Win32.Rbot.akpt 1 C:\swr\MagicDVD Ripper\MagicDVDRipper432.exe Infected: Trojan.Win32.Cosmu.yhk 1 C:\swr\MagicDVD Ripper\MagicDVDRipper521.exe Infected: Trojan.Win32.Cosmu.mjj 1 C:\swr\Malware\MagicDVDRipper.exe Infected: Trojan.Win32.Cosmu.mjj 1 D:\Data traveler bu\8100.exe Infected: Backdoor.Win32.Rbot.akpt 1 Selected area has been scanned.

Here are the log files: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4208 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 6/17/2010 6:54:39 AM mbam-log-2010-06-17 (06-54-39).txt Scan type: Quick scan Objects scanned: 144027 Time elapsed: 5 minute(s), 29 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) {DDE19280-9D20-40A9-9954-7095B86018F6}.qbd\data001;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup\{BA1E01D7-726;Trojan.Loader.553;; {DDE19280-9D20-40A9-9954-7095B86018F6}.qbd;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup\{BA1E01D7-726;Container contains infected objects;Moved.; {71A531FD-B483-4085-A686-9C5E91087CDD}.qbd\data001;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup\{E93D7502-BB3;Trojan.Fakealert.15118;; {71A531FD-B483-4085-A686-9C5E91087CDD}.qbd;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup\{E93D7502-BB3;Container contains infected objects;Moved.; RegUBP2b-swr.reg;C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2;Trojan.StartPage.1505;Deleted.; tcpip.sys.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers;BackDoor.Tdss.2459;Cured.; A0010351.ocx;C:\System Volume Information\_restore{0BB774D2-63FA-4136-8A31-36D5B66C7E00}\RP56;Adware.Coupons.34;Incurable.Moved.; A0010371.reg;C:\System Volume Information\_restore{0BB774D2-63FA-4136-8A31-36D5B66C7E00}\RP56;Trojan.StartPage.1505;Deleted.; A0010372.exe;C:\System Volume Information\_restore{0BB774D2-63FA-4136-8A31-36D5B66C7E00}\RP56;Trojan.Fakealert.11681;Incurable.Moved.; A0010373.exe;C:\System Volume Information\_restore{0BB774D2-63FA-4136-8A31-36D5B66C7E00}\RP56;Trojan.Fakealert.11681;Incurable.Moved.; CouponPrinter.ocx;C:\WINDOWS;Adware.Coupons.34;Incurable.Moved.; A0010374.exe\data273;D:\System Volume Information\_restore{0BB774D2-63FA-4136-8A31-36D5B66C7E00}\RP56\A0010374.exe;Program.SrvAny;; A0010374.exe\data278;D:\System Volume Information\_restore{0BB774D2-63FA-4136-8A31-36D5B66C7E00}\RP56\A0010374.exe;Tool.InstSrv;; A0010374.exe\data295;D:\System Volume Information\_restore{0BB774D2-63FA-4136-8A31-36D5B66C7E00}\RP56\A0010374.exe;Program.SrvAny;; A0010374.exe;D:\System Volume Information\_restore{0BB774D2-63FA-4136-8A31-36D5B66C7E00}\RP56;Container contains infected objects;Moved.; A0010375.exe;D:\System Volume Information\_restore{0BB774D2-63FA-4136-8A31-36D5B66C7E00}\RP56;Trojan.Fakealert.11681;Incurable.Moved.; Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 5:52:48 AM, on 6/21/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Scansoft\PaperPort\pptd40nt.exe C:\Program Files\Visioneer OneTouch\OneTouchMon.exe C:\WINDOWS\system32\taskswitch.exe C:\Program Files\Logitech\Gaming Software\LWEMon.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Palm\Hotsync.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Raxco\PerfectDisk2008\PDAgent.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe C:\Program Files\Raxco\PerfectDisk2008\PDEngine.exe C:\Program Files\Raxco\PerfectDisk2008\PDAgentS1.exe C:\Program Files\Raxco\PerfectDisk2008\PerfectDisk.exe C:\Documents and Settings\swr\Desktop\HJT\HiJackThis.exe C:\WINDOWS\system32\wuauclt.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555 O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\IPSBHO.DLL O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\coIEPlg.dll O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [indexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe O4 - HKLM\..\Run: [start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O15 - Trusted Zone: http://home.aurorabankfsb.com O15 - Trusted Zone: http://remote.aurorabankfsb.com O15 - Trusted Zone: http://www.aurorabankfsb.com O15 - Trusted Zone: www.select2perform.com O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/...can8/oscan8.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6087.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1237131535109 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1258154378171 O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab O16 - DPF: {BAC16126-1812-41A1-AD18-66B3FC8DFEDA} (PPM WordModule) - https://fdicdrr.policytech.com/includes/obj.../WordModule.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photo...ol/MSNPUpld.cab O16 - DPF: {EBE67253-D4EA-11D3-845A-00500483D287} (ImageViewer Class) - file://E:\vwr_data\dcm_vwr.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...015/mcfscan.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\coIEPlg.dll O20 - Winlogon Notify: khfFXpqn - Invalid registry found O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PDAgent.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PDEngine.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- End of file - 11486 bytes Results of screen317's Security Check version 0.99.4 Windows XP Service Pack 3 Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Disabled! Antivirus up to date! ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware Java SE Runtime Environment 6 Adobe Flash Player Mozilla Firefox (3.5.5) Firefox Out of Date! ```````````````````````````````` Process Check: objlist.exe by Laurent Norton ccSvcHst.exe ```````````````````````````````` DNS Vulnerability Check: GREAT! (Not vulnerable to DNS cache poisoning) ``````````End of Log````````````

Bit torrent has been removed. My problem is resolved. Thank you Here is the combofix log ComboFix 10-06-18.03 - swr 06/19/2010 0:49.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1644 [GMT -6:00] Running from: c:\documents and settings\swr\Desktop\Combo-Fix.exe AV: Norton Security Suite *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton Security Suite *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\swr\Local Settings\Application Data\Windows Server c:\documents and settings\swr\Local Settings\Application Data\Windows Server\flags.ini c:\documents and settings\swr\Local Settings\Application Data\Windows Server\uses32.dat C:\feed.txt c:\windows\system32\GroupPolicy\User\Scripts\scripts.ini c:\windows\system32\Ijl11.dll c:\windows\wiaserviv.log Infected copy of c:\windows\system32\drivers\tcpip.sys was found and disinfected Restored copy from - Kitty had a snack . ((((((((((((((((((((((((( Files Created from 2010-05-19 to 2010-06-19 ))))))))))))))))))))))))))))))) . 2010-06-18 22:17 . 2010-06-18 22:18 -------- d-----w- c:\program files\ERUNT 2010-06-11 17:56 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll 2010-05-24 04:26 . 2010-05-24 04:26 -------- d-----w- c:\documents and settings\swr\Application Data\Windows Search . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-06-17 12:04 . 2010-05-12 17:22 -------- d-----w- c:\program files\Windows Desktop Search 2010-06-16 13:21 . 2010-03-18 23:13 -------- d-----w- c:\documents and settings\swr\Application Data\Wireshark 2010-06-14 16:37 . 2009-09-23 21:44 -------- d-----w- c:\program files\Coupons 2010-06-11 20:31 . 2010-05-12 16:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-06-06 23:50 . 2008-11-23 01:50 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-06-05 01:09 . 2010-04-04 15:05 -------- d-----w- c:\program files\Microsoft Silverlight 2010-06-01 02:05 . 2008-01-26 16:54 -------- d-----w- c:\documents and settings\All Users\Application Data\pdf995 2010-05-19 00:51 . 2008-01-26 16:45 -------- d-----w- c:\documents and settings\swr\Application Data\Passlogix 2010-05-17 03:43 . 2010-05-17 03:43 -------- d-----w- c:\program files\American Systems 2010-05-14 18:41 . 2008-05-20 01:05 73504 ----a-w- c:\documents and settings\swr\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-05-14 16:05 . 2010-05-12 16:54 -------- d-----w- c:\program files\Microsoft Works 2010-05-12 17:28 . 2010-05-12 17:28 10134 ----a-r- c:\documents and settings\swr\Application Data\Microsoft\Installer\{616A66CD-D36D-4E24-8B67-33AFDFF48061}\ARPPRODUCTICON.exe 2010-05-12 17:27 . 2010-05-12 17:27 -------- d-----w- c:\program files\Palm Inc 2010-05-12 17:27 . 2009-02-01 01:10 -------- d-----w- c:\program files\Palm 2010-05-12 17:26 . 2009-01-25 19:33 -------- d-----w- c:\program files\Lavasoft 2010-05-12 16:54 . 2010-02-10 02:07 -------- d-----w- c:\program files\MSBuild 2010-05-12 16:53 . 2010-05-12 16:53 -------- d-----w- c:\program files\Microsoft.NET 2010-05-12 16:51 . 2010-05-12 16:51 -------- d-----w- c:\program files\Microsoft Visual Studio 8 2010-05-07 13:44 . 2008-11-16 19:17 -------- d-----w- c:\program files\Spybot - Search & Destroy 2010-05-07 13:44 . 2008-11-16 19:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2010-05-06 10:41 . 2004-08-04 02:07 916480 ----a-w- c:\windows\system32\wininet.dll 2010-05-02 17:55 . 2008-04-07 22:50 -------- d-----w- c:\documents and settings\swr\Application Data\TaxCut 2010-05-02 05:22 . 2004-08-04 02:07 1851264 ----a-w- c:\windows\system32\win32k.sys 2010-05-02 00:42 . 2010-05-02 00:42 -------- d-----w- c:\program files\Sony 2010-05-02 00:42 . 2008-01-12 03:59 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-05-01 09:21 . 2010-03-24 04:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-04-29 21:39 . 2010-03-24 04:49 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 21:39 . 2010-03-24 04:49 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-21 17:35 . 2008-11-16 19:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2010-04-21 17:18 . 2010-04-21 17:17 -------- d-----w- c:\program files\WingDir 2010-04-21 17:17 . 2010-04-21 17:17 249856 ------w- c:\windows\Setup1.exe 2010-04-21 17:17 . 2010-04-21 17:17 73216 ----a-w- c:\windows\ST6UNST.EXE 2010-04-21 17:05 . 2008-01-26 16:42 -------- d-----w- c:\program files\MagicDVDRipper 2010-04-20 05:30 . 2004-08-04 02:07 285696 ----a-w- c:\windows\system32\atmfd.dll 2010-03-25 20:27 . 2010-03-25 20:27 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL 2010-03-25 20:27 . 2010-03-25 20:27 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2010-03-25 20:27 . 2010-03-25 23:21 482432 ----a-w- c:\windows\system32\drivers\cchpx86.sys 2010-03-25 20:27 . 2010-03-25 23:21 43696 ----a-w- c:\windows\system32\drivers\srtspx.sys 2010-03-25 20:27 . 2010-03-25 23:21 310320 ----a-w- c:\windows\system32\drivers\SymEFA.sys 2010-03-25 20:27 . 2010-03-25 23:21 217136 ----a-w- c:\windows\system32\drivers\symtdi.sys 2010-03-25 20:27 . 2010-03-25 23:21 259632 ----a-w- c:\windows\system32\drivers\BHDrvx86.sys 2010-03-25 20:27 . 2010-03-25 20:27 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys 2010-03-25 20:27 . 2008-10-30 01:41 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys 2010-03-25 20:27 . 2008-10-30 01:41 107368 ----a-r- c:\windows\system32\GEARAspi.dll 2010-03-25 01:04 . 2010-03-25 01:04 21195208 ----a-w- c:\documents and settings\All Users\Application Data\TaxCut\2009\Update\US65016901xupd.exe 2010-03-24 08:22 . 2008-01-12 05:28 4212 ---ha-w- c:\windows\system32\zllictbl.dat 2010-03-24 08:10 . 2008-11-17 00:57 8 ----a-w- c:\windows\system32\nvModes.dat 2010-03-23 20:05 . 2010-03-23 20:05 760 ----a-w- C:\error.reg 2009-09-14 02:59 . 2009-09-14 02:59 1309413 ----a-w- c:\program files\NetMeeting.zip 2009-08-28 18:55 . 2009-08-28 18:55 524667454 ----a-w- c:\program files\SkillSoft.zip 2008-08-16 23:42 . 2008-08-16 23:42 13112 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll 2008-08-16 23:42 . 2008-08-16 23:42 70456 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll 2008-08-16 23:42 . 2008-08-16 23:42 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll 2008-08-16 23:42 . 2008-08-16 23:42 20800 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll 2008-08-16 23:43 . 2008-08-16 23:43 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll 2008-08-16 23:42 . 2008-08-16 23:42 31032 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll 2008-08-16 23:42 . 2008-08-16 23:42 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll 2008-05-21 14:41 . 2008-05-21 14:41 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll 2008-05-21 14:41 . 2008-05-21 14:41 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll 2008-05-21 14:41 . 2008-05-21 14:41 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll 2008-06-05 19:58 . 2008-06-05 19:58 648504 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll 2008-08-16 23:42 . 2008-08-16 23:42 23864 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-03-21 1953792] "PaperPort PTD"="c:\program files\Scansoft\PaperPort\pptd40nt.exe" [2002-09-23 45108] "IndexSearch"="c:\program files\Scansoft\PaperPort\IndexSearch.exe" [2002-09-23 36864] "OneTouch Monitor"="c:\program files\Visioneer OneTouch\OneTouchMon.exe" [2003-07-30 98304] "CoolSwitch"="c:\windows\system32\taskswitch.exe" [2002-03-20 45632] "Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 88584] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-09 8527872] "nwiz"="nwiz.exe" [2007-10-09 1626112] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-09 81920] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] c:\documents and settings\swr\Start Menu\Programs\Startup\ ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912] c:\documents and settings\All Users\Start Menu\Programs\Startup\ HOTSYNCSHORTCUTNAME.lnk - c:\program files\Palm\Hotsync.exe [2004-6-9 471040] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk * [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys] @="FSFilter Activity Monitor" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= R0 AACMgt;AACMgt;c:\windows\system32\drivers\aacmgt.sys [9/3/2006 2:18 AM 93591] R0 aarsi3x;aarsi3x;c:\windows\system32\drivers\aarsi3x.sys [11/11/2004 7:09 PM 197120] R0 hpt374;hpt374;c:\windows\system32\drivers\hpt374.sys [2/2/2008 11:27 AM 133760] R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [3/17/2010 12:41 PM 28552] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308000.029\SymEFA.sys [3/25/2010 5:21 PM 310320] R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\N360\0308000.029\BHDrvx86.sys [3/25/2010 5:21 PM 259632] R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0308000.029\cchpx86.sys [3/25/2010 5:21 PM 482432] R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100617.005\IDSXpx86.sys [6/19/2010 12:33 AM 331640] R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe [3/25/2010 5:20 PM 117640] R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [1/26/2008 10:49 AM 14976] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/26/2010 2:00 AM 102448] S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2/25/2009 7:08 PM 19712] S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2/25/2009 7:08 PM 8320] S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2/9/2010 7:52 PM 42752] S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2/9/2010 8:17 PM 23936] S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [10/20/2009 12:19 PM 50704] S3 P0630VID;Creative WebCam Live!;c:\windows\system32\drivers\P0630Vid.sys [10/26/2008 2:54 PM 91841] . Contents of the 'Scheduled Tasks' folder . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyServer = http=127.0.0.1:5555 uInternet Settings,ProxyOverride = <local> IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Trusted Zone: aurorabankfsb.com\home Trusted Zone: aurorabankfsb.com\remote Trusted Zone: aurorabankfsb.com\www Trusted Zone: select2perform.com\www Trusted Zone: usps.gov\webvpn DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab DPF: {BAC16126-1812-41A1-AD18-66B3FC8DFEDA} - hxxps://fdicdrr.policytech.com/includes/objects/WordModule.cab DPF: {EBE67253-D4EA-11D3-845A-00500483D287} - file://e:\vwr_data\dcm_vwr.cab FF - ProfilePath - c:\documents and settings\swr\Application Data\Mozilla\Firefox\Profiles\5w6orxtl.default\ FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . - - - - ORPHANS REMOVED - - - - Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) Notify-khfFXpqn - khfFXpqn.dll ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-06-19 00:54 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\N360] "ImagePath"="\"c:\program files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\3.8.0.41\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-448539723-861567501-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'lsass.exe'(1368) c:\windows\system32\relog_ap.dll . Completion time: 2010-06-19 00:55:51 ComboFix-quarantined-files.txt 2010-06-19 06:55 Pre-Run: 33,112,137,728 bytes free Post-Run: 33,058,115,584 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - 0742EF99C8669971F5A501BAB17CE73B

My system keeps accessing the some of the following sites per wireshark. I then receive messages from Symantec that an attack from the site was blocked. 01n02n4cx00.cc 19js810300z.com 30xc1cjh91.com 7gafd33ja90a.com j00k877x.cc lj1i16b0.com m01n83kjf7.com n16fa53.com n1mo661s6cx0.com zz87jhfda88.com www1.softhelper10.com 91.212.226.59 91.212.226.67 I have blocked these sites via the hosts file DDS (Ver_10-03-17.01) - NTFSx86 Run by swr at 7:27:32.18 on Thu 06/17/2010 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1403 [GMT -6:00] AV: Norton Security Suite *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton Security Suite *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Scansoft\PaperPort\pptd40nt.exe C:\WINDOWS\system32\taskswitch.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe svchost.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\cisvc.exe C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Raxco\PerfectDisk2008\PDAgent.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe C:\Temp\Hijackthis\DDS\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyServer = http=127.0.0.1:5555 uInternet Settings,ProxyOverride = <local> mURLSearchHooks: H - No File mWinlogon: Userinit=c:\windows\system32\Userinit.exe BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\3.8.0.41\coIEPlg.dll BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\3.8.0.41\IPSBHO.DLL BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\3.8.0.41\coIEPlg.dll TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File TB: ZoneAlarm Toolbar: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - EB: &Discuss: {bdeade7f-c265-11d0-bced-00a0c90ab50f} - shdocvw.dll uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe mRun: [soundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray mRun: [36X Raid Configurer] c:\windows\system32\xRaidSetup.exe boot mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe mRun: [indexSearch] c:\program files\scansoft\paperport\IndexSearch.exe mRun: [OneTouch Monitor] c:\program files\visioneer onetouch\OneTouchMon.exe mRun: [CoolSwitch] c:\windows\system32\taskswitch.exe mRun: [start WingMan Profiler] c:\program files\logitech\gaming software\LWEMon.exe /noui mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /install mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [userFaultCheck] %systemroot%\system32\dumprep 0 -u StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palm\Hotsync.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\ssv.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll Trusted Zone: aurorabankfsb.com\home Trusted Zone: aurorabankfsb.com\remote Trusted Zone: aurorabankfsb.com\www Trusted Zone: select2perform.com\www Trusted Zone: usps.gov\webvpn DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab DPF: {32505657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1237131535109 DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1258154378171 DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab DPF: {BAC16126-1812-41A1-AD18-66B3FC8DFEDA} - hxxps://fdicdrr.policytech.com/includes/objects/WordModule.cab DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab DPF: {EBE67253-D4EA-11D3-845A-00500483D287} - file://e:\vwr_data\dcm_vwr.cab DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/3,0,0,6015/mcfscan.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton security suite\engine\3.8.0.41\CoIEPlg.dll Notify: khfFXpqn - khfFXpqn.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll LSA: Authentication Packages = msv1_0 relog_ap Hosts: 127.0.0.1 www.spywareinfo.com ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\swr\applic~1\mozilla\firefox\profiles\5w6orxtl.default\ FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll FF - plugin: c:\program files\java\jre1.6.0\bin\npjava11.dll FF - plugin: c:\program files\java\jre1.6.0\bin\npjava12.dll FF - plugin: c:\program files\java\jre1.6.0\bin\npjava13.dll FF - plugin: c:\program files\java\jre1.6.0\bin\npjava14.dll FF - plugin: c:\program files\java\jre1.6.0\bin\npjava32.dll FF - plugin: c:\program files\java\jre1.6.0\bin\npjpi160.dll FF - plugin: c:\program files\java\jre1.6.0\bin\npoji610.dll FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); ============= SERVICES / DRIVERS =============== R0 AACMgt;AACMgt;c:\windows\system32\drivers\aacmgt.sys [2006-9-3 93591] R0 aarsi3x;aarsi3x;c:\windows\system32\drivers\aarsi3x.sys [2004-11-11 197120] R0 hpt374;hpt374;c:\windows\system32\drivers\hpt374.sys [2008-2-2 133760] R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-3-17 28552] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0308000.029\SymEFA.sys [2010-3-25 310320] R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\n360\0308000.029\BHDrvx86.sys [2010-3-25 259632] R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0308000.029\cchpx86.sys [2010-3-25 482432] R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20100604.004\IDSXpx86.sys [2010-6-8 331640] R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\3.8.0.41\ccSvcHst.exe [2010-3-25 117640] R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [2008-1-26 14976] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-5-26 102448] R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100616.039\NAVENG.SYS [2010-6-17 85552] R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100616.039\NAVEX15.SYS [2010-6-17 1347504] S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2009-2-25 19712] S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2009-2-25 8320] S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2010-2-9 42752] S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2010-2-9 23936] S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704] S3 P0630VID;Creative WebCam Live!;c:\windows\system32\drivers\P0630Vid.sys [2008-10-26 91841] =============== Created Last 30 ================ 2010-06-17 12:51:18 0 ----a-w- c:\documents and settings\swr\defogger_reenable 2010-06-16 17:08:34 0 d-----w- c:\temp\Hijackthis 2010-06-11 17:56:14 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll 2010-06-06 23:43:14 11366400 ----a-w- c:\documents and settings\swr\s-1-5-21-448539723-861567501-839522115-1003.rrr 2010-05-24 04:26:53 0 d-----w- c:\docume~1\swr\applic~1\Windows Search ==================== Find3M ==================== 2010-05-12 01:45:32 24152 ----a-w- c:\docume~1\swr\applic~1\GDIPFONTCACHEV1.DAT 2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll 2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys 2010-04-29 21:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 21:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-21 17:17:51 249856 ------w- c:\windows\Setup1.exe 2010-04-21 17:17:49 73216 ----a-w- c:\windows\ST6UNST.EXE 2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll 2010-03-25 20:27:06 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL 2010-03-25 20:27:00 107368 ----a-r- c:\windows\system32\GEARAspi.dll 2010-03-24 08:22:15 4212 ---ha-w- c:\windows\system32\zllictbl.dat 2010-03-23 20:05:44 760 ----a-w- C:\error.reg 2009-09-14 02:59:07 1309413 ----a-w- c:\program files\NetMeeting.zip 2009-08-28 18:55:20 524667454 ----a-w- c:\program files\SkillSoft.zip 2006-06-23 06:48:54 32768 ----a-r- c:\windows\inf\UpdateUSB.exe 2003-07-28 13:16:52 36864 ----a-w- c:\windows\inf\i386\Vizmicro.dll 2003-07-28 13:16:26 172032 ----a-w- c:\windows\inf\i386\viceo.dll 2003-07-28 13:01:10 36207 ----a-w- c:\windows\inf\i386\9320FW.bin 2003-07-28 13:01:10 274432 ----a-w- c:\windows\inf\i386\9320LLD.dll 2003-07-28 13:01:10 155648 ----a-w- c:\windows\inf\i386\rtscan.dll 2001-08-04 01:29:18 13824 ----a-w- c:\windows\inf\i386\Usbscan.sys 2010-02-19 01:02:33 16384 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat ============= FINISH: 7:28:44.14 =============== GMER log GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-06-18 03:08:44 Windows 5.1.2600 Service Pack 3 Running: ji91h61p.exe; Driver: C:\DOCUME~1\swr\LOCALS~1\Temp\kxtdqpow.sys ---- System - GMER 1.0.15 ---- SSDT 89C4AD80 ZwAlertResumeThread SSDT 89C4C4A8 ZwAlertThread SSDT 89D55B58 ZwAllocateVirtualMemory SSDT 89C22628 ZwAssignProcessToJobObject SSDT 89E053F8 ZwConnectPort SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xA9EE9130] SSDT 8A055EA8 ZwCreateMutant SSDT 89AEADD8 ZwCreateSymbolicLinkObject SSDT 89E8AFB0 ZwCreateThread SSDT 89C42D80 ZwDebugActiveProcess SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xA9EE93B0] SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xA9EE9910] SSDT 8A059D28 ZwDuplicateObject SSDT 89DAE9D0 ZwFreeVirtualMemory SSDT 89C2BA88 ZwImpersonateAnonymousToken SSDT 89C59D80 ZwImpersonateThread SSDT 89E51DC0 ZwLoadDriver SSDT 89C1A770 ZwMapViewOfSection SSDT 89CA9D58 ZwOpenEvent SSDT 89C93E88 ZwOpenProcess SSDT 89C12D80 ZwOpenProcessToken SSDT 89C35368 ZwOpenSection SSDT 89BF32D8 ZwOpenThread SSDT 89AEAE68 ZwProtectVirtualMemory SSDT 89BB4B08 ZwResumeThread SSDT 89BD1628 ZwSetContextThread SSDT 8A04F2F8 ZwSetInformationProcess SSDT 89C276F8 ZwSetSystemInformation SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xA9EE9B60] SSDT 89C9C8C8 ZwSuspendProcess SSDT 89BD32C0 ZwSuspendThread SSDT 89BD97A8 ZwTerminateProcess SSDT 89C163C0 ZwTerminateThread SSDT 89C34D80 ZwUnmapViewOfSection SSDT 89CC7658 ZwWriteVirtualMemory ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2D1C 805045B8 4 Bytes JMP 12CECF97 ? SYMEFA.SYS The system cannot find the file specified. ! .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB8DCB380, 0x33F867, 0xE8000020] init C:\WINDOWS\system32\drivers\Senfilt.sys entry point in "init" section [0xB008CA00] ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\Explorer.EXE[1020] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B7000A .text C:\WINDOWS\Explorer.EXE[1020] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00C1000A .text C:\WINDOWS\Explorer.EXE[1020] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B6000C .text C:\WINDOWS\System32\svchost.exe[1800] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 009A000A .text C:\WINDOWS\System32\svchost.exe[1800] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 009B000A .text C:\WINDOWS\System32\svchost.exe[1800] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0099000C .text C:\WINDOWS\System32\svchost.exe[1800] ole32.dll!CoCreateInstance 7750057E 3 Bytes JMP 00DC000A .text C:\WINDOWS\System32\svchost.exe[1800] ole32.dll!CoCreateInstance + 4 77500582 1 Byte [89] ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) ---- Files - GMER 1.0.15 ---- File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0Z386EX2\bullet[1] 0 bytes ---- EOF - GMER 1.0.15 ---- Attach.txt UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_10-03-17.01) Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume2 Install Date: 1/11/2008 8:30:51 PM System Uptime: 6/17/2010 7:25:40 AM (0 hours ago) Motherboard: ASUSTeK Computer INC. | | P5E3 Deluxe Processor: Intel® Core2 Duo CPU E6750 @ 2.66GHz | LGA775 | 2666/333mhz ==== Disk Partitions ========================= A: is Removable C: is FIXED (NTFS) - 138 GiB total, 30.866 GiB free. D: is FIXED (NTFS) - 279 GiB total, 38.589 GiB free. E: is CDROM () ==== Disabled Device Manager Items ============= Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318} Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard Device ID: ACPI\PNP0303\4&B6AFFD&0 Manufacturer: (Standard keyboards) Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard PNP Device ID: ACPI\PNP0303\4&B6AFFD&0 Service: i8042prt ==== System Restore Points =================== RP1: 5/1/2010 2:59:18 AM - System Checkpoint RP2: 5/1/2010 6:42:16 PM - Installed Sony Recorder Driver RP3: 5/2/2010 7:40:59 PM - System Checkpoint RP4: 5/3/2010 7:50:57 PM - System Checkpoint RP5: 5/4/2010 8:50:56 PM - System Checkpoint RP6: 5/5/2010 11:31:42 PM - System Checkpoint RP7: 5/7/2010 12:02:53 AM - System Checkpoint RP8: 5/8/2010 12:30:05 PM - System Checkpoint RP9: 5/9/2010 1:15:27 PM - System Checkpoint RP10: 5/10/2010 3:03:12 PM - System Checkpoint RP11: 5/11/2010 3:14:23 PM - System Checkpoint RP12: 5/12/2010 9:27:22 AM - Software Distribution Service 3.0 RP13: 5/12/2010 10:48:17 AM - Installed Microsoft Office Enterprise 2007 RP14: 5/12/2010 10:55:45 AM - Printer Driver Send To Microsoft OneNote Driver Installed RP15: 5/12/2010 11:21:47 AM - Installed Windows XP KB915800-v4. RP16: 5/12/2010 11:21:59 AM - Installed Windows XP Windows Search 4.0. RP17: 5/12/2010 11:26:31 AM - Removed Ad-Aware Email Scanner for Outlook RP18: 5/12/2010 11:27:58 AM - Installed Palm Outlook Conduits Updater. RP19: 5/12/2010 10:22:06 PM - Software Distribution Service 3.0 RP20: 5/13/2010 10:42:13 PM - System Checkpoint RP21: 5/14/2010 9:58:53 AM - Software Distribution Service 3.0 RP22: 5/14/2010 10:06:48 AM - Printer Driver Send To Microsoft OneNote Driver Installed RP23: 5/14/2010 11:05:29 AM - Software Distribution Service 3.0 RP24: 5/14/2010 11:09:29 AM - Software Distribution Service 3.0 RP25: 5/16/2010 10:20:24 AM - System Checkpoint RP26: 5/17/2010 10:20:43 AM - System Checkpoint RP27: 5/18/2010 10:48:25 AM - System Checkpoint RP28: 5/19/2010 11:05:13 AM - System Checkpoint RP29: 5/20/2010 12:40:15 PM - System Checkpoint RP30: 5/21/2010 1:36:51 PM - System Checkpoint RP31: 5/22/2010 1:58:02 PM - System Checkpoint RP32: 5/23/2010 3:54:00 PM - System Checkpoint RP33: 5/24/2010 11:33:28 PM - System Checkpoint RP34: 5/26/2010 12:20:54 AM - System Checkpoint RP35: 5/27/2010 12:36:31 AM - Software Distribution Service 3.0 RP36: 5/28/2010 12:49:06 PM - System Checkpoint RP37: 5/29/2010 2:35:55 PM - System Checkpoint RP38: 5/30/2010 5:55:34 PM - System Checkpoint RP39: 5/31/2010 6:06:01 PM - System Checkpoint RP40: 6/1/2010 6:39:45 PM - System Checkpoint RP41: 6/2/2010 8:16:21 PM - System Checkpoint RP42: 6/4/2010 10:23:05 AM - Software Distribution Service 3.0 RP43: 6/5/2010 11:13:21 AM - System Checkpoint RP44: 6/6/2010 6:42:17 PM - System Checkpoint RP45: 6/7/2010 6:58:27 PM - System Checkpoint RP46: 6/9/2010 8:43:19 AM - System Checkpoint RP47: 6/11/2010 12:36:17 PM - System Checkpoint RP48: 6/11/2010 2:23:10 PM - Software Distribution Service 3.0 RP49: 6/12/2010 2:39:49 PM - System Checkpoint RP50: 6/13/2010 7:13:01 PM - System Checkpoint RP51: 6/15/2010 8:51:11 AM - System Checkpoint RP52: 6/16/2010 8:57:04 AM - System Checkpoint ==== Installed Programs ====================== 2007 Microsoft Office Suite Service Pack 2 (SP2) Acronis