Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Various malware


  • This topic is locked This topic is locked
38 replies to this topic

#1 thrillhouse

thrillhouse

  • Members
  • 1,040 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Va
  • Local time:06:19 AM

Posted 25 June 2010 - 10:41 PM

This is an old computer, a Dell Dimension 4550 desktop, windows xp sp3. It lost the ability to recieve packets from any network device but in safe mode they worked.

Originally the computer had Symantec Antivirus Version 10 but it hadn't been updated in a month because liveupdate, which was thought to have been updating, wasn't working and it didn't display a warning until 30 days.

I removed Symantec and tried spyware doctor and it found:

adware.TV_Media_display
adware.Advertising
rogueAntiSpyware.Spy-Shredder
adware.Incredifind

Then I told it to fix them and it said it did. But, I am running a Panda Scan and it has found 59 infections and is only 32% done. So I figured I need some serious help.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:54:28 PM, on 6/25/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox 3 Beta 5\firefox.exe
C:\Documents and Settings\Hedy\Desktop\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://onlineservices.wachovia.com/NASApp/...tion=returnHome
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=10.0.0.18:21;gopher=10.0.0.18:21;http=10.0.0.18:6588;https=10.0.0.18:6588;socks=10.0.0.18:1080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [BS Player] BSPLAYER.EXE
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1125526674\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Watcher-WatchDog] C:\WINDOWS\system32\Wnex7DO.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{35AA8AB9-48FC-4CF4-86BB-6C361C03A8B5}: NameServer = 10.0.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{35AA8AB9-48FC-4CF4-86BB-6C361C03A8B5}: NameServer = 10.0.0.1
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

--
End of file - 7744 bytes


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:19 AM

Posted 25 June 2010 - 10:44 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  1. Do not run any other tool untill instructed to do so!
  2. Do not Attach logs unless I ask you to.
  3. Tell me about any problems that have occurred during the fix.
  4. Tell me of any other symptoms you may be having as these can help also.
  5. Do not run anything while running a fix.
  6. Do not run any other tool untill instructed to do so!


In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

Note** If you are having problems posting the complete log into this thread upload them here http://www.rapidshare.com/ and post the links in this thread

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

I would like to get a better look at your system, please do the following so I can get some more detailed logs.


DeFogger:
    Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
    • The application window will appear
    • Click the Disable button to disable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger may ask you to reboot the machine, if it does - click OK
    Do not re-enable these drivers until otherwise instructed.
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Download DDS:
    Please download DDS by sUBs from one of the links below and save it to your desktop:


    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.
    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
      • DDS.txt
      • Attach.txt
    • A window will open instructing you save & post the logs
    • Save the logs to a convenient place such as your desktop
    • Copy the contents of both logs & post in your next reply

Scan With RKUnHooker
  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


information and logs:
    In your next post I need the following
      1.logs from DDS
      2.RKUnHooker
      3.let me know of any problems you may have had

Gringo



I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 thrillhouse

thrillhouse
  • Topic Starter

  • Members
  • 1,040 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Va
  • Local time:06:19 AM

Posted 25 June 2010 - 11:06 PM

Thanks for your very fast response. I appreciate help.



defogger_disable by jpshortstuff (23.02.10.1)
Log created at 00:07 on 26/06/2010 (Hedy)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
a347bus -> Disabled (Service running -> reboot required)
a347scsi -> Disabled (Service running -> reboot required)
Unable to read atapi.sys


-=E.O.F=-


DDS (Ver_10-03-17.01) - NTFSx86 NETWORK
Run by Hedy at 0:13:53.65 on Sat 06/26/2010
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.360 [GMT -4:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Outdated) {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Hedy\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = https://onlineservices.wachovia.com/NASApp/...tion=returnHome
uDefault_Page_URL = hxxp://www.dellnet.com/
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://www.dellnet.com/
uInternet Settings,ProxyServer = ftp=10.0.0.18:21;gopher=10.0.0.18:21;http=10.0.0.18:6588;https=10.0.0.18:6588;socks=10.0.0.18:1080
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: : {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {fdd3b846-8d59-4ffb-8758-209b6ad74acc} - c:\program files\microsoft money\system\mnyviewer.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: AIM Search: {40d41a8b-d79b-43d7-99a7-9ee0f344c385} - c:\program files\aim toolbar\AIMBar.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [updateMgr] c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe AcRdB7_1_0
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\NPSWF32_FlashUtil.exe -p
mRun: [Share-to-Web Namespace Daemon] c:\program files\hewlett-packard\hp share-to-web\hpgs2wnd.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [MoneyStartUp10.0] "c:\program files\microsoft money\system\Activation.exe"
mRun: [mmtask] c:\program files\musicmatch\musicmatch jukebox\mmtask.exe
mRun: [DVDSentry] c:\windows\system32\DSentry.exe
mRun: [BS Player] BSPLAYER.EXE
mRun: [AdaptecDirectCD] "c:\program files\roxio\easy cd creator 5\directcd\DirectCD.exe"
mRun: [HostManager] c:\program files\common files\aol\1125526674\ee\AOLHostManager.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Watcher-WatchDog] c:\windows\system32\Wnex7DO.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
dRun: [ALUAlert] c:\program files\symantec\liveupdate\ALUNotify.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111v2\WG111v2.exe
IE: &AIM Search - c:\program files\aim toolbar\AIMBar.dll/aimsearch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim95\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} c:\program files\partygaming\partypoker\runapp.exe - c:\program files\partygaming\partypoker\runapp.exe\inprocserver32 does not exist!
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {301DA1EE-F65C-4188-A417-9E915CC8FBFA} - c:\program files\microsoft money\system\mnyviewer.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} - hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} - hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - hxxps://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - hxxp://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: {35AA8AB9-48FC-4CF4-86BB-6C361C03A8B5} = 10.0.0.1
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\hedy\applic~1\mozilla\firefox\profiles\pce9ufgb.default\
FF - prefs.js: browser.startup.homepage - hxxps://onlineservices.wachovia.com/NASApp/perimeterauthentication/PerimeterServlet?action=presentLogin&url=%2FNASApp%2FNavApp%2FTitanium%3faction=returnHome
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

============= SERVICES / DRIVERS ===============

R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2006-3-27 167808]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-6-25 28552]
S2 Iprip;RIP Listener;c:\windows\system32\svchost.exe -k netsvcs [2002-8-29 14336]
S3 EraserUtilDrvI9;EraserUtilDrvI9;\??\c:\program files\common files\symantec shared\eengine\eraserutildrvi9.sys --> c:\program files\common files\symantec shared\eengine\EraserUtilDrvI9.sys [?]
S3 PTDMBus;PANTECH USB Modem Composite Device Driver ;c:\windows\system32\drivers\PTDMBus.sys [2008-8-28 29952]
S3 PTDMMdm;PANTECH USB Modem Drivers ;c:\windows\system32\drivers\PTDMMdm.sys [2008-8-28 41856]
S3 PTDMVsp;PANTECH USB Modem Serial Port ;c:\windows\system32\drivers\PTDMVsp.sys [2008-8-28 39936]
S3 PTDMWWAN;PANTECH USB Modem WWAN Driver;c:\windows\system32\drivers\PTDMWWAN.sys [2008-8-28 59520]
S3 PTDWBus;Curitel PC Card Composite Device driver (UDP);c:\windows\system32\drivers\PTDWBus.sys [2007-11-12 27392]
S3 PTDWMdm;Curitel PC Card Drivers (UDP);c:\windows\system32\drivers\PTDWMdm.sys [2007-11-12 41728]
S3 PTDWVsp;Curitel PC Card Diagnostic Serial Port (UDP);c:\windows\system32\drivers\PTDWVsp.sys [2007-11-12 39808]
S3 PWCTLDRV;The NECHostController Filter Driver;c:\windows\system32\drivers\PWCTLDRV.sys [2007-11-12 5888]
S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [2006-10-1 26624]
S4 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [2004-11-10 160640]
S4 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [2004-11-10 5248]
S4 dev5_ap1;dev5_ap1;c:\phpdev5\apache\Apache.exe [2009-3-6 20480]

=============== Created Last 30 ================

2010-06-26 04:07:29 54 ----a-w- c:\documents and settings\hedy\defogger_reenable
2010-06-26 01:53:16 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-06-26 01:52:51 0 d-----w- c:\windows\LastGood.Tmp
2010-06-26 01:50:09 0 d-----w- c:\program files\Panda Security
2010-06-26 01:25:50 0 d-----w- c:\temp\NoNav
2010-06-23 18:01:39 0 d-----w- c:\windows\IIS Temporary Compressed Files
2010-06-23 18:00:30 0 d-----w- c:\windows\system32\Cache
2010-06-23 17:58:20 9216 ----a-w- c:\windows\system32\dllcache\wamps51.dll
2010-06-23 17:57:14 0 d-----w- C:\Inetpub

==================== Find3M ====================

2002-08-29 10:00:00 94784 --sh--w- c:\windows\TWAIN.DLL
2008-04-14 00:12:07 50688 --sh--w- c:\windows\twain_32.dll
2008-04-14 00:11:56 1028096 --sha-w- c:\windows\system32\mfc42.dll
2008-04-14 00:12:01 57344 --sha-w- c:\windows\system32\msvcirt.dll
2008-04-14 00:12:02 551936 --sh--w- c:\windows\system32\oleaut32.dll
2008-04-14 00:12:02 84992 --sha-w- c:\windows\system32\olepro32.dll
2008-04-14 00:12:32 11776 --sha-w- c:\windows\system32\regsvr32.exe

============= FINISH: 0:17:11.29 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 5/16/2003 4:40:28 PM
System Uptime: 6/26/2010 12:10:32 AM (0 hours ago)

Motherboard: Dell Computer Corp. | | 0J0592
Processor: Intel® Pentium® 4 CPU 2.66GHz | Microprocessor |

2658/533mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 56 GiB total, 36.585 GiB free.
D: is CDROM ()
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Description: Plug and Play BIOS Extension
Device ID: ROOT\SYSTEM\0004
Manufacturer: (Standard system devices)
Name: Plug and Play BIOS Extension
PNP Device ID: ROOT\SYSTEM\0004
Service: a347bus

==== System Restore Points ===================

RP445: 2/23/2006 8:45:06 PM - System Checkpoint
RP446: 2/24/2006 9:33:29 PM - System Checkpoint
RP447: 2/25/2006 9:33:29 PM - System Checkpoint
RP448: 2/26/2006 9:39:08 PM - System Checkpoint
RP449: 2/28/2006 12:45:58 PM - System Checkpoint
RP450: 3/1/2006 1:31:16 PM - System Checkpoint
RP451: 3/2/2006 1:41:25 PM - System Checkpoint
RP452: 3/3/2006 6:22:24 PM - System Checkpoint
RP453: 3/4/2006 6:42:33 PM - System Checkpoint
RP454: 3/5/2006 7:23:30 PM - System Checkpoint
RP455: 3/6/2006 8:23:17 PM - System Checkpoint
RP456: 3/7/2006 8:29:54 PM - System Checkpoint
RP457: 3/9/2006 9:02:31 AM - System Checkpoint
RP458: 3/10/2006 9:50:49 AM - System Checkpoint
RP459: 3/12/2006 1:11:56 AM - System Checkpoint
RP460: 3/13/2006 2:01:52 AM - System Checkpoint
RP461: 3/14/2006 8:04:30 AM - System Checkpoint
RP462: 3/15/2006 11:30:19 AM - System Checkpoint
RP463: 3/16/2006 4:00:33 AM - Software Distribution Service 2.0
RP464: 3/19/2006 11:39:06 AM - System Checkpoint
RP465: 3/20/2006 11:39:37 AM - System Checkpoint
RP466: 3/21/2006 12:48:40 PM - System Checkpoint
RP467: 3/22/2006 1:07:10 PM - System Checkpoint
RP468: 3/23/2006 7:37:17 PM - System Checkpoint
RP469: 3/26/2006 7:04:56 PM - System Checkpoint
RP470: 3/26/2006 7:49:49 PM - Removed Norton AntiVirus 2003
RP471: 3/26/2006 8:19:39 PM - Removed Symantec Network Drivers Update
RP472: 3/26/2006 9:07:37 PM - Norton AntiVirus post configuration restore

point
RP473: 3/27/2006 9:39:03 PM - System Checkpoint
RP474: 3/28/2006 10:01:42 PM - System Checkpoint
RP475: 3/30/2006 8:40:27 AM - System Checkpoint
RP476: 3/31/2006 8:56:30 AM - System Checkpoint
RP477: 4/1/2006 9:46:54 PM - System Checkpoint
RP478: 4/2/2006 9:56:53 PM - System Checkpoint
RP479: 4/4/2006 10:55:01 AM - System Checkpoint
RP480: 4/5/2006 2:06:56 PM - System Checkpoint
RP481: 4/6/2006 10:18:14 PM - System Checkpoint
RP482: 4/7/2006 10:18:26 PM - System Checkpoint
RP483: 4/9/2006 3:38:18 PM - System Checkpoint
RP484: 4/10/2006 4:58:04 PM - System Checkpoint
RP485: 4/11/2006 5:47:42 PM - System Checkpoint
RP486: 4/12/2006 6:35:41 PM - System Checkpoint
RP487: 4/13/2006 6:59:33 PM - System Checkpoint
RP488: 4/15/2006 10:10:17 AM - System Checkpoint
RP489: 4/16/2006 4:36:20 PM - System Checkpoint
RP490: 4/18/2006 9:43:31 AM - System Checkpoint
RP491: 4/19/2006 10:32:10 AM - System Checkpoint
RP492: 4/19/2006 9:38:40 PM - Software Distribution Service 2.0
RP493: 4/19/2006 9:39:28 PM - Installed Windows XP KB911567.
RP494: 4/19/2006 9:41:08 PM - Installed Windows Media Player 10 KB911565.
RP495: 4/19/2006 9:42:47 PM - Installed Windows XP KB912812.
RP496: 4/19/2006 9:46:14 PM - Installed Windows XP KB911562.
RP497: 4/19/2006 9:47:25 PM - Installed Windows XP KB908531.
RP498: 4/20/2006 10:02:01 PM - System Checkpoint
RP499: 4/21/2006 11:01:55 PM - System Checkpoint
RP500: 4/23/2006 2:33:38 PM - System Checkpoint
RP501: 4/24/2006 3:41:43 PM - System Checkpoint
RP502: 4/25/2006 5:05:19 PM - System Checkpoint
RP503: 4/26/2006 3:00:22 AM - Software Distribution Service 2.0
RP504: 4/26/2006 3:01:37 AM - Installed Windows XP KB908531.
RP505: 4/26/2006 3:02:49 AM - Installed Windows XP KB900485.
RP506: 4/27/2006 8:50:45 AM - System Checkpoint
RP507: 4/28/2006 11:59:37 AM - System Checkpoint
RP508: 4/29/2006 12:05:06 PM - System Checkpoint
RP509: 4/30/2006 12:55:47 PM - System Checkpoint
RP510: 5/1/2006 1:20:13 PM - System Checkpoint
RP511: 5/2/2006 1:20:49 PM - System Checkpoint
RP512: 5/3/2006 2:47:29 PM - System Checkpoint
RP513: 5/4/2006 3:32:16 PM - System Checkpoint
RP514: 5/5/2006 3:57:03 PM - System Checkpoint
RP515: 5/6/2006 9:27:56 PM - System Checkpoint
RP516: 5/7/2006 9:40:47 PM - System Checkpoint
RP517: 5/9/2006 9:54:33 AM - System Checkpoint
RP518: 5/10/2006 10:16:37 AM - System Checkpoint
RP519: 5/11/2006 8:11:17 PM - System Checkpoint
RP520: 5/11/2006 11:26:50 PM - Software Distribution Service 2.0
RP521: 5/11/2006 11:27:33 PM - Installed Windows XP KB913580.
RP522: 5/13/2006 12:10:25 AM - System Checkpoint
RP523: 5/14/2006 5:20:06 PM - System Checkpoint
RP524: 5/15/2006 6:41:01 PM - System Checkpoint
RP525: 5/16/2006 7:07:10 PM - System Checkpoint
RP526: 5/18/2006 8:17:52 AM - System Checkpoint
RP527: 5/19/2006 10:23:42 AM - System Checkpoint
RP528: 5/20/2006 1:18:36 PM - System Checkpoint
RP529: 5/21/2006 5:44:06 PM - System Checkpoint
RP530: 5/23/2006 10:02:42 AM - System Checkpoint
RP531: 5/24/2006 10:25:38 AM - System Checkpoint
RP532: 5/25/2006 10:50:23 AM - System Checkpoint
RP533: 5/26/2006 11:06:08 AM - System Checkpoint
RP534: 5/27/2006 11:07:28 AM - System Checkpoint
RP535: 5/28/2006 11:59:20 AM - System Checkpoint
RP536: 5/29/2006 12:47:27 PM - System Checkpoint
RP537: 5/30/2006 12:59:26 PM - System Checkpoint
RP538: 5/31/2006 1:11:23 PM - System Checkpoint
RP539: 6/1/2006 1:47:17 PM - System Checkpoint
RP540: 6/2/2006 2:47:12 PM - System Checkpoint
RP541: 6/3/2006 3:00:33 PM - System Checkpoint
RP542: 6/4/2006 3:06:10 PM - System Checkpoint
RP543: 6/5/2006 3:23:29 PM - System Checkpoint
RP544: 6/6/2006 3:38:04 PM - System Checkpoint
RP545: 6/7/2006 4:47:22 PM - System Checkpoint
RP546: 6/8/2006 9:06:46 PM - System Checkpoint
RP547: 6/9/2006 9:35:47 PM - System Checkpoint
RP548: 6/10/2006 10:11:39 PM - System Checkpoint
RP549: 6/11/2006 10:23:53 PM - System Checkpoint
RP550: 6/12/2006 10:25:08 PM - System Checkpoint
RP551: 6/13/2006 9:46:27 PM - Software Distribution Service 2.0
RP552: 6/13/2006 9:47:24 PM - Installed Windows XP KB914389.
RP553: 6/13/2006 9:49:04 PM - Installed Windows XP KB916281.
RP554: 6/13/2006 9:52:23 PM - Installed Windows XP KB911280.
RP555: 6/13/2006 9:54:16 PM - Installed Windows XP KB917953.
RP556: 6/13/2006 9:56:14 PM - Installed Windows XP KB917344.
RP557: 6/13/2006 9:58:17 PM - Installed Windows XP KB918439.
RP558: 6/13/2006 10:15:56 PM - Installed Windows Media Player 10

KB917734_WMP10.
RP559: 6/14/2006 10:16:29 PM - System Checkpoint
RP560: 6/16/2006 12:10:18 AM - System Checkpoint
RP561: 6/17/2006 1:17:13 AM - System Checkpoint
RP562: 6/18/2006 2:25:37 AM - System Checkpoint
RP563: 6/19/2006 2:39:36 AM - System Checkpoint
RP564: 6/20/2006 9:53:02 AM - System Checkpoint
RP565: 6/21/2006 10:12:46 AM - System Checkpoint
RP566: 6/22/2006 10:15:18 AM - System Checkpoint
RP567: 6/23/2006 10:44:28 AM - System Checkpoint
RP568: 6/23/2006 2:38:28 PM - Installed Symantec AntiVirus
RP569: 6/25/2006 12:49:13 PM - System Checkpoint
RP570: 6/26/2006 1:16:57 PM - System Checkpoint
RP571: 6/27/2006 1:19:52 PM - System Checkpoint
RP572: 6/29/2006 8:55:16 AM - System Checkpoint
RP573: 6/30/2006 9:57:20 AM - System Checkpoint
RP574: 7/1/2006 12:31:01 PM - System Checkpoint
RP575: 7/2/2006 12:57:00 PM - System Checkpoint
RP576: 7/3/2006 12:58:05 PM - System Checkpoint
RP577: 7/4/2006 1:16:35 PM - System Checkpoint
RP578: 7/5/2006 1:42:36 PM - System Checkpoint
RP579: 7/6/2006 2:42:05 PM - System Checkpoint
RP580: 7/7/2006 3:25:50 PM - System Checkpoint
RP581: 7/8/2006 3:26:55 PM - System Checkpoint
RP582: 7/9/2006 3:28:09 PM - System Checkpoint
RP583: 7/10/2006 4:25:50 PM - System Checkpoint
RP584: 7/11/2006 5:22:37 PM - System Checkpoint
RP585: 7/12/2006 5:50:03 PM - System Checkpoint
RP586: 7/12/2006 10:21:07 PM - Software Distribution Service 2.0
RP587: 7/12/2006 10:22:54 PM - Installed Windows XP KB916595.
RP588: 7/12/2006 10:24:24 PM - Installed Windows XP KB914388.
RP589: 7/12/2006 10:25:35 PM - Installed Windows XP KB917159.
RP590: 7/13/2006 11:10:19 PM - System Checkpoint
RP591: 7/14/2006 11:42:21 PM - System Checkpoint
RP592: 7/16/2006 12:41:15 AM - System Checkpoint
RP593: 7/17/2006 8:03:57 AM - System Checkpoint
RP594: 7/18/2006 6:55:29 AM - Software Distribution Service 2.0
RP595: 7/18/2006 6:56:45 AM - Installed Windows XP WgaNotify.
RP596: 7/19/2006 9:48:59 AM - System Checkpoint
RP597: 7/20/2006 10:36:46 AM - System Checkpoint
RP598: 7/21/2006 10:55:08 AM - System Checkpoint
RP599: 7/22/2006 10:55:09 AM - System Checkpoint
RP600: 7/23/2006 11:55:09 AM - System Checkpoint
RP601: 7/24/2006 2:09:07 PM - System Checkpoint
RP602: 7/25/2006 2:20:57 PM - System Checkpoint
RP603: 7/26/2006 3:19:10 PM - System Checkpoint
RP604: 7/27/2006 4:18:21 PM - System Checkpoint
RP605: 7/28/2006 5:03:03 PM - System Checkpoint
RP606: 7/29/2006 5:10:10 PM - System Checkpoint
RP607: 7/30/2006 6:03:03 PM - System Checkpoint
RP608: 7/31/2006 6:03:40 PM - System Checkpoint
RP609: 8/1/2006 9:10:44 PM - System Checkpoint
RP610: 8/2/2006 9:22:14 PM - System Checkpoint
RP611: 8/3/2006 10:15:23 PM - System Checkpoint
RP612: 8/4/2006 10:29:19 PM - System Checkpoint
RP613: 8/6/2006 10:06:51 AM - System Checkpoint
RP614: 8/7/2006 11:02:36 AM - System Checkpoint
RP615: 8/8/2006 12:02:34 PM - System Checkpoint
RP616: 8/9/2006 3:00:12 AM - Software Distribution Service 2.0
RP617: 8/9/2006 3:00:57 AM - Installed Windows XP KB921883.
RP618: 8/10/2006 9:33:51 AM - System Checkpoint
RP619: 8/11/2006 10:18:10 AM - System Checkpoint
RP620: 8/12/2006 3:00:17 AM - Software Distribution Service 2.0
RP621: 8/12/2006 3:01:01 AM - Installed Windows XP KB920683.
RP622: 8/12/2006 3:01:49 AM - Installed Windows XP KB917422.
RP623: 8/12/2006 3:02:27 AM - Installed Windows XP KB920670.
RP624: 8/12/2006 3:03:24 AM - Installed Windows XP KB918899.
RP625: 8/12/2006 3:06:21 AM - Installed Windows XP KB921398.
RP626: 8/12/2006 3:07:16 AM - Installed Windows XP KB922616.
RP627: 8/12/2006 3:07:55 AM - Installed Windows XP KB920214.
RP628: 8/13/2006 3:36:33 AM - System Checkpoint
RP629: 8/14/2006 10:46:36 AM - System Checkpoint
RP630: 8/15/2006 11:37:32 AM - System Checkpoint
RP631: 8/16/2006 12:37:25 PM - System Checkpoint
RP632: 8/17/2006 1:44:19 PM - System Checkpoint
RP633: 8/19/2006 9:38:55 PM - System Checkpoint
RP634: 8/21/2006 11:09:24 AM - System Checkpoint
RP635: 8/22/2006 11:16:58 AM - System Checkpoint
RP636: 8/23/2006 11:31:21 AM - System Checkpoint
RP637: 8/24/2006 12:12:49 PM - System Checkpoint
RP638: 8/24/2006 9:41:28 PM - Printer Driver HP Officejet 5600 series fax

Installed
RP639: 8/26/2006 8:09:29 AM - System Checkpoint
RP640: 8/27/2006 11:31:44 AM - System Checkpoint
RP641: 8/28/2006 11:46:22 AM - System Checkpoint
RP642: 8/29/2006 11:57:41 AM - System Checkpoint
RP643: 8/30/2006 2:29:06 PM - System Checkpoint
RP644: 8/31/2006 3:52:07 PM - System Checkpoint
RP645: 9/1/2006 4:19:46 PM - System Checkpoint
RP646: 9/2/2006 5:47:05 PM - System Checkpoint
RP647: 9/3/2006 5:51:27 PM - System Checkpoint
RP648: 9/4/2006 6:32:18 PM - System Checkpoint
RP649: 9/6/2006 9:32:26 PM - System Checkpoint
RP650: 9/8/2006 4:15:38 AM - System Checkpoint
RP651: 9/9/2006 9:53:29 AM - System Checkpoint
RP652: 9/10/2006 10:37:58 AM - System Checkpoint
RP653: 9/11/2006 10:37:58 AM - System Checkpoint
RP654: 9/12/2006 11:23:28 AM - System Checkpoint
RP655: 9/13/2006 11:24:33 AM - System Checkpoint
RP656: 9/13/2006 10:45:33 PM - Software Distribution Service 2.0
RP657: 9/13/2006 10:47:18 PM - Installed Windows XP KB922582.
RP658: 9/13/2006 10:48:16 PM - Installed Windows XP KB919007.
RP659: 9/13/2006 10:48:57 PM - Installed Windows XP KB920872.
RP660: 9/13/2006 10:49:40 PM - Installed Windows XP KB920685.
RP661: 9/14/2006 11:05:02 PM - System Checkpoint
RP662: 9/16/2006 1:53:04 PM - System Checkpoint
RP663: 9/17/2006 2:08:27 PM - System Checkpoint
RP664: 9/18/2006 3:07:22 PM - System Checkpoint
RP665: 9/19/2006 4:07:22 PM - System Checkpoint
RP666: 9/20/2006 5:07:22 PM - System Checkpoint
RP667: 9/21/2006 6:20:31 PM - System Checkpoint
RP668: 9/22/2006 7:07:08 PM - System Checkpoint
RP669: 9/23/2006 8:07:08 PM - System Checkpoint
RP670: 9/24/2006 9:11:31 PM - System Checkpoint
RP671: 9/25/2006 9:18:32 PM - System Checkpoint
RP672: 9/26/2006 10:19:50 PM - Software Distribution Service 2.0
RP673: 9/26/2006 10:20:15 PM - Installed Windows XP KB925486.
RP674: 9/28/2006 8:54:08 AM - System Checkpoint
RP675: 10/2/2006 7:18:48 AM - System Checkpoint
RP676: 10/3/2006 7:52:02 AM - System Checkpoint
RP677: 10/4/2006 3:49:18 PM - System Checkpoint
RP678: 10/5/2006 3:57:28 PM - System Checkpoint
RP679: 10/6/2006 4:15:27 PM - System Checkpoint
RP680: 10/7/2006 5:15:27 PM - System Checkpoint
RP681: 10/8/2006 6:15:27 PM - System Checkpoint
RP682: 10/9/2006 7:15:14 PM - System Checkpoint
RP683: 10/10/2006 7:35:28 PM - System Checkpoint
RP684: 10/13/2006 5:47:48 PM - System Checkpoint
RP685: 10/14/2006 3:00:18 AM - Software Distribution Service 2.0
RP686: 10/14/2006 3:01:44 AM - Installed Windows XP KB923191.
RP687: 10/14/2006 3:02:42 AM - Installed Windows XP KB924496.
RP688: 10/14/2006 3:03:32 AM - Installed Windows XP KB923414.
RP689: 10/14/2006 3:04:28 AM - Installed Windows XP KB922819.
RP690: 10/14/2006 3:05:23 AM - Installed Windows XP KB924191.
RP691: 10/15/2006 3:43:36 AM - System Checkpoint
RP692: 10/16/2006 9:30:14 AM - System Checkpoint
RP693: 10/17/2006 9:42:52 AM - System Checkpoint
RP694: 10/18/2006 10:05:01 AM - System Checkpoint
RP695: 10/19/2006 10:16:05 AM - System Checkpoint
RP696: 10/20/2006 11:12:08 AM - System Checkpoint
RP697: 10/21/2006 11:13:13 AM - System Checkpoint
RP698: 10/22/2006 12:12:08 PM - System Checkpoint
RP699: 10/23/2006 1:11:44 PM - System Checkpoint
RP700: 10/24/2006 1:55:16 PM - System Checkpoint
RP701: 10/25/2006 2:47:49 PM - System Checkpoint
RP702: 10/26/2006 2:57:12 PM - System Checkpoint
RP703: 10/27/2006 3:51:33 PM - System Checkpoint
RP704: 10/28/2006 3:58:45 PM - System Checkpoint
RP705: 10/29/2006 4:14:26 PM - System Checkpoint
RP706: 10/30/2006 4:14:40 PM - System Checkpoint
RP707: 10/31/2006 5:15:45 PM - System Checkpoint
RP708: 11/1/2006 5:25:24 PM - System Checkpoint
RP709: 11/2/2006 6:35:21 PM - System Checkpoint
RP710: 11/3/2006 7:09:13 PM - System Checkpoint
RP711: 11/4/2006 9:42:50 PM - System Checkpoint
RP712: 11/5/2006 9:20:22 PM - System Checkpoint
RP713: 11/7/2006 8:20:44 AM - System Checkpoint
RP714: 11/8/2006 8:55:32 AM - System Checkpoint
RP715: 11/9/2006 2:46:15 PM - System Checkpoint
RP716: 11/10/2006 5:04:37 PM - System Checkpoint
RP717: 11/11/2006 5:08:53 PM - System Checkpoint
RP718: 11/12/2006 8:12:15 PM - System Checkpoint
RP719: 11/13/2006 8:37:01 PM - System Checkpoint
RP720: 11/14/2006 8:38:06 PM - System Checkpoint
RP721: 11/15/2006 8:51:49 PM - System Checkpoint
RP722: 11/15/2006 10:10:12 PM - Software Distribution Service 2.0
RP723: 11/15/2006 10:10:40 PM - Installed Windows XP KB922760.
RP724: 11/15/2006 10:11:12 PM - Installed Windows XP KB920213.
RP725: 11/15/2006 10:12:15 PM - Installed Windows XP KB924270.
RP726: 11/15/2006 10:12:37 PM - Installed Windows XP KB923980.
RP727: 11/16/2006 10:41:05 PM - System Checkpoint
RP728: 11/17/2006 8:56:27 PM - Installed SSH Secure Shell
RP729: 11/17/2006 8:59:31 PM - Removed SSH Secure Shell
RP730: 11/18/2006 9:41:05 PM - System Checkpoint
RP731: 11/19/2006 10:41:05 PM - System Checkpoint
RP732: 11/21/2006 8:36:43 AM - System Checkpoint
RP733: 11/22/2006 9:20:41 AM - System Checkpoint
RP734: 11/23/2006 10:20:41 AM - System Checkpoint
RP735: 11/24/2006 10:32:41 AM - System Checkpoint
RP736: 11/25/2006 11:20:41 AM - System Checkpoint
RP737: 11/26/2006 2:38:33 PM - System Checkpoint
RP738: 11/27/2006 3:37:37 PM - System Checkpoint
RP739: 11/28/2006 4:37:37 PM - System Checkpoint
RP740: 11/29/2006 5:37:37 PM - System Checkpoint
RP741: 11/30/2006 5:38:42 PM - System Checkpoint
RP742: 12/1/2006 6:14:37 PM - System Checkpoint
RP743: 12/2/2006 6:55:07 PM - System Checkpoint
RP744: 12/3/2006 7:19:19 PM - System Checkpoint
RP745: 12/4/2006 7:53:37 PM - System Checkpoint
RP746: 12/5/2006 8:32:17 PM - System Checkpoint
RP747: 12/6/2006 9:28:34 PM - System Checkpoint
RP748: 12/7/2006 10:15:51 PM - System Checkpoint
RP749: 12/9/2006 8:47:34 AM - System Checkpoint
RP750: 12/10/2006 9:19:41 AM - System Checkpoint
RP751: 12/11/2006 10:19:41 AM - System Checkpoint
RP752: 12/12/2006 11:20:33 AM - System Checkpoint
RP753: 12/13/2006 12:09:26 PM - System Checkpoint
RP754: 12/14/2006 12:25:16 PM - System Checkpoint
RP755: 12/16/2006 4:20:53 AM - System Checkpoint
RP756: 12/17/2006 3:00:13 AM - Software Distribution Service 2.0
RP757: 12/17/2006 3:01:38 AM - Installed Windows XP KB923694.
RP758: 12/17/2006 3:02:35 AM - Installed Windows XP KB926255.
RP759: 12/17/2006 3:03:55 AM - Installed Windows XP KB923689.
RP760: 12/17/2006 3:04:17 AM - Installed Windows Media Player 6.4

KB925398_WMP64.
RP761: 12/17/2006 3:05:27 AM - Installed Windows XP KB925454.
RP762: 12/18/2006 3:15:48 AM - System Checkpoint
RP763: 12/19/2006 4:15:34 AM - System Checkpoint
RP764: 12/20/2006 4:24:59 AM - System Checkpoint
RP765: 12/21/2006 7:39:17 AM - System Checkpoint
RP766: 12/22/2006 8:37:27 AM - System Checkpoint
RP767: 12/22/2006 9:52:50 PM - Installed Venturi Client
RP768: 12/23/2006 9:58:07 PM - System Checkpoint
RP769: 12/24/2006 7:35:17 PM - Installed Venturi Client
RP770: 12/25/2006 5:47:24 PM - Removed Venturi Client
RP771: 12/26/2006 6:12:21 PM - System Checkpoint
RP772: 12/27/2006 6:57:54 PM - System Checkpoint
RP773: 12/28/2006 7:06:49 PM - System Checkpoint
RP774: 12/29/2006 7:50:37 PM - System Checkpoint
RP775: 12/30/2006 8:58:01 PM - Installed Venturi Client
RP776: 1/2/2007 9:29:17 AM - System Checkpoint
RP777: 1/3/2007 11:08:50 AM - System Checkpoint
RP778: 1/4/2007 11:53:37 AM - System Checkpoint
RP779: 1/5/2007 12:47:18 PM - System Checkpoint
RP780: 1/5/2007 8:05:42 PM - Removed Venturi Client
RP781: 1/5/2007 8:13:20 PM - Installed Venturi Client
RP782: 1/6/2007 2:41:57 PM - Removed Venturi Client
RP783: 1/7/2007 3:07:27 PM - System Checkpoint
RP784: 1/9/2007 7:48:23 PM - Software Distribution Service 2.0
RP785: 1/11/2007 9:02:46 PM - System Checkpoint
RP786: 1/12/2007 3:00:15 AM - Software Distribution Service 2.0
RP787: 1/12/2007 3:01:36 AM - Installed Windows XP KB929969.
RP788: 1/13/2007 3:05:36 AM - System Checkpoint
RP789: 1/14/2007 3:33:32 AM - System Checkpoint
RP790: 1/15/2007 4:33:32 AM - System Checkpoint
RP791: 1/16/2007 5:33:32 AM - System Checkpoint
RP792: 1/17/2007 6:33:32 AM - System Checkpoint
RP793: 1/17/2007 12:00:23 PM - Software Distribution Service 2.0
RP794: 1/18/2007 12:33:19 PM - System Checkpoint
RP795: 1/19/2007 1:05:36 PM - System Checkpoint
RP796: 1/20/2007 2:05:36 PM - System Checkpoint
RP797: 1/21/2007 7:31:17 PM - System Checkpoint
RP798: 1/22/2007 7:48:54 PM - System Checkpoint
RP799: 1/23/2007 8:48:54 PM - System Checkpoint
RP800: 1/24/2007 8:48:54 PM - System Checkpoint
RP801: 1/25/2007 8:48:54 PM - System Checkpoint
RP802: 1/26/2007 8:48:54 PM - System Checkpoint
RP803: 1/27/2007 8:49:59 PM - System Checkpoint
RP804: 1/28/2007 9:48:54 PM - System Checkpoint
RP805: 1/29/2007 9:48:54 PM - System Checkpoint
RP806: 1/30/2007 9:56:46 PM - System Checkpoint
RP807: 1/31/2007 10:48:54 PM - System Checkpoint
RP808: 2/1/2007 10:48:54 PM - System Checkpoint
RP809: 2/2/2007 10:48:54 PM - System Checkpoint
RP810: 2/3/2007 10:48:54 PM - System Checkpoint
RP811: 2/4/2007 10:48:54 PM - System Checkpoint
RP812: 2/5/2007 10:48:54 PM - System Checkpoint
RP813: 2/6/2007 10:48:54 PM - System Checkpoint
RP814: 2/7/2007 10:49:59 PM - System Checkpoint
RP815: 3/3/2007 4:22:52 PM - System Checkpoint
RP816: 3/4/2007 9:24:05 PM - System Checkpoint
RP817: 3/5/2007 9:27:32 PM - System Checkpoint
RP818: 3/6/2007 10:09:13 PM - System Checkpoint
RP819: 3/7/2007 11:09:13 PM - System Checkpoint
RP820: 3/8/2007 11:09:13 PM - System Checkpoint
RP821: 3/9/2007 11:09:13 PM - System Checkpoint
RP822: 3/11/2007 8:33:10 PM - System Checkpoint
RP823: 3/12/2007 9:20:40 PM - System Checkpoint
RP824: 3/13/2007 9:20:40 PM - System Checkpoint
RP825: 3/14/2007 9:20:40 PM - System Checkpoint
RP826: 3/15/2007 9:20:40 PM - System Checkpoint
RP827: 3/16/2007 10:20:40 PM - System Checkpoint
RP828: 3/17/2007 10:20:40 PM - System Checkpoint
RP829: 3/18/2007 10:20:40 PM - System Checkpoint
RP830: 3/19/2007 11:43:19 PM - System Checkpoint
RP831: 4/5/2007 10:02:51 AM - System Checkpoint
RP832: 4/6/2007 10:47:53 AM - System Checkpoint
RP833: 4/7/2007 10:48:58 AM - System Checkpoint
RP834: 4/8/2007 11:47:53 AM - System Checkpoint
RP835: 4/9/2007 11:47:53 AM - System Checkpoint
RP836: 4/10/2007 11:47:53 AM - System Checkpoint
RP837: 4/11/2007 11:47:53 AM - System Checkpoint
RP838: 4/12/2007 12:20:53 PM - System Checkpoint
RP839: 4/13/2007 1:20:53 PM - System Checkpoint
RP840: 4/14/2007 1:20:53 PM - System Checkpoint
RP841: 4/15/2007 1:20:53 PM - System Checkpoint
RP842: 4/16/2007 2:20:49 PM - System Checkpoint
RP843: 4/17/2007 3:20:49 PM - System Checkpoint
RP844: 4/18/2007 3:20:49 PM - System Checkpoint
RP845: 4/19/2007 3:20:49 PM - System Checkpoint
RP846: 4/20/2007 3:20:49 PM - System Checkpoint
RP847: 4/21/2007 3:20:49 PM - System Checkpoint
RP848: 4/22/2007 3:20:49 PM - System Checkpoint
RP849: 4/23/2007 3:20:49 PM - System Checkpoint
RP850: 4/24/2007 3:20:49 PM - System Checkpoint
RP851: 4/25/2007 3:20:49 PM - System Checkpoint
RP852: 4/26/2007 3:20:49 PM - System Checkpoint
RP853: 4/27/2007 3:20:49 PM - System Checkpoint
RP854: 4/28/2007 3:20:49 PM - System Checkpoint
RP855: 4/29/2007 3:20:49 PM - System Checkpoint
RP856: 4/30/2007 3:20:49 PM - System Checkpoint
RP857: 5/1/2007 3:20:49 PM - System Checkpoint
RP858: 5/2/2007 3:20:49 PM - System Checkpoint
RP859: 5/3/2007 3:20:49 PM - System Checkpoint
RP860: 5/4/2007 3:20:49 PM - System Checkpoint
RP861: 5/5/2007 3:20:49 PM - System Checkpoint
RP862: 5/6/2007 3:20:49 PM - System Checkpoint
RP863: 5/7/2007 4:20:49 PM - System Checkpoint
RP864: 5/8/2007 5:20:49 PM - System Checkpoint
RP865: 5/9/2007 6:20:49 PM - System Checkpoint
RP866: 5/10/2007 7:20:49 PM - System Checkpoint
RP867: 5/11/2007 8:20:49 PM - System Checkpoint
RP868: 5/12/2007 9:20:49 PM - System Checkpoint
RP869: 5/13/2007 10:20:49 PM - System Checkpoint
RP870: 5/14/2007 11:20:49 PM - System Checkpoint
RP871: 5/16/2007 12:20:49 AM - System Checkpoint
RP872: 5/17/2007 1:20:49 AM - System Checkpoint
RP873: 5/18/2007 2:20:49 AM - System Checkpoint
RP874: 5/19/2007 3:20:49 AM - System Checkpoint
RP875: 5/20/2007 4:20:49 AM - System Checkpoint
RP876: 5/21/2007 5:20:49 AM - System Checkpoint
RP877: 5/22/2007 6:20:49 AM - System Checkpoint
RP878: 5/23/2007 7:20:49 AM - System Checkpoint
RP879: 5/24/2007 8:20:49 AM - System Checkpoint
RP880: 5/25/2007 8:20:49 AM - System Checkpoint
RP881: 5/26/2007 8:20:49 AM - System Checkpoint
RP882: 5/27/2007 8:20:49 AM - System Checkpoint
RP883: 5/28/2007 8:20:49 AM - System Checkpoint
RP884: 5/29/2007 8:20:49 AM - System Checkpoint
RP885: 5/30/2007 8:20:49 AM - System Checkpoint
RP886: 5/31/2007 8:20:49 AM - System Checkpoint
RP887: 6/1/2007 8:20:49 AM - System Checkpoint
RP888: 6/2/2007 8:20:49 AM - System Checkpoint
RP889: 6/3/2007 8:20:49 AM - System Checkpoint
RP890: 6/4/2007 8:20:49 AM - System Checkpoint
RP891: 6/5/2007 8:20:49 AM - System Checkpoint
RP892: 6/6/2007 8:20:49 AM - System Checkpoint
RP893: 6/7/2007 8:20:49 AM - System Checkpoint
RP894: 6/8/2007 8:20:49 AM - System Checkpoint
RP895: 6/9/2007 8:20:49 AM - System Checkpoint
RP896: 6/10/2007 8:20:49 AM - System Checkpoint
RP897: 6/11/2007 8:20:49 AM - System Checkpoint
RP898: 6/12/2007 8:20:49 AM - System Checkpoint
RP899: 6/13/2007 8:20:49 AM - System Checkpoint
RP900: 6/14/2007 8:20:49 AM - System Checkpoint
RP901: 6/15/2007 8:20:49 AM - System Checkpoint
RP902: 6/16/2007 8:20:49 AM - System Checkpoint
RP903: 6/17/2007 8:20:49 AM - System Checkpoint
RP904: 6/18/2007 8:20:49 AM - System Checkpoint
RP905: 6/19/2007 8:20:49 AM - System Checkpoint
RP906: 6/20/2007 8:20:49 AM - System Checkpoint
RP907: 6/21/2007 8:20:49 AM - System Checkpoint
RP908: 6/22/2007 8:20:49 AM - System Checkpoint
RP909: 6/23/2007 8:20:49 AM - System Checkpoint
RP910: 6/24/2007 8:20:49 AM - System Checkpoint
RP911: 6/25/2007 8:20:49 AM - System Checkpoint
RP912: 6/26/2007 8:20:49 AM - System Checkpoint
RP913: 6/27/2007 8:20:49 AM - System Checkpoint
RP914: 6/28/2007 8:20:49 AM - System Checkpoint
RP915: 6/29/2007 8:20:49 AM - System Checkpoint
RP916: 6/30/2007 8:20:49 AM - System Checkpoint
RP917: 7/1/2007 8:20:49 AM - System Checkpoint
RP918: 7/2/2007 8:20:49 AM - System Checkpoint
RP919: 7/3/2007 8:20:49 AM - System Checkpoint
RP920: 7/4/2007 8:20:49 AM - System Checkpoint
RP921: 7/5/2007 8:20:49 AM - System Checkpoint
RP922: 7/6/2007 8:20:49 AM - System Checkpoint
RP923: 7/7/2007 8:20:49 AM - System Checkpoint
RP924: 7/8/2007 8:20:49 AM - System Checkpoint
RP925: 7/9/2007 8:20:49 AM - System Checkpoint
RP926: 7/10/2007 8:20:49 AM - System Checkpoint
RP927: 7/11/2007 8:20:49 AM - System Checkpoint
RP928: 7/12/2007 9:49:10 AM - System Checkpoint
RP929: 7/13/2007 10:33:41 AM - System Checkpoint
RP930: 7/14/2007 11:21:14 AM - System Checkpoint
RP931: 7/15/2007 11:21:14 AM - System Checkpoint
RP932: 7/16/2007 11:21:14 AM - System Checkpoint
RP933: 7/17/2007 11:22:19 AM - System Checkpoint
RP934: 7/28/2007 2:20:01 PM - System Checkpoint
RP935: 7/29/2007 3:06:37 PM - System Checkpoint
RP936: 7/30/2007 3:06:37 PM - System Checkpoint
RP937: 7/31/2007 3:06:37 PM - System Checkpoint
RP938: 8/1/2007 3:06:37 PM - System Checkpoint
RP939: 8/2/2007 4:06:37 PM - System Checkpoint
RP940: 8/3/2007 4:06:37 PM - System Checkpoint
RP941: 8/4/2007 4:06:37 PM - System Checkpoint
RP942: 8/5/2007 4:06:37 PM - System Checkpoint
RP943: 8/6/2007 4:55:54 PM - System Checkpoint
RP944: 8/7/2007 5:55:54 PM - System Checkpoint
RP945: 8/8/2007 5:55:54 PM - System Checkpoint
RP946: 8/9/2007 5:55:54 PM - System Checkpoint
RP947: 8/13/2007 8:14:15 AM - System Checkpoint
RP948: 8/14/2007 9:01:41 AM - System Checkpoint
RP949: 8/15/2007 9:01:41 AM - System Checkpoint
RP950: 8/16/2007 9:01:41 AM - System Checkpoint
RP951: 8/17/2007 3:00:20 AM - Software Distribution Service 3.0
RP952: 8/17/2007 3:01:10 AM - Installed Windows XP KB928843.
RP953: 8/17/2007 3:02:47 AM - Installed Windows Media Player 10

KB936782_WMP10.
RP954: 8/17/2007 3:03:59 AM - Installed Windows XP KB935839.
RP955: 8/17/2007 3:06:11 AM - Installed Windows XP KB937143.
RP956: 8/17/2007 3:08:17 AM - Installed Windows XP KB930916.
RP957: 8/17/2007 3:09:24 AM - Installed Windows XP KB935840.
RP958: 8/17/2007 3:10:22 AM - Installed Windows XP KB938127.
RP959: 8/17/2007 3:11:32 AM - Installed Windows XP KB918118.
RP960: 8/17/2007 3:12:31 AM - Installed Windows XP KB932168.
RP961: 8/17/2007 3:13:39 AM - Installed Windows XP KB930178.
RP962: 8/17/2007 3:14:56 AM - Installed Windows XP KB926436.
RP963: 8/17/2007 3:20:10 AM - Installed Windows XP KB929123.
RP964: 8/17/2007 3:21:39 AM - Installed Windows XP KB925902.
RP965: 8/17/2007 3:22:35 AM - Installed Windows XP KB938829.
RP966: 8/17/2007 3:23:28 AM - Installed Windows XP KB921503.
RP967: 8/17/2007 3:24:25 AM - Installed Windows XP KB931836.
RP968: 8/17/2007 3:25:33 AM - Installed Windows XP KB936357.
RP969: 8/17/2007 3:26:37 AM - Installed Windows XP KB927891.
RP970: 8/17/2007 3:27:47 AM - Installed Windows XP KB931261.
RP971: 8/17/2007 3:29:01 AM - Installed Windows XP KB924667.
RP972: 8/17/2007 3:30:13 AM - Installed Windows XP KB938828.
RP973: 8/17/2007 3:31:37 AM - Installed Windows XP KB936021.
RP974: 8/17/2007 3:32:04 AM - Installed Step By Step Interactive Training

KB923723.
RP975: 8/17/2007 3:33:23 AM - Installed Windows XP KB931784.
RP976: 8/17/2007 3:34:57 AM - Installed Windows XP KB927802.
RP977: 8/18/2007 3:00:21 AM - Software Distribution Service 3.0
RP978: 8/18/2007 3:01:27 AM - Installed Windows XP KB928255.
RP979: 8/18/2007 3:03:05 AM - Installed Windows XP KB927779.
RP980: 8/19/2007 3:08:25 AM - System Checkpoint
RP981: 8/20/2007 3:37:51 AM - System Checkpoint
RP982: 8/21/2007 4:20:38 AM - System Checkpoint
RP983: 8/21/2007 4:56:25 PM - Removed Microsoft Broadband Networking
RP984: 8/22/2007 3:00:22 AM - Software Distribution Service 3.0
RP985: 8/22/2007 3:01:32 AM - Installed Windows XP KB917953.
RP986: 8/23/2007 3:12:42 AM - System Checkpoint
RP987: 8/24/2007 3:38:12 AM - System Checkpoint
RP988: 8/29/2007 1:21:02 PM - System Checkpoint
RP989: 8/30/2007 2:06:34 PM - System Checkpoint
RP990: 8/31/2007 2:07:39 PM - System Checkpoint
RP991: 9/1/2007 3:06:34 PM - System Checkpoint
RP992: 9/2/2007 3:37:03 PM - Installed NETGEAR WG111v2 wireless USB 2.0

adapter
RP993: 9/3/2007 3:00:19 AM - Software Distribution Service 3.0
RP994: 9/3/2007 3:01:18 AM - Installed Windows XP KB933360.
RP995: 9/4/2007 3:21:18 AM - System Checkpoint
RP996: 9/5/2007 10:34:04 AM - System Checkpoint
RP997: 9/6/2007 11:10:27 AM - System Checkpoint
RP998: 9/7/2007 11:57:41 AM - System Checkpoint
RP999: 9/8/2007 12:38:19 PM - System Checkpoint
RP1000: 9/9/2007 1:50:19 PM - System Checkpoint
RP1001: 9/10/2007 2:38:07 PM - System Checkpoint
RP1002: 9/11/2007 3:38:07 PM - System Checkpoint
RP1003: 9/11/2007 11:00:05 PM - Installed Mobile Connection Manager
RP1004: 9/12/2007 10:42:42 AM - Software Distribution Service 3.0
RP1005: 9/13/2007 11:38:07 AM - System Checkpoint
RP1006: 9/14/2007 11:38:07 AM - System Checkpoint
RP1007: 9/15/2007 12:03:29 PM - System Checkpoint
RP1008: 9/16/2007 12:26:29 PM - System Checkpoint
RP1009: 9/17/2007 1:03:17 PM - System Checkpoint
RP1010: 9/18/2007 2:08:08 PM - System Checkpoint
RP1011: 9/19/2007 2:29:16 PM - System Checkpoint
RP1012: 9/20/2007 3:03:17 PM - System Checkpoint
RP1013: 9/21/2007 4:03:17 PM - System Checkpoint
RP1014: 9/22/2007 4:38:28 PM - System Checkpoint
RP1015: 9/23/2007 5:44:47 PM - System Checkpoint
RP1016: 9/24/2007 6:03:04 PM - System Checkpoint
RP1017: 9/25/2007 7:04:52 PM - System Checkpoint
RP1018: 9/26/2007 8:03:04 PM - System Checkpoint
RP1019: 9/27/2007 9:03:04 PM - System Checkpoint
RP1020: 9/28/2007 9:40:10 PM - System Checkpoint
RP1021: 9/29/2007 9:40:10 PM - System Checkpoint
RP1022: 9/30/2007 9:49:52 PM - System Checkpoint
RP1023: 10/1/2007 9:49:52 PM - System Checkpoint
RP1024: 10/2/2007 10:49:52 PM - System Checkpoint
RP1025: 10/3/2007 10:49:52 PM - System Checkpoint
RP1026: 10/4/2007 11:49:52 PM - System Checkpoint
RP1027: 10/6/2007 12:49:52 AM - System Checkpoint
RP1028: 10/7/2007 1:49:52 AM - System Checkpoint
RP1029: 10/8/2007 2:49:40 AM - System Checkpoint
RP1030: 10/9/2007 3:49:40 AM - System Checkpoint
RP1031: 10/10/2007 1:25:41 PM - System Checkpoint
RP1032: 10/11/2007 3:00:20 AM - Software Distribution Service 3.0
RP1033: 10/11/2007 3:01:25 AM - Installed Windows XP KB941202.
RP1034: 10/11/2007 3:07:39 AM - Installed Windows XP KB939653.
RP1035: 10/11/2007 3:09:55 AM - Installed Windows XP KB933729.
RP1036: 10/12/2007 5:53:20 AM - System Checkpoint
RP1037: 10/13/2007 6:25:05 AM - System Checkpoint
RP1038: 10/14/2007 7:25:05 AM - System Checkpoint
RP1039: 10/15/2007 8:24:53 AM - System Checkpoint
RP1040: 10/16/2007 9:24:53 AM - System Checkpoint
RP1041: 10/17/2007 9:54:51 AM - System Checkpoint
RP1042: 10/18/2007 10:39:54 AM - System Checkpoint
RP1043: 10/19/2007 10:46:16 AM - System Checkpoint
RP1044: 10/20/2007 11:21:31 AM - System Checkpoint
RP1045: 10/21/2007 11:32:16 AM - System Checkpoint
RP1046: 10/22/2007 12:44:57 PM - System Checkpoint
RP1047: 10/23/2007 1:55:35 PM - System Checkpoint
RP1048: 10/24/2007 2:32:03 PM - System Checkpoint
RP1049: 10/25/2007 2:38:27 PM - System Checkpoint
RP1050: 10/26/2007 3:32:03 PM - System Checkpoint
RP1051: 10/27/2007 3:32:03 PM - System Checkpoint
RP1052: 10/28/2007 4:32:03 PM - System Checkpoint
RP1053: 10/29/2007 5:31:50 PM - System Checkpoint
RP1054: 10/30/2007 5:54:46 PM - System Checkpoint
RP1055: 10/31/2007 6:47:22 PM - System Checkpoint
RP1056: 11/1/2007 6:47:22 PM - System Checkpoint
RP1057: 11/2/2007 7:47:22 PM - System Checkpoint
RP1058: 11/3/2007 8:47:22 PM - System Checkpoint
RP1059: 11/4/2007 8:47:09 PM - System Checkpoint
RP1060: 11/5/2007 9:47:09 PM - System Checkpoint
RP1061: 11/6/2007 9:47:09 PM - System Checkpoint
RP1062: 11/7/2007 11:08:36 PM - System Checkpoint
RP1063: 11/8/2007 11:47:09 PM - System Checkpoint
RP1064: 11/10/2007 12:47:09 AM - System Checkpoint
RP1065: 11/11/2007 12:47:09 AM - System Checkpoint
RP1066: 11/12/2007 10:35:00 AM - System Checkpoint
RP1067: 11/12/2007 2:21:52 PM - Installed Microsoft Visual C++ 2005

Redistributable
RP1068: 11/13/2007 12:08:15 PM - Installed Debugging Tools for Windows
RP1069: 11/14/2007 1:08:55 PM - System Checkpoint
RP1070: 11/14/2007 1:51:23 PM - Software Distribution Service 3.0
RP1071: 11/14/2007 1:53:48 PM - Installed Windows XP KB943460.
RP1072: 11/15/2007 2:02:02 PM - System Checkpoint
RP1073: 11/16/2007 2:59:53 PM - System Checkpoint
RP1074: 11/17/2007 3:45:23 PM - System Checkpoint
RP1075: 11/18/2007 4:52:18 PM - System Checkpoint
RP1076: 11/19/2007 5:45:11 PM - System Checkpoint
RP1077: 11/20/2007 7:16:37 PM - System Checkpoint
RP1078: 11/21/2007 7:45:11 PM - System Checkpoint
RP1079: 11/22/2007 7:46:16 PM - System Checkpoint
RP1080: 11/23/2007 1:48:47 PM - Software Distribution Service 3.0
RP1081: 11/24/2007 2:29:41 PM - System Checkpoint
RP1082: 11/25/2007 3:38:48 PM - System Checkpoint
RP1083: 11/26/2007 4:29:29 PM - System Checkpoint
RP1084: 11/27/2007 4:44:34 PM - System Checkpoint
RP1085: 11/29/2007 8:18:08 AM - System Checkpoint
RP1086: 12/6/2007 12:14:56 PM - System Checkpoint
RP1087: 12/7/2007 12:18:55 PM - System Checkpoint
RP1088: 12/8/2007 1:33:18 PM - System Checkpoint
RP1089: 12/9/2007 1:42:55 PM - System Checkpoint
RP1090: 12/10/2007 2:36:59 PM - System Checkpoint
RP1091: 12/11/2007 3:18:43 PM - System Checkpoint
RP1092: 12/12/2007 3:00:21 AM - Software Distribution Service 3.0
RP1093: 12/12/2007 3:01:24 AM - Installed Windows XP KB944653.
RP1094: 12/12/2007 3:03:04 AM - Installed Windows XP KB942615.
RP1095: 12/12/2007 3:04:48 AM - Installed Windows XP KB941568.
RP1096: 12/12/2007 3:06:02 AM - Installed Windows XP KB941569.
RP1097: 12/12/2007 3:07:21 AM - Installed Windows XP KB942763.
RP1098: 12/12/2007 3:13:02 AM - Installed Windows XP KB942840.
RP1099: 12/12/2007 3:14:19 AM - Installed Windows XP KB937894.
RP1100: 12/13/2007 3:24:55 AM - System Checkpoint
RP1101: 12/14/2007 4:24:55 AM - System Checkpoint
RP1102: 12/15/2007 5:24:55 AM - System Checkpoint
RP1103: 12/16/2007 7:37:01 AM - System Checkpoint
RP1104: 12/17/2007 3:43:16 PM - System Checkpoint
RP1105: 12/18/2007 4:19:37 PM - System Checkpoint
RP1106: 12/21/2007 10:12:18 AM - System Checkpoint
RP1107: 12/22/2007 3:00:24 AM - Software Distribution Service 3.0
RP1108: 12/22/2007 3:01:42 AM - Installed Windows XP KB946627.
RP1109: 12/23/2007 3:52:19 AM - System Checkpoint
RP1110: 12/24/2007 4:52:19 AM - System Checkpoint
RP1111: 12/25/2007 5:52:05 AM - System Checkpoint
RP1112: 12/26/2007 6:52:05 AM - System Checkpoint
RP1113: 12/27/2007 7:52:05 AM - System Checkpoint
RP1114: 12/28/2007 8:52:05 AM - System Checkpoint
RP1115: 12/31/2007 4:13:01 PM - System Checkpoint
RP1116: 1/1/2008 4:56:23 PM - System Checkpoint
RP1117: 1/2/2008 5:56:23 PM - System Checkpoint
RP1118: 1/3/2008 6:56:23 PM - System Checkpoint
RP1119: 1/4/2008 7:56:23 PM - System Checkpoint
RP1120: 1/5/2008 8:56:23 PM - System Checkpoint
RP1121: 1/6/2008 9:56:23 PM - System Checkpoint
RP1122: 1/7/2008 10:56:23 PM - System Checkpoint
RP1123: 1/8/2008 11:55:56 PM - System Checkpoint
RP1124: 1/9/2008 3:00:18 AM - Software Distribution Service 3.0
RP1125: 1/9/2008 3:01:26 AM - Installed Windows XP KB943485.
RP1126: 1/9/2008 3:02:31 AM - Installed Windows XP KB941644.
RP1127: 1/10/2008 3:15:20 AM - System Checkpoint
RP1128: 1/11/2008 3:15:20 AM - System Checkpoint
RP1129: 1/12/2008 4:15:20 AM - System Checkpoint
RP1130: 1/13/2008 4:15:20 AM - System Checkpoint
RP1131: 1/14/2008 4:15:20 AM - System Checkpoint
RP1132: 1/15/2008 4:15:20 AM - System Checkpoint
RP1133: 1/16/2008 5:15:20 AM - System Checkpoint
RP1134: 1/17/2008 5:15:20 AM - System Checkpoint
RP1135: 1/18/2008 6:15:20 AM - System Checkpoint
RP1136: 1/18/2008 12:04:22 PM - Installed hp deskjet 5600
RP1137: 1/19/2008 12:15:03 PM - System Checkpoint
RP1138: 1/20/2008 1:15:03 PM - System Checkpoint
RP1139: 1/21/2008 1:15:03 PM - System Checkpoint
RP1140: 1/22/2008 2:15:03 PM - System Checkpoint
RP1141: 1/23/2008 3:15:03 PM - System Checkpoint
RP1142: 1/24/2008 4:15:03 PM - System Checkpoint
RP1143: 1/25/2008 5:14:51 PM - System Checkpoint
RP1144: 1/26/2008 6:14:51 PM - System Checkpoint
RP1145: 1/27/2008 7:14:51 PM - System Checkpoint
RP1146: 1/28/2008 8:14:51 PM - System Checkpoint
RP1147: 1/29/2008 8:14:51 PM - System Checkpoint
RP1148: 1/30/2008 8:14:51 PM - System Checkpoint
RP1149: 1/31/2008 8:14:51 PM - System Checkpoint
RP1150: 2/1/2008 8:14:51 PM - System Checkpoint
RP1151: 2/2/2008 9:14:51 PM - System Checkpoint
RP1152: 2/3/2008 9:14:51 PM - System Checkpoint
RP1153: 2/4/2008 9:14:51 PM - System Checkpoint
RP1154: 2/5/2008 9:14:51 PM - System Checkpoint
RP1155: 2/6/2008 10:14:23 PM - System Checkpoint
RP1156: 2/7/2008 10:14:23 PM - System Checkpoint
RP1157: 2/8/2008 11:14:23 PM - System Checkpoint
RP1158: 2/10/2008 12:14:23 AM - System Checkpoint
RP1159: 2/11/2008 12:14:23 AM - System Checkpoint
RP1160: 2/12/2008 1:14:23 AM - System Checkpoint
RP1161: 2/13/2008 2:14:23 AM - System Checkpoint
RP1162: 2/14/2008 2:14:23 AM - System Checkpoint
RP1163: 2/15/2008 3:14:23 AM - System Checkpoint
RP1164: 2/16/2008 4:14:23 AM - System Checkpoint
RP1165: 2/17/2008 5:14:23 AM - System Checkpoint
RP1166: 2/18/2008 6:14:23 AM - System Checkpoint
RP1167: 2/19/2008 3:00:20 AM - Software Distribution Service 3.0
RP1168: 2/19/2008 3:01:39 AM - Installed Windows XP KB946026.
RP1169: 2/20/2008 3:00:19 AM - Software Distribution Service 3.0
RP1170: 2/20/2008 3:01:37 AM - Installed Windows XP KB943055.
RP1171: 2/21/2008 3:11:54 AM - System Checkpoint
RP1172: 2/22/2008 4:11:54 AM - System Checkpoint
RP1173: 2/23/2008 5:11:54 AM - System Checkpoint
RP1174: 2/24/2008 6:04:34 AM - System Checkpoint
RP1175: 2/25/2008 7:04:34 AM - System Checkpoint
RP1176: 2/26/2008 8:04:34 AM - System Checkpoint
RP1177: 2/27/2008 9:04:34 AM - System Checkpoint
RP1178: 2/28/2008 3:00:22 AM - Software Distribution Service 3.0
RP1179: 2/28/2008 3:01:52 AM - Installed Windows XP KB944533.
RP1180: 2/29/2008 3:16:51 AM - System Checkpoint
RP1181: 3/1/2008 4:16:51 AM - System Checkpoint
RP1182: 3/2/2008 5:16:51 AM - System Checkpoint
RP1183: 3/3/2008 6:16:51 AM - System Checkpoint
RP1184: 3/4/2008 6:45:06 AM - System Checkpoint
RP1185: 3/5/2008 9:49:01 AM - System Checkpoint
RP1186: 3/6/2008 10:37:28 AM - System Checkpoint
RP1187: 3/7/2008 11:37:28 AM - System Checkpoint
RP1188: 3/8/2008 12:37:28 PM - System Checkpoint
RP1189: 3/9/2008 2:37:28 PM - System Checkpoint
RP1190: 3/10/2008 3:37:06 PM - System Checkpoint
RP1191: 3/12/2008 12:11:52 PM - System Checkpoint
RP1192: 3/12/2008 12:33:53 PM - Software Distribution Service 3.0
RP1193: 3/13/2008 12:42:36 PM - System Checkpoint
RP1194: 3/14/2008 1:41:31 PM - System Checkpoint
RP1195: 3/15/2008 2:41:31 PM - System Checkpoint
RP1196: 3/16/2008 3:41:31 PM - System Checkpoint
RP1197: 3/17/2008 4:41:19 PM - System Checkpoint
RP1198: 3/21/2008 10:38:10 AM - System Checkpoint
RP1199: 3/24/2008 12:21:37 PM - System Checkpoint
RP1200: 3/25/2008 12:43:27 PM - System Checkpoint
RP1201: 3/26/2008 1:44:32 PM - System Checkpoint
RP1202: 3/27/2008 2:43:27 PM - System Checkpoint
RP1203: 3/28/2008 2:43:27 PM - System Checkpoint
RP1204: 3/29/2008 3:43:27 PM - System Checkpoint
RP1205: 3/30/2008 4:43:27 PM - System Checkpoint
RP1206: 3/31/2008 5:43:27 PM - System Checkpoint
RP1207: 4/1/2008 6:43:27 PM - System Checkpoint
RP1208: 4/2/2008 7:43:27 PM - System Checkpoint
RP1209: 4/3/2008 7:43:27 PM - System Checkpoint
RP1210: 4/4/2008 8:43:08 PM - System Checkpoint
RP1211: 4/7/2008 1:57:21 PM - System Checkpoint
RP1212: 4/8/2008 2:27:14 PM - System Checkpoint
RP1213: 4/9/2008 11:59:24 AM - Software Distribution Service 3.0
RP1214: 4/9/2008 12:04:07 PM - Installed Windows XP KB945553.
RP1215: 4/9/2008 12:09:39 PM - Installed Windows XP KB944338.
RP1216: 4/9/2008 12:21:54 PM - Installed Windows XP KB948590.
RP1217: 4/9/2008 12:26:37 PM - Installed Windows XP KB941693.
RP1218: 4/9/2008 12:33:10 PM - Installed Windows XP KB947864.
RP1219: 4/9/2008 12:40:04 PM - Installed Windows XP KB948881.
RP1220: 4/10/2008 1:09:54 PM - System Checkpoint
RP1221: 4/11/2008 1:28:43 PM - System Checkpoint
RP1222: 4/12/2008 2:09:42 PM - System Checkpoint
RP1223: 4/13/2008 3:09:42 PM - System Checkpoint
RP1224: 4/14/2008 3:09:42 PM - System Checkpoint
RP1225: 4/15/2008 4:09:42 PM - System Checkpoint
RP1226: 4/16/2008 5:09:42 PM - System Checkpoint
RP1227: 4/17/2008 6:09:42 PM - System Checkpoint
RP1228: 4/19/2008 6:21:22 PM - System Checkpoint
RP1229: 4/23/2008 10:49:38 AM - System Checkpoint
RP1230: 4/24/2008 11:36:23 AM - System Checkpoint
RP1231: 4/25/2008 12:36:12 PM - System Checkpoint
RP1232: 4/26/2008 1:36:12 PM - System Checkpoint
RP1233: 4/27/2008 2:36:12 PM - System Checkpoint
RP1234: 4/28/2008 3:36:12 PM - System Checkpoint
RP1235: 4/29/2008 4:36:12 PM - System Checkpoint
RP1236: 4/30/2008 4:37:17 PM - System Checkpoint
RP1237: 5/1/2008 5:36:12 PM - System Checkpoint
RP1238: 5/2/2008 6:36:00 PM - System Checkpoint
RP1239: 5/3/2008 7:36:00 PM - System Checkpoint
RP1240: 5/6/2008 1:45:46 PM - System Checkpoint
RP1241: 5/7/2008 3:46:17 PM - System Checkpoint
RP1242: 5/8/2008 3:52:34 PM - System Checkpoint
RP1243: 5/11/2008 11:44:22 AM - System Checkpoint
RP1244: 5/12/2008 12:05:28 PM - System Checkpoint
RP1245: 5/13/2008 1:07:40 PM - System Checkpoint
RP1246: 5/14/2008 1:54:44 PM - System Checkpoint
RP1247: 5/15/2008 3:00:19 AM - Software Distribution Service 3.0
RP1248: 5/15/2008 3:01:57 AM - Installed Windows XP KB950749.
RP1249: 5/16/2008 3:12:31 AM - System Checkpoint
RP1250: 5/17/2008 3:00:19 AM - Software Distribution Service 3.0
RP1251: 5/18/2008 3:25:36 AM - System Checkpoint
RP1252: 5/19/2008 4:25:36 AM - System Checkpoint
RP1253: 5/20/2008 5:25:36 AM - System Checkpoint
RP1254: 5/21/2008 6:25:36 AM - System Checkpoint
RP1255: 6/11/2008 11:14:47 AM - System Checkpoint
RP1256: 6/12/2008 3:00:22 AM - Software Distribution Service 3.0
RP1257: 6/12/2008 3:01:46 AM - Installed Windows XP KB951376.
RP1258: 6/12/2008 3:03:18 AM - Installed Windows XP KB950760.
RP1259: 6/12/2008 3:05:00 AM - Installed Windows XP KB950762.
RP1260: 6/13/2008 3:18:52 AM - System Checkpoint
RP1261: 6/14/2008 3:00:26 AM - Software Distribution Service 3.0
RP1262: 6/14/2008 3:02:08 AM - Installed Windows XP KB950759.
RP1263: 6/14/2008 3:05:12 AM - Installed Windows XP KB951698.
RP1264: 6/15/2008 3:15:25 AM - System Checkpoint
RP1265: 6/16/2008 4:15:25 AM - System Checkpoint
RP1266: 6/17/2008 5:15:25 AM - System Checkpoint
RP1267: 6/18/2008 6:15:25 AM - System Checkpoint
RP1268: 6/19/2008 7:15:14 AM - System Checkpoint
RP1269: 6/20/2008 8:16:19 AM - System Checkpoint
RP1270: 6/21/2008 9:15:14 AM - System Checkpoint
RP1271: 6/22/2008 10:15:14 AM - System Checkpoint
RP1272: 6/23/2008 11:15:14 AM - System Checkpoint
RP1273: 6/24/2008 12:15:14 PM - System Checkpoint
RP1274: 6/25/2008 3:00:19 AM - Software Distribution Service 3.0
RP1275: 6/25/2008 3:01:25 AM - Installed Windows XP KB951376-v2.
RP1276: 6/26/2008 3:11:42 AM - System Checkpoint
RP1277: 6/27/2008 4:11:42 AM - System Checkpoint
RP1278: 6/28/2008 5:11:42 AM - System Checkpoint
RP1279: 6/29/2008 6:11:42 AM - System Checkpoint
RP1280: 6/30/2008 7:11:42 AM - System Checkpoint
RP1281: 7/3/2008 5:43:08 PM - System Checkpoint
RP1282: 7/4/2008 6:27:22 PM - System Checkpoint
RP1283: 7/5/2008 7:27:22 PM - System Checkpoint
RP1284: 7/6/2008 8:27:22 PM - System Checkpoint
RP1285: 7/7/2008 9:27:22 PM - System Checkpoint
RP1286: 7/15/2008 1:23:21 PM - System Checkpoint
RP1287: 7/16/2008 1:39:59 PM - System Checkpoint
RP1288: 7/17/2008 1:40:12 PM - System Checkpoint
RP1289: 7/18/2008 12:34:05 PM - Installed QuickBooks.
RP1290: 7/21/2008 12:02:49 PM - System Checkpoint
RP1291: 7/22/2008 10:24:38 AM - Software Distribution Service 3.0
RP1292: 7/22/2008 10:28:12 AM - Installed Windows XP KB951748.
RP1293: 7/22/2008 11:02:52 AM - Software Distribution Service 3.0
RP1294: 7/23/2008 11:59:30 AM - System Checkpoint
RP1295: 7/25/2008 1:46:21 PM - System Checkpoint
RP1296: 7/26/2008 2:13:07 PM - System Checkpoint
RP1297: 7/27/2008 5:22:39 PM - System Checkpoint
RP1298: 7/28/2008 6:08:11 PM - System Checkpoint
RP1299: 7/29/2008 6:52:02 PM - System Checkpoint
RP1300: 7/30/2008 7:52:03 PM - System Checkpoint
RP1301: 8/1/2008 10:20:09 AM - System Checkpoint
RP1302: 8/2/2008 3:32:23 PM - System Checkpoint
RP1303: 8/3/2008 4:21:15 PM - System Checkpoint
RP1304: 8/4/2008 5:49:00 PM - System Checkpoint
RP1305: 8/5/2008 6:39:42 PM - System Checkpoint
RP1306: 8/6/2008 6:42:53 PM - System Checkpoint
RP1307: 8/8/2008 8:03:45 AM - System Checkpoint
RP1308: 8/9/2008 8:44:58 AM - System Checkpoint
RP1309: 8/10/2008 9:08:35 AM - System Checkpoint
RP1310: 8/11/2008 10:08:35 AM - System Checkpoint
RP1311: 8/12/2008 11:08:35 AM - System Checkpoint
RP1312: 8/13/2008 11:09:40 AM - System Checkpoint
RP1313: 8/14/2008 10:06:45 AM - Installed Dell Support Center.
RP1314: 8/15/2008 3:00:27 AM - Software Distribution Service 3.0
RP1315: 8/15/2008 3:03:09 AM - Installed Windows XP KB953838.
RP1316: 8/15/2008 3:06:29 AM - Installed Windows XP KB951066.
RP1317: 8/15/2008 3:08:11 AM - Installed Windows XP KB952287.
RP1318: 8/15/2008 3:11:25 AM - Installed Windows XP KB951072-v2.
RP1319: 8/15/2008 3:20:09 AM - Installed Windows XP KB950974.
RP1320: 8/15/2008 3:22:19 AM - Installed Windows XP KB953839.
RP1321: 8/15/2008 3:24:09 AM - Installed Windows XP KB952954.
RP1322: 8/16/2008 1:15:30 PM - System Checkpoint
RP1323: 8/17/2008 3:07:27 PM - System Checkpoint
RP1324: 8/18/2008 3:49:16 PM - System Checkpoint
RP1325: 8/19/2008 4:14:57 PM - System Checkpoint
RP1326: 8/20/2008 4:53:25 PM - System Checkpoint
RP1327: 8/21/2008 12:16:27 PM - Installed Adobe Reader 7.1.0
RP1328: 8/22/2008 2:02:37 PM - System Checkpoint
RP1329: 8/23/2008 2:09:58 PM - System Checkpoint
RP1330: 8/24/2008 3:09:58 PM - System Checkpoint
RP1331: 8/25/2008 3:37:18 PM - System Checkpoint
RP1332: 8/28/2008 2:17:59 PM - System Checkpoint
RP1333: 8/29/2008 2:23:34 PM - System Checkpoint
RP1334: 8/30/2008 3:22:29 PM - System Checkpoint
RP1335: 8/31/2008 3:48:59 PM - System Checkpoint
RP1336: 9/2/2008 11:19:01 AM - System Checkpoint
RP1337: 9/3/2008 4:17:33 PM - System Checkpoint
RP1338: 9/7/2008 7:50:58 PM - System Checkpoint
RP1339: 9/8/2008 7:53:34 PM - System Checkpoint
RP1340: 9/9/2008 8:53:34 PM - System Checkpoint
RP1341: 9/10/2008 3:00:22 AM - Software Distribution Service 3.0
RP1342: 9/10/2008 3:02:19 AM - Installed Windows XP KB938464.
RP1343: 9/10/2008 1:01:27 PM - Software Distribution Service 3.0
RP1344: 9/15/2008 2:35:30 PM - System Checkpoint
RP1345: 9/16/2008 2:41:10 PM - System Checkpoint
RP1346: 9/18/2008 7:10:28 AM - System Checkpoint
RP1347: 9/19/2008 1:32:22 PM - System Checkpoint
RP1348: 9/20/2008 2:08:44 PM - System Checkpoint
RP1349: 9/21/2008 3:20:44 PM - System Checkpoint
RP1350: 9/22/2008 12:21:56 PM - Software Distribution Service 3.0
RP1351: 9/23/2008 3:38:51 PM - System Checkpoint
RP1352: 9/24/2008 4:22:51 PM - System Checkpoint
RP1353: 9/25/2008 5:22:51 PM - System Checkpoint
RP1354: 9/26/2008 6:22:43 PM - System Checkpoint
RP1355: 9/27/2008 6:22:43 PM - System Checkpoint
RP1356: 9/28/2008 6:22:43 PM - System Checkpoint
RP1357: 9/29/2008 6:22:43 PM - System Checkpoint
RP1358: 9/30/2008 6:22:43 PM - System Checkpoint
RP1359: 10/6/2008 3:58:09 PM - Software Distribution Service 3.0
RP1360: 10/7/2008 3:59:17 PM - System Checkpoint
RP1361: 10/8/2008 12:29:38 PM - Installed iTunes
RP1362: 10/8/2008 12:45:08 PM - Installed Simplify Media.
RP1363: 10/9/2008 2:06:33 PM - System Checkpoint
RP1364: 10/10/2008 2:18:53 PM - System Checkpoint
RP1365: 10/12/2008 1:29:35 PM - System Checkpoint
RP1366: 10/13/2008 1:44:45 PM - System Checkpoint
RP1367: 10/14/2008 2:16:21 PM - System Checkpoint
RP1368: 10/15/2008 3:00:13 AM - Software Distribution Service 3.0
RP1369: 10/15/2008 3:02:16 AM - Installed Windows XP KB956390.
RP1370: 10/15/2008 3:12:08 AM - Installed Windows XP KB956841.
RP1371: 10/15/2008 3:15:03 AM - Installed Windows XP KB954211.
RP1372: 10/15/2008 3:16:37 AM - Installed Windows XP KB957095.
RP1373: 10/15/2008 3:18:10 AM - Installed Windows XP KB956391.
RP1374: 10/15/2008 3:19:32 AM - Installed Windows XP KB956803.
RP1375: 10/16/2008 3:52:32 PM - System Checkpoint
RP1376: 10/17/2008 4:01:15 PM - System Checkpoint
RP1377: 10/18/2008 5:01:15 PM - System Checkpoint
RP1378: 10/19/2008 6:01:15 PM - System Checkpoint
RP1379: 10/21/2008 10:07:17 AM - System Checkpoint
RP1380: 10/22/2008 10:49:12 AM - System Checkpoint
RP1381: 10/28/2008 8:51:17 AM - Software Distribution Service 3.0
RP1382: 10/28/2008 8:54:20 AM - Installed Windows XP KB958644.
RP1383: 10/29/2008 9:17:24 AM - System Checkpoint
RP1384: 10/30/2008 2:27:04 PM - System Checkpoint
RP1385: 10/31/2008 5:17:25 PM - System Checkpoint
RP1386: 11/1/2008 5:51:31 PM - System Checkpoint
RP1387: 11/2/2008 5:51:31 PM - System Checkpoint
RP1388: 11/3/2008 5:51:58 PM - System Checkpoint
RP1389: 11/4/2008 6:10:59 PM - System Checkpoint
RP1390: 11/5/2008 7:10:59 PM - System Checkpoint
RP1391: 11/6/2008 8:10:59 PM - System Checkpoint
RP1392: 11/7/2008 8:23:29 PM - System Checkpoint
RP1393: 11/8/2008 10:14:36 PM - System Checkpoint
RP1394: 11/9/2008 11:10:59 PM - System Checkpoint
RP1395: 11/10/2008 11:36:02 PM - System Checkpoint
RP1396: 11/12/2008 12:36:02 AM - System Checkpoint
RP1397: 11/13/2008 1:36:02 AM - System Checkpoint
RP1398: 11/13/2008 3:00:12 AM - Software Distribution Service 3.0
RP1399: 11/13/2008 3:02:38 AM - Installed Windows XP KB955069.
RP1400: 11/13/2008 3:04:32 AM - Installed Windows XP KB957097.
RP1401: 11/14/2008 3:19:06 AM - System Checkpoint
RP1402: 11/17/2008 12:59:34 PM - System Checkpoint
RP1403: 11/19/2008 1:17:13 PM - System Checkpoint
RP1404: 11/20/2008 2:29:25 PM - System Checkpoint
RP1405: 11/25/2008 2:12:07 PM - System Checkpoint
RP1406: 11/26/2008 2:26:31 PM - System Checkpoint
RP1407: 11/27/2008 3:26:31 PM - System Checkpoint
RP1408: 11/28/2008 3:26:31 PM - System Checkpoint
RP1409: 11/29/2008 3:26:32 PM - System Checkpoint
RP1410: 12/3/2008 1:24:20 PM - System Checkpoint
RP1411: 12/9/2008 1:16:03 PM - System Checkpoint
RP1412: 12/10/2008 2:03:29 PM - System Checkpoint
RP1413: 12/11/2008 3:00:11 AM - Software Distribution Service 3.0
RP1414: 12/11/2008 3:01:55 AM - Installed Windows XP KB956802.
RP1415: 12/11/2008 3:04:15 AM - Installed Windows XP KB954600.
RP1416: 12/11/2008 3:11:31 AM - Installed Windows XP KB958215.
RP1417: 12/11/2008 3:14:48 AM - Installed Windows XP KB955839.
RP1418: 12/11/2008 3:15:05 AM - Installed Windows Media Player KB952069.
RP1419: 12/12/2008 3:24:59 AM - System Checkpoint
RP1420: 12/13/2008 3:25:00 AM - System Checkpoint
RP1421: 12/14/2008 3:25:00 AM - System Checkpoint
RP1422: 12/15/2008 10:40:41 AM - System Checkpoint
RP1423: 12/22/2008 11:46:29 AM - System Checkpoint
RP1424: 12/23/2008 3:00:12 AM - Software Distribution Service 3.0
RP1425: 12/23/2008 3:02:32 AM - Installed Windows XP KB960714.
RP1426: 12/24/2008 3:13:47 AM - System Checkpoint
RP1427: 12/25/2008 4:13:47 AM - System Checkpoint
RP1428: 12/26/2008 5:13:47 AM - System Checkpoint
RP1429: 12/27/2008 6:13:48 AM - System Checkpoint
RP1430: 12/30/2008 10:47:24 AM - System Checkpoint
RP1431: 1/7/2009 8:41:16 AM - System Checkpoint
RP1432: 1/8/2009 11:16:58 AM - System Checkpoint
RP1433: 1/9/2009 12:03:30 PM - System Checkpoint
RP1434: 1/10/2009 1:03:30 PM - System Checkpoint
RP1435: 1/11/2009 2:03:30 PM - System Checkpoint
RP1436: 1/12/2009 3:03:30 PM - System Checkpoint
RP1437: 1/13/2009 3:04:35 PM - System Checkpoint
RP1438: 1/14/2009 4:03:30 PM - System Checkpoint
RP1439: 1/15/2009 5:03:30 PM - System Checkpoint
RP1440: 1/21/2009 11:44:56 AM - Software Distribution Service 3.0
RP1441: 1/21/2009 11:58:13 AM - Installed Windows XP KB958687.
RP1442: 1/22/2009 12:08:45 PM - System Checkpoint
RP1443: 1/23/2009 1:08:45 PM - System Checkpoint
RP1444: 1/24/2009 2:08:45 PM - System Checkpoint
RP1445: 1/25/2009 3:08:45 PM - System Checkpoint
RP1446: 1/26/2009 4:08:45 PM - System Checkpoint
RP1447: 1/27/2009 1:58:03 PM - Removed Simplify Media.
RP1448: 1/27/2009 1:58:10 PM - Installed Simplify Media.
RP1449: 1/28/2009 2:08:45 PM - System Checkpoint
RP1450: 1/29/2009 2:38:06 PM - System Checkpoint
RP1451: 1/30/2009 3:32:24 PM - System Checkpoint
RP1452: 1/31/2009 3:32:24 PM - System Checkpoint
RP1453: 2/1/2009 3:32:25 PM - System Checkpoint
RP1454: 2/2/2009 3:32:25 PM - System Checkpoint
RP1455: 2/3/2009 3:32:25 PM - System Checkpoint
RP1456: 2/4/2009 3:33:30 PM - System Checkpoint
RP1457: 2/5/2009 3:44:50 PM - System Checkpoint
RP1458: 2/6/2009 4:43:45 PM - System Checkpoint
RP1459: 2/7/2009 4:57:15 PM - System Checkpoint
RP1460: 2/8/2009 5:56:45 PM - System Checkpoint
RP1461: 2/9/2009 5:21:28 PM - Software Distribution Service 3.0
RP1462: 2/9/2009 5:23:02 PM - Installed Windows XP WgaNotify.
RP1463: 2/10/2009 5:43:45 PM - System Checkpoint
RP1464: 2/11/2009 5:43:45 PM - System Checkpoint
RP1465: 2/12/2009 3:00:11 AM - Software Distribution Service 3.0
RP1466: 2/12/2009 3:02:20 AM - Installed Windows XP KB960715.
RP1467: 2/13/2009 3:20:12 AM - System Checkpoint
RP1468: 2/14/2009 4:13:27 AM - System Checkpoint
RP1469: 2/16/2009 2:27:59 PM - System Checkpoint
RP1470: 2/17/2009 3:26:03 PM - System Checkpoint
RP1471: 2/18/2009 4:26:03 PM - System Checkpoint
RP1472: 2/19/2009 5:26:03 PM - System Checkpoint
RP1473: 2/23/2009 2:26:17 PM - System Checkpoint
RP1474: 2/24/2009 2:59:09 PM - System Checkpoint
RP1475: 2/24/2009 6:21:59 PM - Software Distribution Service 3.0
RP1476: 2/24/2009 6:24:01 PM - Installed Windows XP KB967715.
RP1477: 2/25/2009 6:30:20 PM - System Checkpoint
RP1478: 2/26/2009 7:30:20 PM - System Checkpoint
RP1479: 2/27/2009 8:30:20 PM - System Checkpoint
RP1480: 2/28/2009 9:30:20 PM - System Checkpoint
RP1481: 3/1/2009 10:30:20 PM - System Checkpoint
RP1482: 3/2/2009 10:32:24 PM - System Checkpoint
RP1483: 3/3/2009 10:33:51 PM - System Checkpoint
RP1484: 3/4/2009 11:30:20 PM - System Checkpoint
RP1485: 3/6/2009 12:30:20 AM - System Checkpoint
RP1486: 3/7/2009 1:30:20 AM - System Checkpoint
RP1487: 3/8/2009 2:30:20 AM - System Checkpoint
RP1488: 3/9/2009 3:30:20 AM - System Checkpoint
RP1489: 3/10/2009 4:30:20 AM - System Checkpoint
RP1490: 3/11/2009 12:56:01 PM - System Checkpoint
RP1491: 3/16/2009 3:31:29 PM - System Checkpoint
RP1492: 3/17/2009 4:17:39 PM - System Checkpoint
RP1493: 3/25/2009 2:01:17 PM - System Checkpoint
RP1494: 3/26/2009 2:07:16 PM - System Checkpoint
RP1495: 3/27/2009 2:08:21 PM - System Checkpoint
RP1496: 3/28/2009 3:07:16 PM - System Checkpoint
RP1497: 4/2/2009 1:05:32 PM - Software Distribution Service 3.0
RP1498: 4/2/2009 2:25:06 PM - Installed Windows XP Service Pack 3.
RP1499: 4/2/2009 3:35:14 PM - Installed Windows XP KB938464.
RP1500: 4/2/2009 3:37:37 PM - Installed Windows XP KB950759.
RP1501: 4/2/2009 3:40:24 PM - Installed Windows XP KB950762.
RP1502: 4/2/2009 3:42:09 PM - Installed Windows XP KB950974.
RP1503: 4/2/2009 3:44:12 PM - Installed Windows XP KB951066.
RP1504: 4/2/2009 3:45:53 PM - Installed Windows XP KB951376.
RP1505: 4/2/2009 3:47:48 PM - Installed Windows XP KB951376-v2.
RP1506: 4/2/2009 3:49:27 PM - Installed Windows XP KB951698.
RP1507: 4/2/2009 3:51:18 PM - Installed Windows XP KB951748.
RP1508: 4/2/2009 3:53:25 PM - Installed Windows XP KB952287.
RP1509: 4/2/2009 3:55:04 PM - Installed Windows XP KB952954.
RP1510: 4/2/2009 3:57:02 PM - Installed Windows XP KB953838.
RP1511: 4/2/2009 3:59:52 PM - Installed Windows XP KB954211.
RP1512: 4/2/2009 4:02:00 PM - Installed Windows XP KB954600.
RP1513: 4/2/2009 4:04:10 PM - Installed Windows XP KB955069.
RP1514: 4/2/2009 4:08:35 PM - Installed Windows XP KB956390.
RP1515: 4/2/2009 4:12:57 PM - Installed Windows XP KB956802.
RP1516: 4/2/2009 4:15:00 PM - Installed Windows XP KB956803.
RP1517: 4/2/2009 4:16:40 PM - Installed Windows XP KB956841.
RP1518: 4/2/2009 4:18:42 PM - Installed Windows XP KB957095.
RP1519: 4/2/2009 4:22:51 PM - Installed Windows XP KB957097.
RP1520: 4/2/2009 4:28:51 PM - Installed Windows XP KB958215.
RP1521: 4/2/2009 4:35:14 PM - Installed Windows XP KB958644.
RP1522: 4/2/2009 4:43:24 PM - Installed Windows XP KB958687.
RP1523: 4/2/2009 4:49:58 PM - Installed Windows XP KB960714.
RP1524: 4/2/2009 4:53:52 PM - Installed Windows XP KB967715.
RP1525: 4/3/2009 5:13:05 PM - System Checkpoint
RP1526: 4/4/2009 6:13:05 PM - System Checkpoint
RP1527: 4/5/2009 6:13:06 PM - System Checkpoint
RP1528: 4/6/2009 9:27:17 PM - System Checkpoint
RP1529: 4/7/2009 10:19:12 PM - System Checkpoint
RP1530: 4/8/2009 11:19:12 PM - System Checkpoint
RP1531: 4/9/2009 11:19:12 PM - System Checkpoint
RP1532: 4/10/2009 11:43:16 PM - System Checkpoint
RP1533: 4/12/2009 12:43:16 AM - System Checkpoint
RP1534: 4/13/2009 1:43:16 AM - System Checkpoint
RP1535: 4/14/2009 2:43:16 AM - System Checkpoint
RP1536: 4/15/2009 3:43:16 AM - System Checkpoint
RP1537: 4/16/2009 4:43:16 AM - System Checkpoint
RP1538: 4/17/2009 5:43:16 AM - System Checkpoint
RP1539: 4/18/2009 6:43:16 AM - System Checkpoint
RP1540: 4/19/2009 7:43:16 AM - System Checkpoint
RP1541: 4/28/2009 11:46:12 AM - System Checkpoint
RP1542: 4/29/2009 12:43:45 PM - System Checkpoint
RP1543: 4/30/2009 1:43:45 PM - System Checkpoint
RP1544: 5/1/2009 2:43:45 PM - System Checkpoint
RP1545: 5/2/2009 3:43:45 PM - System Checkpoint
RP1546: 5/3/2009 4:43:45 PM - System Checkpoint
RP1547: 5/4/2009 5:08:46 PM - System Checkpoint
RP1548: 5/5/2009 5:10:16 PM - System Checkpoint
RP1549: 5/11/2009 4:01:39 PM - System Checkpoint
RP1550: 5/12/2009 4:22:16 PM - System Checkpoint
RP1551: 5/13/2009 3:00:16 AM - Software Distribution Service 3.0
RP1552: 5/13/2009 3:02:37 AM - Installed Windows XP KB923561.
RP1553: 5/13/2009 3:06:07 AM - Installed Windows XP KB963027.
RP1554: 5/13/2009 3:09:19 AM - Installed Windows XP KB960803.
RP1555: 5/13/2009 3:19:06 AM - Installed Windows XP KB954459.
RP1556: 5/13/2009 3:21:59 AM - Installed Windows XP KB958690.
RP1557: 5/13/2009 3:26:49 AM - Installed Windows XP KB952004.
RP1558: 5/13/2009 3:30:36 AM - Installed Windows XP KB938464-v2.
RP1559: 5/13/2009 3:34:54 AM - Installed Windows XP KB956572.
RP1560: 5/13/2009 3:38:28 AM - Installed Windows XP KB960225.
RP1561: 5/13/2009 3:40:53 AM - Installed Windows XP KB951978.
RP1562: 5/13/2009 3:43:43 AM - Installed Windows XP KB961373.
RP1563: 5/13/2009 3:46:18 AM - Installed Windows XP KB946648.
RP1564: 5/13/2009 3:48:43 AM - Installed Windows XP KB959426.
RP1565: 5/14/2009 4:00:54 AM - System Checkpoint
RP1566: 5/15/2009 3:00:11 AM - Software Distribution Service 3.0
RP1567: 5/16/2009 3:00:54 AM - System Checkpoint
RP1568: 5/18/2009 10:04:57 AM - Installed Windows XP WgaNotify.
RP1569: 5/21/2009 8:21:29 AM - System Checkpoint
RP1570: 6/4/2009 12:03:49 PM - System Checkpoint
RP1571: 6/5/2009 12:50:13 PM - System Checkpoint
RP1572: 6/8/2009 9:40:40 AM - System Checkpoint
RP1573: 6/9/2009 10:26:25 AM - System Checkpoint
RP1574: 6/10/2009 11:26:25 AM - System Checkpoint
RP1575: 6/11/2009 12:26:25 PM - System Checkpoint
RP1576: 6/12/2009 3:00:13 AM - Software Distribution Service 3.0
RP1577: 6/12/2009 3:03:07 AM - Installed Windows XP KB968537.
RP1578: 6/12/2009 3:06:16 AM - Installed Windows XP KB970238.
RP1579: 6/12/2009 3:14:01 AM - Installed Windows XP KB969898.
RP1580: 6/12/2009 3:16:49 AM - Installed Windows XP KB969897.
RP1581: 6/12/2009 3:19:56 AM - Installed Windows XP KB961501.
RP1582: 6/18/2009 7:59:45 AM - System Checkpoint
RP1583: 6/19/2009 4:17:39 PM - System Checkpoint
RP1584: 6/20/2009 5:04:52 PM - System Checkpoint
RP1585: 6/29/2009 10:18:18 AM - Software Distribution Service 3.0
RP1586: 6/30/2009 10:32:27 AM - System Checkpoint
RP1587: 7/10/2009 12:37:59 PM - System Checkpoint
RP1588: 7/11/2009 1:08:03 PM - System Checkpoint
RP1589: 7/12/2009 2:08:03 PM - System Checkpoint
RP1590: 7/13/2009 3:08:03 PM - System Checkpoint
RP1591: 7/14/2009 4:08:03 PM - System Checkpoint
RP1592: 7/15/2009 5:08:03 PM - System Checkpoint
RP1593: 7/16/2009 3:00:12 AM - Software Distribution Service 3.0
RP1594: 7/16/2009 3:02:38 AM - Installed Windows XP KB961371.
RP1595: 7/16/2009 3:11:50 AM - Installed Windows XP KB971633.
RP1596: 7/16/2009 3:14:20 AM - Installed Windows XP KB973346.
RP1597: 7/17/2009 4:08:03 AM - System Checkpoint
RP1598: 7/24/2009 9:51:15 AM - System Checkpoint
RP1599: 7/25/2009 10:33:30 AM - System Checkpoint
RP1600: 7/26/2009 11:33:30 AM - System Checkpoint
RP1601: 7/27/2009 12:33:30 PM - System Checkpoint
RP1602: 7/28/2009 1:33:30 PM - System Checkpoint
RP1603: 7/29/2009 2:33:30 PM - System Checkpoint
RP1604: 7/30/2009 5:40:22 PM - System Checkpoint
RP1605: 7/31/2009 3:00:11 AM - Software Distribution Service 3.0
RP1606: 7/31/2009 3:02:28 AM - Installed Windows XP KB972260.
RP1607: 8/3/2009 9:47:21 PM - System Checkpoint
RP1608: 8/4/2009 10:16:16 PM - System Checkpoint
RP1609: 8/5/2009 11:16:16 PM - System Checkpoint
RP1610: 8/7/2009 12:16:16 AM - System Checkpoint
RP1611: 8/8/2009 12:16:16 AM - System Checkpoint
RP1612: 8/9/2009 1:16:16 AM - System Checkpoint
RP1613: 8/10/2009 2:16:16 AM - System Checkpoint
RP1614: 8/11/2009 3:00:11 AM - Software Distribution Service 3.0
RP1615: 8/11/2009 3:20:22 AM - Installed Windows KB954550-v5.
RP1616: 8/11/2009 3:20:38 AM - Printer Driver Microsoft XPS Document Writer

Installed
RP1617: 8/11/2009 3:21:17 AM - Printer Driver Microsoft XPS Document Writer

Installed
RP1618: 8/12/2009 3:00:12 AM - Software Distribution Service 3.0
RP1619: 8/12/2009 3:02:18 AM - Installed Windows XP KB973815.
RP1620: 8/12/2009 3:09:27 AM - Installed Windows Media Player KB973540.
RP1621: 8/12/2009 3:12:41 AM - Installed Windows XP KB973354.
RP1622: 8/12/2009 3:15:16 AM - Installed Windows XP KB973507.
RP1623: 8/12/2009 3:17:31 AM - Installed Windows XP KB973869.
RP1624: 8/12/2009 3:20:03 AM - Installed Windows XP KB956744.
RP1625: 8/12/2009 3:23:09 AM - Installed Windows XP KB971557.
RP1626: 8/12/2009 3:26:01 AM - Installed Windows XP KB961118.
RP1627: 8/12/2009 3:31:57 AM - Installed Windows XP KB971657.
RP1628: 8/12/2009 3:34:33 AM - Installed Windows XP KB960859.
RP1629: 8/13/2009 3:00:11 AM - Software Distribution Service 3.0
RP1630: 8/13/2009 3:02:27 AM - Installed Windows XP KB968389.
RP1631: 8/14/2009 3:00:14 AM - Software Distribution Service 3.0
RP1632: 8/15/2009 3:13:58 AM - System Checkpoint
RP1633: 8/16/2009 3:13:58 AM - System Checkpoint
RP1634: 8/17/2009 4:27:32 AM - System Checkpoint
RP1635: 8/18/2009 5:13:59 AM - System Checkpoint
RP1636: 8/20/2009 2:26:45 PM - System Checkpoint
RP1637: 8/23/2009 3:04:46 PM - System Checkpoint
RP1638: 8/27/2009 7:54:12 AM - System Checkpoint
RP1639: 8/28/2009 3:00:11 AM - Software Distribution Service 3.0
RP1640: 8/28/2009 3:00:26 AM - Installed Windows XP KB970653-v3.
RP1641: 8/29/2009 3:32:04 AM - System Checkpoint
RP1642: 8/30/2009 4:32:04 AM - System Checkpoint
RP1643: 8/31/2009 5:32:04 AM - System Checkpoint
RP1644: 9/1/2009 6:32:04 AM - System Checkpoint
RP1645: 9/2/2009 7:32:04 AM - System Checkpoint
RP1646: 9/3/2009 3:55:44 PM - System Checkpoint
RP1647: 9/7/2009 5:00:33 PM - System Checkpoint
RP1648: 9/14/2009 12:52:19 PM - System Checkpoint
RP1649: 9/14/2009 10:50:48 PM - Software Distribution Service 3.0
RP1650: 9/14/2009 10:53:11 PM - Installed Windows XP KB971961.
RP1651: 9/14/2009 10:55:43 PM - Installed Windows XP KB956844.
RP1652: 9/14/2009 10:56:01 PM - Installed Windows Media Player KB968816.
RP1653: 9/20/2009 11:00:35 AM - System Checkpoint
RP1654: 9/21/2009 11:33:48 AM - System Checkpoint
RP1655: 9/22/2009 11:48:53 AM - System Checkpoint
RP1656: 9/25/2009 11:11:29 AM - System Checkpoint
RP1657: 9/26/2009 11:39:40 AM - System Checkpoint
RP1658: 9/27/2009 11:51:40 AM - System Checkpoint
RP1659: 9/29/2009 11:11:06 AM - System Checkpoint
RP1660: 9/30/2009 11:55:59 AM - System Checkpoint
RP1661: 10/1/2009 12:55:59 PM - System Checkpoint
RP1662: 10/6/2009 12:03:48 PM - System Checkpoint
RP1663: 10/7/2009 12:47:22 PM - System Checkpoint
RP1664: 10/9/2009 12:12:05 PM - System Checkpoint
RP1665: 10/10/2009 12:21:21 PM - System Checkpoint
RP1666: 10/11/2009 1:04:38 PM - System Checkpoint
RP1667: 10/12/2009 2:04:38 PM - System Checkpoint
RP1668: 10/13/2009 3:04:38 PM - System Checkpoint
RP1669: 10/14/2009 4:04:38 PM - System Checkpoint
RP1670: 10/15/2009 3:00:14 AM - Software Distribution Service 3.0
RP1671: 10/15/2009 3:02:38 AM - Installed Windows XP KB975467.
RP1672: 10/15/2009 3:06:13 AM - Installed Windows XP KB973525.
RP1673: 10/15/2009 3:09:33 AM - Installed Windows XP KB971486.
RP1674: 10/15/2009 3:12:18 AM - Installed Windows XP KB974571.
RP1675: 10/15/2009 3:14:41 AM - Installed Windows XP KB975025.
RP1676: 10/15/2009 3:17:03 AM - Installed Windows XP KB974112.
RP1677: 10/15/2009 3:17:18 AM - Installed Windows Media Player KB954155.
RP1678: 10/15/2009 3:19:26 AM - Installed Windows XP KB969059.
RP1679: 10/15/2009 3:30:19 AM - Installed Windows XP KB958869.
RP1680: 10/15/2009 3:32:42 AM - Installed Windows XP KB974455.
RP1681: 10/16/2009 3:58:08 AM - System Checkpoint
RP1682: 10/17/2009 4:58:08 AM - System Checkpoint
RP1683: 10/22/2009 2:16:24 PM - System Checkpoint
RP1684: 10/23/2009 3:00:27 PM - System Checkpoint
RP1685: 10/24/2009 4:00:27 PM - System Checkpoint
RP1686: 10/25/2009 5:00:27 PM - System Checkpoint
RP1687: 10/26/2009 6:00:27 PM - System Checkpoint
RP1688: 10/27/2009 7:00:27 PM - System Checkpoint
RP1689: 11/4/2009 2:08:26 PM - System Checkpoint
RP1690: 11/5/2009 4:00:13 AM - Software Distribution Service 3.0
RP1691: 11/5/2009 4:02:42 AM - Installed Windows XP KB976749.
RP1692: 11/18/2009 11:15:03 AM - System Checkpoint
RP1693: 11/19/2009 3:00:13 AM - Software Distribution Service 3.0
RP1694: 11/19/2009 3:02:13 AM - Installed Windows XP KB969947.
RP1695: 11/20/2009 3:29:57 AM - System Checkpoint
RP1696: 11/21/2009 4:29:57 AM - System Checkpoint
RP1697: 11/22/2009 5:29:57 AM - System Checkpoint
RP1698: 11/23/2009 6:29:57 AM - System Checkpoint
RP1699: 11/24/2009 6:53:57 AM - System Checkpoint
RP1700: 11/25/2009 7:29:57 AM - System Checkpoint
RP1701: 11/26/2009 3:00:13 AM - Software Distribution Service 3.0
RP1702: 11/26/2009 3:03:04 AM - Installed Windows XP KB973687.
RP1703: 11/26/2009 3:03:44 AM - Installed Windows XP KB976098-v2.
RP1704: 12/1/2009 3:18:59 PM - System Checkpoint
RP1705: 12/22/2009 1:43:00 PM - System Checkpoint
RP1706: 12/29/2009 8:45:31 AM - System Checkpoint
RP1707: 1/27/2010 10:55:09 AM - Software Distribution Service 3.0
RP1708: 1/27/2010 11:03:32 AM - Installed Windows XP KB971737.
RP1709: 1/27/2010 11:06:10 AM - Installed Windows XP KB974392.
RP1710: 1/27/2010 11:08:50 AM - Installed Windows XP KB973904.
RP1711: 1/27/2010 11:14:50 AM - Installed Windows XP KB976325.
RP1712: 1/27/2010 11:19:42 AM - Installed Windows XP KB970430.
RP1713: 2/1/2010 4:15:49 PM - Software Distribution Service 3.0
RP1714: 2/1/2010 4:21:02 PM - Installed Windows XP KB972270.
RP1715: 2/1/2010 4:23:59 PM - Installed Windows XP KB974318.
RP1716: 2/16/2010 4:43:42 PM - Software Distribution Service 3.0
RP1717: 2/16/2010 4:45:06 PM - Installed Windows XP KB978706.
RP1718: 2/16/2010 4:47:00 PM - Installed Windows XP KB977914.
RP1719: 2/16/2010 4:48:53 PM - Installed Windows XP KB975560.
RP1720: 2/16/2010 4:50:46 PM - Installed Windows XP KB978251.
RP1721: 2/16/2010 4:53:29 PM - Installed Windows XP KB975713.
RP1722: 2/16/2010 4:55:35 PM - Installed Windows XP KB978037.
RP1723: 2/16/2010 4:57:30 PM - Installed Windows XP KB955759.
RP1724: 2/16/2010 5:08:28 PM - Installed Windows XP KB978207.
RP1725: 2/16/2010 5:10:55 PM - Installed Windows XP KB971468.
RP1726: 2/16/2010 5:12:49 PM - Installed Windows XP KB978262.
RP1727: 3/8/2010 2:54:39 PM - System Checkpoint
RP1728: 3/9/2010 3:00:15 AM - Software Distribution Service 3.0
RP1729: 3/9/2010 3:00:30 AM - Installed Windows XP KB979306.
RP1730: 3/9/2010 3:04:30 AM - Installed Windows XP KB977165-v2.
RP1731: 3/10/2010 3:00:14 AM - Software Distribution Service 3.0
RP1732: 3/10/2010 3:06:47 AM - Installed Windows XP KB975561.
RP1733: 3/11/2010 3:37:50 AM - System Checkpoint
RP1734: 3/12/2010 4:25:50 AM - System Checkpoint
RP1735: 3/13/2010 5:22:28 AM - System Checkpoint
RP1736: 3/14/2010 7:22:28 AM - System Checkpoint
RP1737: 3/15/2010 8:22:28 AM - System Checkpoint
RP1738: 3/16/2010 9:22:28 AM - System Checkpoint
RP1739: 3/19/2010 5:54:20 PM - System Checkpoint
RP1740: 3/20/2010 6:39:06 PM - System Checkpoint
RP1741: 3/21/2010 7:39:06 PM - System Checkpoint
RP1742: 3/22/2010 8:39:06 PM - System Checkpoint
RP1743: 3/23/2010 9:39:06 PM - System Checkpoint
RP1744: 3/24/2010 10:39:06 PM - System Checkpoint
RP1745: 3/25/2010 11:39:06 PM - System Checkpoint
RP1746: 3/27/2010 12:39:06 AM - System Checkpoint
RP1747: 3/28/2010 1:39:06 AM - System Checkpoint
RP1748: 3/29/2010 2:39:06 AM - System Checkpoint
RP1749: 3/30/2010 3:39:06 AM - System Checkpoint
RP1750: 3/31/2010 4:39:06 AM - System Checkpoint
RP1751: 4/1/2010 5:39:07 AM - System Checkpoint
RP1752: 4/2/2010 6:39:06 AM - System Checkpoint
RP1753: 4/3/2010 6:39:08 AM - System Checkpoint
RP1754: 4/4/2010 7:39:07 AM - System Checkpoint
RP1755: 4/5/2010 8:39:07 AM - System Checkpoint
RP1756: 4/6/2010 9:39:07 AM - System Checkpoint
RP1757: 4/6/2010 6:42:59 PM - Software Distribution Service 3.0
RP1758: 4/6/2010 6:44:04 PM - Installed Windows XP KB980182.
RP1759: 4/8/2010 1:50:54 PM - System Checkpoint
RP1760: 4/9/2010 2:50:35 PM - System Checkpoint
RP1761: 4/10/2010 3:50:35 PM - System Checkpoint
RP1762: 4/11/2010 4:50:35 PM - System Checkpoint
RP1763: 4/12/2010 5:50:35 PM - System Checkpoint
RP1764: 4/15/2010 9:41:07 PM - System Checkpoint
RP1765: 4/16/2010 3:00:20 AM - Software Distribution Service 3.0
RP1766: 4/16/2010 3:02:53 AM - Installed Windows XP KB979309.
RP1767: 4/16/2010 3:05:58 AM - Installed Windows XP KB978601.
RP1768: 4/16/2010 3:08:00 AM - Installed Windows XP KB977816.
RP1769: 4/16/2010 3:10:04 AM - Installed Windows XP KB978338.
RP1770: 4/16/2010 3:12:05 AM - Installed Windows XP KB981349.
RP1771: 4/16/2010 3:25:48 AM - Installed Windows XP KB980232.
RP1772: 4/16/2010 3:28:29 AM - Installed Windows XP KB979683.
RP1773: 4/17/2010 4:02:09 AM - System Checkpoint
RP1774: 4/22/2010 4:53:10 PM - System Checkpoint
RP1775: 4/23/2010 5:13:50 PM - System Checkpoint
RP1776: 5/18/2010 5:56:40 PM - System Checkpoint
RP1777: 5/19/2010 3:00:14 AM - Software Distribution Service 3.0
RP1778: 5/19/2010 3:03:19 AM - Installed Windows XP KB978542.
RP1779: 5/20/2010 2:36:18 PM - System Checkpoint
RP1780: 5/21/2010 3:22:24 PM - System Checkpoint
RP1781: 5/22/2010 4:22:24 PM - System Checkpoint
RP1782: 5/23/2010 5:22:24 PM - System Checkpoint
RP1783: 5/24/2010 5:45:35 PM - System Checkpoint
RP1784: 5/25/2010 5:46:32 PM - System Checkpoint
RP1785: 5/26/2010 5:46:36 PM - System Checkpoint
RP1786: 5/27/2010 6:46:36 PM - System Checkpoint
RP1787: 5/28/2010 7:46:36 PM - System Checkpoint
RP1788: 5/29/2010 8:46:36 PM - System Checkpoint
RP1789: 5/30/2010 9:46:36 PM - System Checkpoint
RP1790: 5/31/2010 10:46:36 PM - System Checkpoint
RP1791: 6/1/2010 11:46:36 PM - System Checkpoint
RP1792: 6/21/2010 3:06:33 PM - System Checkpoint
RP1793: 6/22/2010 3:51:02 PM - System Checkpoint

==== Installed Programs ======================

5600
5600_Help
5600Trb
Adobe Flash Player 10 Plugin
Adobe Photoshop Album 2.0 Starter Edition
Adobe Reader 7.1.0
AiO_Scan
AiOSoftware
Alcohol 120%
AOL Explorer
AOL Instant Messenger
AutoUpdate
BitLord 1.1
BitTorrent 3.4.2
BitTorrent Acceleration Patch 4.6.2.0
Bonjour
BufferChm
Camera Support Core Library
Camera Window DS
Camera Window DVC
Camera Window MC
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DS for ZoomBrowser EX
Canon Camera Window MC 5 for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities PhotoStitch 3.1
Canon ZoomBrowser EX
CCleaner (remove only)
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
Curitel PC Card Software
CustomerResearchQFolder
Debugging Tools for Windows
Dell Support Center
DellSupport
Destinations
DeviceManagementQFolder
Direct Show Ogg Vorbis Filter (remove only)
DivX
DivX Content Uploader
DivX Web Player
DocProc
eSupportQFolder
Fax
Gmail POP Troubleshooter
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
HP Extended Capabilities 5.3
HP Image Zone Express
HP Imaging Device Functions 5.3
HP PSC & OfficeJet 5.3.B
HP Software Update
HP Solution Center & Imaging Support Tools 5.3
HPProductAssistant
HyperCam 2
Intel® PRO Ethernet Adapter and Software
InterActual Player
iTunes
J-Ball ver 1.0
LiveReg (Symantec Corporation)
Macromedia Flash Player 8
MarketResearch
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Data Access Components KB870669
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
mIRC
Mobile Connection Manager
MovieEdit Task
Mozilla Firefox (3.0.19)
MP3 Converter Simple
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
NETGEAR WG111v2 wireless USB 2.0 adapter
NewCopy
NVIDIA Display Driver
Panda ActiveScan 2.0
PANTECH PC USB Modem Software
PartyPoker
PhotoStitch
ProductContext
QT Lite 2.7.0
QuickBooks Premier: Accountant Edition 2008
QuickPar 0.9
RAW Image Task 2.1
Readme
RealPlayer
Rhapsody Player Engine
Scan
ScannerCopy
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
Simplify Media
SolutionCenter
Spybot - Search & Destroy 1.3
Status
Supertrick XG 1.6
SupportSoft Assisted Service
Symantec AntiVirus
TrayApp
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
VZAccess Manager
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3
WinRAR archiver

==== Event Viewer Messages From Past Week ========

6/25/2010 9:48:06 PM, error: DCOM [10005] - DCOM got error "%1084"

attempting to start the service MSIServer with arguments "" in order to run

the server: {000C101C-0000-0000-C000-000000000046}
6/25/2010 9:43:34 PM, error: Service Control Manager [7026] - The following

boot-start or system-start driver(s) failed to load: ASPI32 Fips intelppm
6/25/2010 9:38:10 PM, error: DCOM [10016] - The application-specific

permission settings do not grant Local Launch permission for the COM Server

application with CLSID {D851F103-8C90-4321-AFF0-58BA5BD421C2} to the user

NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be modified

using the Component Services administrative tool.
6/25/2010 9:36:00 PM, error: Service Control Manager [7000] - The Automatic

LiveUpdate Scheduler service failed to start due to the following error: The

system cannot find the path specified.
6/25/2010 6:29:40 PM, error: DCOM [10005] - DCOM got error "%1084"

attempting to start the service LiveUpdate with arguments "" in order to run

the server: {03E0E6C2-363B-11D3-B536-00902771A435}
6/25/2010 10:08:24 PM, error: DCOM [10005] - DCOM got error "%1068"

attempting to start the service IISADMIN with arguments "" in order to run

the server: {A9E69610-B80D-11D0-B9B9-00A0C922E750}
6/24/2010 1:11:08 PM, error: DCOM [10005] - DCOM got error "%1084"

attempting to start the service StiSvc with arguments "" in order to run the

server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
6/24/2010 1:03:20 PM, error: Service Control Manager [7026] - The following

boot-start or system-start driver(s) failed to load: ASPI32 eeCtrl Fips

intelppm SAVRT SAVRTPEL SYMTDI
6/24/2010 1:03:20 PM, error: Service Control Manager [7001] - The World Wide

Web Publishing service depends on the IIS Admin service which failed to start

because of the following error: The dependency service or group failed to

start.
6/24/2010 1:03:20 PM, error: Service Control Manager [7001] - The Simple

Mail Transfer Protocol (SMTP) service depends on the IIS Admin service which

failed to start because of the following error: The dependency service or

group failed to start.
6/24/2010 1:02:36 PM, error: DCOM [10005] - DCOM got error "%1084"

attempting to start the service EventSystem with arguments "" in order to run

the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/23/2010 5:27:00 PM, information: Windows File Protection [64018] - Windows

File Protection file scan was cancelled by user interaction, user name is

Hedy.
6/23/2010 5:26:44 PM, information: Windows File Protection [64004] - The

protected system file c:\windows\system32\oembios.sig could not be restored

to its original, valid version. The file version of the bad file is 0.0.0.1

The specific error code is 0x800b0100 [No signature was present in the

subject. ].
6/23/2010 5:26:43 PM, information: Windows File Protection [64020] - Windows

File Protection scan found that the system file

c:\windows\system32\oembios.sig has a bad signature. This file was restored

to the original version to maintain system stability. The file version of

the system file is 0.0.0.1.
6/23/2010 5:26:43 PM, information: Windows File Protection [64004] - The

protected system file c:\windows\system32\oembios.dat could not be restored

to its original, valid version. The file version of the bad file is 0.0.0.1

The specific error code is 0x800b0100 [No signature was present in the

subject. ].
6/23/2010 5:26:42 PM, information: Windows File Protection [64020] - Windows

File Protection scan found that the system file

c:\windows\system32\oembios.dat has a bad signature. This file was restored

to the original version to maintain system stability. The file version of

the system file is 0.0.0.1.
6/23/2010 5:26:42 PM, information: Windows File Protection [64004] - The

protected system file c:\windows\system32\oembios.bin could not be restored

to its original, valid version. The file version of the bad file is 0.0.0.1

The specific error code is 0x800b0100 [No signature was present in the

subject. ].
6/23/2010 5:26:39 PM, information: Windows File Protection [64020] - Windows

File Protection scan found that the system file

c:\windows\system32\oembios.bin has a bad signature. This file was restored

to the original version to maintain system stability. The file version of

the system file is 0.0.0.1.
6/23/2010 5:25:38 PM, information: Windows File Protection [64016] - Windows

File Protection file scan was started.
6/23/2010 5:22:26 PM, error: Service Control Manager [7023] - The Windows

Firewall/Internet Connection Sharing (ICS) service terminated with the

following error: Access is denied.
6/23/2010 4:49:02 PM, error: Service Control Manager [7032] - The Service

Control Manager tried to take a corrective action (Restart the service) after

the unexpected termination of the Windows Management Instrumentation service,

but this action failed with the following error: An instance of the service

is already running.
6/23/2010 4:45:29 PM, error: Service Control Manager [7024] - The Bonjour

Service service terminated with service-specific error 10047 (0x273F).
6/23/2010 4:34:43 PM, error: IPRIP [29012] - IPRIP was unable to bind a

socket to IP address 169.254.182.143. The data is the error code.
6/23/2010 2:30:08 PM, error: Service Control Manager [7022] - The IPv6

Helper Service service hung on starting.
6/23/2010 2:01:39 PM, error: W3SVC [115] - The service could not bind

instance 1. The data is the error code. For additional information specific

to this message please visit the Microsoft Online Support site located at:

http://www.microsoft.com/contentredirect.asp.
6/23/2010 12:55:51 PM, error: Print [19] - Sharing printer failed + 1722,

Printer QuickBooks PDF Converter share name Printer2.
6/23/2010 11:43:24 AM, error: Tcpip [4198] - The system detected an address

conflict for IP address 192.168.0.1 with the system having network hardware

address 00:15:E9:67:13:C4. The local interface has been disabled.
6/23/2010 11:43:18 AM, error: Service Control Manager [7034] - The DNS

Client service terminated unexpectedly. It has done this 1 time(s).
6/23/2010 1:15:37 PM, error: Service Control Manager [7011] - Timeout (30000

milliseconds) waiting for a transaction response from the Dnscache service.

==== End Of File ===========================


Rootkit unhooker said "error opening/loading driver" and didn't do anything.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:19 AM

Posted 25 June 2010 - 11:26 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:
    Please visit this webpage for download links, and instructions for running the tool:

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    Please ensure you read this guide carefully and install the Recovery Console first.

    The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode.
    This allows us to more easily help you should your computer have a problem after an attempted removal of malware.
    It is a simple procedure that will only take a few moments of your time.


    Once installed, you should see a blue screen prompt that says:
      The Recovery Console was successfully installed.
    Please continue as follows:
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Click Yes to allow ComboFix to continue scanning for malware.

    When the tool is finished, it will produce a report for you.

    Please include the report in your next post:

    C:\ComboFix.txt

"information and logs"
    In your next post I need the following
    1. Log from Combofix
    2. let me know of any problems you may have had
    3. How is the computer doing now?

Gringo



I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 thrillhouse

thrillhouse
  • Topic Starter

  • Members
  • 1,040 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Va
  • Local time:06:19 AM

Posted 26 June 2010 - 01:05 AM

When I try to run combofix it says Symantec is still on and I cancelled it because it warned of machine damage. I have tried the Norton Removal Tool and NoNav and there seems to be no trace of it but combofix keeps beeping and warning about symantec.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:19 AM

Posted 26 June 2010 - 01:46 AM

ok go ahead and run it


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 thrillhouse

thrillhouse
  • Topic Starter

  • Members
  • 1,040 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Va
  • Local time:06:19 AM

Posted 26 June 2010 - 10:47 AM

All this did was make it so that I cannot receive packets even in safe mode.

Other than that everything seems normal. Startup into regular mode is faster, but still have the problem of sending packets and not receiving any.

And I am leaving it off because it has no functioning antivirus.


ComboFix 10-06-25.04 - Hedy 06/26/2010 11:38:12.1.1 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.290 [GMT -4:00]
Running from: c:\documents and settings\Hedy\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Hedy\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Outdated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\progra~1\AWS\WEATHE~1\MINIbu~1.dll
c:\program files\AWS\WEATHE~1\MINIBU~1.DLL
c:\windows\system32\Cache
c:\windows\system32\Packet.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IPRIP
-------\Service_Iprip


((((((((((((((((((((((((( Files Created from 2010-05-26 to 2010-06-26 )))))))))))))))))))))))))))))))
.

2010-06-26 01:53 . 2009-06-30 13:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-06-26 01:50 . 2010-06-26 01:50 -------- d-----w- c:\program files\Panda Security
2010-06-26 01:46 . 2010-06-26 03:36 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-06-26 01:25 . 2010-06-26 01:25 -------- d-----w- c:\temp\NoNav
2010-06-23 20:37 . 2010-06-23 20:37 -------- d-----w- C:\ERDNT
2010-06-23 18:01 . 2010-06-23 18:01 -------- d-----w- c:\windows\IIS Temporary Compressed Files
2010-06-23 17:58 . 2002-08-29 10:00 9216 ----a-w- c:\windows\system32\dllcache\wamps51.dll
2010-06-23 17:57 . 2010-06-23 18:08 -------- d-----w- C:\Inetpub

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-26 15:24 . 2008-05-15 17:03 -------- d-----w- c:\program files\Mozilla Firefox 3 Beta 5
2010-06-26 05:53 . 2003-05-13 01:56 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-06-23 22:01 . 2003-05-13 01:47 -------- d--h--w- c:\program files\InstallShield Installation Information
2002-08-29 10:00 . 2002-08-29 10:00 94784 --sh--w- c:\windows\TWAIN.DLL
2008-04-14 00:12 . 2002-08-29 10:00 50688 --sh--w- c:\windows\twain_32.dll
2008-04-14 00:11 . 2002-08-29 10:00 1028096 --sha-w- c:\windows\SYSTEM32\mfc42.dll
2008-04-14 00:12 . 2002-08-29 10:00 57344 --sha-w- c:\windows\SYSTEM32\msvcirt.dll
2008-04-14 00:12 . 2002-08-29 10:00 551936 --sh--w- c:\windows\SYSTEM32\oleaut32.dll
2008-04-14 00:12 . 2002-08-29 10:00 84992 --sha-w- c:\windows\SYSTEM32\olepro32.dll
2008-04-14 00:12 . 2002-08-29 10:00 11776 --sha-w- c:\windows\SYSTEM32\regsvr32.exe
.

------- Sigcheck -------

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\SYSTEM32\DLLCACHE\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2006-11-11 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\SYSTEM32\DRIVERS\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
[-] 2006-01-13 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[-] 2006-01-13 . 583E063FDC888CA30D05C2724B0D7EF4 . 359808 . . [5.1.2600.2827] . . c:\windows\$NtUninstallKB917953$\tcpip.sys
[-] 2005-05-25 . 63FDFEA54EB53DE2D863EE454937CE1E . 359936 . . [5.1.2600.2685] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[-] 2005-05-25 . 88763A98A4C26C409741B4AA162720C9 . 359808 . . [5.1.2600.2685] . . c:\windows\$NtUninstallKB913446$\tcpip.sys
[-] 2004-12-30 . 27A5959C94EE173A063CA06BD14F021A . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893066$\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 57344]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-10-06 5058560]
"MoneyStartUp10.0"="c:\program files\Microsoft Money\System\Activation.exe" [2001-07-25 241714]
"mmtask"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2003-06-21 53248]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2002-08-14 28672]
"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 684032]
"HostManager"="c:\program files\Common Files\AOL\1125526674\ee\AOLHostManager.exe" [2005-08-02 159832]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152]
"Watcher-WatchDog"="c:\windows\system32\Wnex7DO.exe" [2004-05-20 87888]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2003-5-12 24576]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
NETGEAR WG111v2 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v2\WG111v2.exe [2006-5-17 2297856]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\BitTorrent\\btdownloadgui.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\AIM95\\aim.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\aol\\1125526674\\ee\\AOLServiceHost.exe"=
"c:\\Program Files\\LanTalk XP\\LanTalk.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\WINDOWS\\SYSTEM32\\USMT\\migwiz.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"=
"c:\\WINDOWS\\SYSTEM32\\mmc.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Simplify Media\\SimplifyMedia.exe"=
"c:\\phpdev5\\mysql\\bin\\mysqld-nt.exe"=
"c:\\phpdev5\\Apache\\Apache.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"50000:TCP"= 50000:TCP:bitlord1
"50000:UDP"= 50000:UDP:bitlord2
"22:TCP"= 22:TCP:cygwin
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 pavboot;pavboot;c:\windows\SYSTEM32\DRIVERS\pavboot.sys [6/25/2010 9:53 PM 28552]
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\SYSTEM32\DRIVERS\wg111v2.sys [3/27/2006 5:53 PM 167808]
S3 Normandy;Normandy SR2; [x]
S3 PTDMBus;PANTECH USB Modem Composite Device Driver ;c:\windows\SYSTEM32\DRIVERS\PTDMBus.sys [8/28/2008 12:19 PM 29952]
S3 PTDMMdm;PANTECH USB Modem Drivers ;c:\windows\SYSTEM32\DRIVERS\PTDMMdm.sys [8/28/2008 12:19 PM 41856]
S3 PTDMVsp;PANTECH USB Modem Serial Port ;c:\windows\SYSTEM32\DRIVERS\PTDMVsp.sys [8/28/2008 12:19 PM 39936]
S3 PTDMWWAN;PANTECH USB Modem WWAN Driver;c:\windows\SYSTEM32\DRIVERS\PTDMWWAN.sys [8/28/2008 12:19 PM 59520]
S3 PTDWBus;Curitel PC Card Composite Device driver (UDP);c:\windows\SYSTEM32\DRIVERS\PTDWBus.sys [11/12/2007 11:42 AM 27392]
S3 PTDWMdm;Curitel PC Card Drivers (UDP);c:\windows\SYSTEM32\DRIVERS\PTDWMdm.sys [11/12/2007 11:42 AM 41728]
S3 PTDWVsp;Curitel PC Card Diagnostic Serial Port (UDP);c:\windows\SYSTEM32\DRIVERS\PTDWVsp.sys [11/12/2007 11:42 AM 39808]
S3 PWCTLDRV;The NECHostController Filter Driver;c:\windows\SYSTEM32\DRIVERS\PWCTLDRV.sys [11/12/2007 11:42 AM 5888]
S3 tap0801;TAP-Win32 Adapter V8;c:\windows\SYSTEM32\DRIVERS\tap0801.sys [10/1/2006 8:37 AM 26624]
S4 a347bus;a347bus;c:\windows\SYSTEM32\DRIVERS\a347bus.sys [11/10/2004 9:18 PM 160640]
S4 a347scsi;a347scsi;c:\windows\SYSTEM32\DRIVERS\a347scsi.sys [11/10/2004 9:18 PM 5248]
S4 dev5_ap1;dev5_ap1;c:\phpdev5\Apache\Apache.exe [3/6/2009 8:36 PM 20480]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contents of the 'Scheduled Tasks' folder

2010-06-01 c:\windows\Tasks\Ad-Aware SE Personal.job
- c:\progra~1\Lavasoft\AD-AWA~2\Ad-Aware.exe [2006-05-05 18:22]
.
.
------- Supplementary Scan -------
.
uStart Page = https://onlineservices.wachovia.com/NASApp/...tion=returnHome
mStart Page = hxxp://www.dellnet.com/
uInternet Settings,ProxyServer = ftp=10.0.0.18:21;gopher=10.0.0.18:21;http=10.0.0.18:6588;https=10.0.0.18:6588;socks=10.0.0.18:1080
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &AIM Search - c:\program files\AIM Toolbar\AIMBar.dll/aimsearch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: {35AA8AB9-48FC-4CF4-86BB-6C361C03A8B5} = 10.0.0.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Hedy\Application Data\Mozilla\Firefox\Profiles\pce9ufgb.default\
FF - prefs.js: browser.startup.homepage - hxxps://onlineservices.wachovia.com/NASApp/perimeterauthentication/PerimeterServlet?action=presentLogin&url=%2FNASApp%2FNavApp%2FTitanium%3faction=returnHome
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-BS Player - BSPLAYER.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-26 11:45
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(652)
c:\windows\system32\RtlGina2.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\windows\System32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\windows\System32\tcpsvcs.exe
c:\windows\System32\wdfmgr.exe
c:\program files\Common Files\AOL\1125526674\ee\AOLServiceHost.exe
.
**************************************************************************
.
Completion time: 2010-06-26 11:54:01 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-26 15:53

Pre-Run: 39,187,759,104 bytes free
Post-Run: 39,750,397,952 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - F4BD03640704AA13D560506A56A0FACB

Edited by thrillhouse, 26 June 2010 - 12:51 PM.


#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:19 AM

Posted 26 June 2010 - 05:23 PM

Greetings

Lets try this script and let me know

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

CODE
FCopy::
c:\windows\SYSTEM32\DLLCACHE\tcpip.sys | c:\windows\SYSTEM32\DRIVERS\tcpip.sys

DDS::
ftp=10.0.0.18:21;gopher=10.0.0.18:21;http=10.0.0.18:6588;https=10.0.0.18:6588;socks=10.0.0.18:1080
uInternet Settings,ProxyServer =


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe

This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Let me have the log when complete

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 thrillhouse

thrillhouse
  • Topic Starter

  • Members
  • 1,040 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Va
  • Local time:06:19 AM

Posted 26 June 2010 - 06:10 PM

done and done:


ComboFix 10-06-25.04 - Hedy 06/26/2010 19:09:20.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.278 [GMT -4:00]
Running from: c:\documents and settings\Hedy\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Hedy\Desktop\CFScript.txt.txt
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Outdated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
--------------- FCopy ---------------

c:\windows\SYSTEM32\DLLCACHE\tcpip.sys --> c:\windows\SYSTEM32\DRIVERS\tcpip.sys
.
((((((((((((((((((((((((( Files Created from 2010-05-26 to 2010-06-26 )))))))))))))))))))))))))))))))
.

2010-06-26 01:53 . 2009-06-30 13:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-06-26 01:50 . 2010-06-26 01:50 -------- d-----w- c:\program files\Panda Security
2010-06-26 01:46 . 2010-06-26 03:36 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-06-26 01:25 . 2010-06-26 01:25 -------- d-----w- c:\temp\NoNav
2010-06-23 20:37 . 2010-06-23 20:37 -------- d-----w- C:\ERDNT
2010-06-23 18:01 . 2010-06-23 18:01 -------- d-----w- c:\windows\IIS Temporary Compressed Files
2010-06-23 17:58 . 2002-08-29 10:00 9216 ----a-w- c:\windows\system32\dllcache\wamps51.dll
2010-06-23 17:57 . 2010-06-23 18:08 -------- d-----w- C:\Inetpub

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-26 15:54 . 2008-05-15 17:03 -------- d-----w- c:\program files\Mozilla Firefox 3 Beta 5
2010-06-26 05:53 . 2003-05-13 01:56 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-06-23 22:01 . 2003-05-13 01:47 -------- d--h--w- c:\program files\InstallShield Installation Information
2002-08-29 10:00 . 2002-08-29 10:00 94784 --sh--w- c:\windows\TWAIN.DLL
2008-04-14 00:12 . 2002-08-29 10:00 50688 --sh--w- c:\windows\twain_32.dll
2008-04-14 00:11 . 2002-08-29 10:00 1028096 --sha-w- c:\windows\SYSTEM32\mfc42.dll
2008-04-14 00:12 . 2002-08-29 10:00 57344 --sha-w- c:\windows\SYSTEM32\msvcirt.dll
2008-04-14 00:12 . 2002-08-29 10:00 551936 --sh--w- c:\windows\SYSTEM32\oleaut32.dll
2008-04-14 00:12 . 2002-08-29 10:00 11776 --sha-w- c:\windows\SYSTEM32\regsvr32.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 57344]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-10-06 5058560]
"MoneyStartUp10.0"="c:\program files\Microsoft Money\System\Activation.exe" [2001-07-25 241714]
"mmtask"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2003-06-21 53248]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2002-08-14 28672]
"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 684032]
"HostManager"="c:\program files\Common Files\AOL\1125526674\ee\AOLHostManager.exe" [2005-08-02 159832]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152]
"Watcher-WatchDog"="c:\windows\system32\Wnex7DO.exe" [2004-05-20 87888]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2003-5-12 24576]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
NETGEAR WG111v2 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v2\WG111v2.exe [2006-5-17 2297856]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\BitTorrent\\btdownloadgui.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\AIM95\\aim.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\aol\\1125526674\\ee\\AOLServiceHost.exe"=
"c:\\Program Files\\LanTalk XP\\LanTalk.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\WINDOWS\\SYSTEM32\\USMT\\migwiz.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"=
"c:\\WINDOWS\\SYSTEM32\\mmc.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Simplify Media\\SimplifyMedia.exe"=
"c:\\phpdev5\\mysql\\bin\\mysqld-nt.exe"=
"c:\\phpdev5\\Apache\\Apache.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"50000:TCP"= 50000:TCP:bitlord1
"50000:UDP"= 50000:UDP:bitlord2
"22:TCP"= 22:TCP:cygwin
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 pavboot;pavboot;c:\windows\SYSTEM32\DRIVERS\pavboot.sys [6/25/2010 9:53 PM 28552]
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\SYSTEM32\DRIVERS\wg111v2.sys [3/27/2006 5:53 PM 167808]
S3 Normandy;Normandy SR2; [x]
S3 PTDMBus;PANTECH USB Modem Composite Device Driver ;c:\windows\SYSTEM32\DRIVERS\PTDMBus.sys [8/28/2008 12:19 PM 29952]
S3 PTDMMdm;PANTECH USB Modem Drivers ;c:\windows\SYSTEM32\DRIVERS\PTDMMdm.sys [8/28/2008 12:19 PM 41856]
S3 PTDMVsp;PANTECH USB Modem Serial Port ;c:\windows\SYSTEM32\DRIVERS\PTDMVsp.sys [8/28/2008 12:19 PM 39936]
S3 PTDMWWAN;PANTECH USB Modem WWAN Driver;c:\windows\SYSTEM32\DRIVERS\PTDMWWAN.sys [8/28/2008 12:19 PM 59520]
S3 PTDWBus;Curitel PC Card Composite Device driver (UDP);c:\windows\SYSTEM32\DRIVERS\PTDWBus.sys [11/12/2007 11:42 AM 27392]
S3 PTDWMdm;Curitel PC Card Drivers (UDP);c:\windows\SYSTEM32\DRIVERS\PTDWMdm.sys [11/12/2007 11:42 AM 41728]
S3 PTDWVsp;Curitel PC Card Diagnostic Serial Port (UDP);c:\windows\SYSTEM32\DRIVERS\PTDWVsp.sys [11/12/2007 11:42 AM 39808]
S3 PWCTLDRV;The NECHostController Filter Driver;c:\windows\SYSTEM32\DRIVERS\PWCTLDRV.sys [11/12/2007 11:42 AM 5888]
S3 tap0801;TAP-Win32 Adapter V8;c:\windows\SYSTEM32\DRIVERS\tap0801.sys [10/1/2006 8:37 AM 26624]
S4 a347bus;a347bus;c:\windows\SYSTEM32\DRIVERS\a347bus.sys [11/10/2004 9:18 PM 160640]
S4 a347scsi;a347scsi;c:\windows\SYSTEM32\DRIVERS\a347scsi.sys [11/10/2004 9:18 PM 5248]
S4 dev5_ap1;dev5_ap1;c:\phpdev5\Apache\Apache.exe [3/6/2009 8:36 PM 20480]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contents of the 'Scheduled Tasks' folder

2010-06-01 c:\windows\Tasks\Ad-Aware SE Personal.job
- c:\progra~1\Lavasoft\AD-AWA~2\Ad-Aware.exe [2006-05-05 18:22]
.
.
------- Supplementary Scan -------
.
uStart Page = https://onlineservices.wachovia.com/NASApp/...tion=returnHome
mStart Page = hxxp://www.dellnet.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &AIM Search - c:\program files\AIM Toolbar\AIMBar.dll/aimsearch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: {35AA8AB9-48FC-4CF4-86BB-6C361C03A8B5} = 10.0.0.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Hedy\Application Data\Mozilla\Firefox\Profiles\pce9ufgb.default\
FF - prefs.js: browser.startup.homepage - hxxps://onlineservices.wachovia.com/NASApp/perimeterauthentication/PerimeterServlet?action=presentLogin&url=%2FNASApp%2FNavApp%2FTitanium%3faction=returnHome
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-26 19:18
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(644)
c:\windows\system32\RtlGina2.dll
.
Completion time: 2010-06-26 19:23:33
ComboFix-quarantined-files.txt 2010-06-26 23:23
ComboFix2.txt 2010-06-26 15:54

Pre-Run: 39,748,964,352 bytes free
Post-Run: 39,727,218,688 bytes free

- - End Of File - - B9752673BDEEA151740730DB4884F214


#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:19 AM

Posted 26 June 2010 - 06:15 PM

All this did was make it so that I cannot receive packets even in safe mode. how is this problem doing - can you access the internet with this computer?


Gringo

Edited by gringo_pr, 26 June 2010 - 06:16 PM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 thrillhouse

thrillhouse
  • Topic Starter

  • Members
  • 1,040 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Va
  • Local time:06:19 AM

Posted 26 June 2010 - 08:10 PM

Nope, no internet access, no lan access, no nothing so far. When I sign on to windows in safe mode or normal it tries to get an ip and gets 169.x.x.x instead of 192.168.0.x

But if I go into my router and look at the clients on dhcp, I can see the infected computer and the router has it listed as 192.168.0.3

On the problem machine itself is has the bogus ip and something like 200 packets sent and 0 received.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:19 AM

Posted 26 June 2010 - 09:20 PM

Hi,

please run the following batch:

Open Notepad and copy/paste the code box below into a new text file.
CODE
@Echo on
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
  • Save the file as regquery.bat by choosing save as *All Files, and save it to your Desktop.
  • Locate "regquery.bat" and double-click on it to run. (It is important that you run the script from the drive where your operating system is installed).
  • It will open a text file, please copy the content in your next reply.
let me know if that improves anything.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 thrillhouse

thrillhouse
  • Topic Starter

  • Members
  • 1,040 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Va
  • Local time:06:19 AM

Posted 26 June 2010 - 09:48 PM

OK, now instead of bad ips in normal mode I get 0.0.0.0 and constantly acquiring new ip.
In safe mode, I get bad ip (169.254.111.224).


reset SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\Tcpip_{35AA8AB9-48FC-4CF4-86BB-6C361C03A8B5}\NetbiosOptions
old REG_DWORD = 2

deleted SYSTEM\CurrentControlSet\Services\Netbt\Parameters\EnableLmhosts
reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{35AA8AB9-48FC-4CF4-86BB-6C361C03A8B5}\DefaultGateway
old REG_MULTI_SZ =
10.0.0.1

reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{35AA8AB9-48FC-4CF4-86BB-6C361C03A8B5}\DefaultGatewayMetric
old REG_MULTI_SZ =
0

reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{35AA8AB9-48FC-4CF4-86BB-6C361C03A8B5}\EnableDhcp
old REG_DWORD = 0

reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{35AA8AB9-48FC-4CF4-86BB-6C361C03A8B5}\IpAddress
old REG_MULTI_SZ =
10.0.0.2

deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{35AA8AB9-48FC-4CF4-86BB-6C361C03A8B5}\IpAutoconfigurationAddress
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{35AA8AB9-48FC-4CF4-86BB-6C361C03A8B5}\IpAutoconfigurationMask
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{35AA8AB9-48FC-4CF4-86BB-6C361C03A8B5}\IpAutoconfigurationSeed
reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{35AA8AB9-48FC-4CF4-86BB-6C361C03A8B5}\NameServer
old REG_SZ = 10.0.0.1

reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{35AA8AB9-48FC-4CF4-86BB-6C361C03A8B5}\SubnetMask
old REG_MULTI_SZ =
255.255.255.0

reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F17F71C9-4F89-46ED-A1CC-CFC43751B593}\AddressType
old REG_DWORD = 1

added SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F17F71C9-4F89-46ED-A1CC-CFC43751B593}\DisableDynamicUpdate
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F17F71C9-4F89-46ED-A1CC-CFC43751B593}\IpAutoconfigurationAddress
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F17F71C9-4F89-46ED-A1CC-CFC43751B593}\IpAutoconfigurationMask
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F17F71C9-4F89-46ED-A1CC-CFC43751B593}\IpAutoconfigurationSeed
reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F17F71C9-4F89-46ED-A1CC-CFC43751B593}\RawIpAllowedProtocols
old REG_MULTI_SZ =
0

reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F17F71C9-4F89-46ED-A1CC-CFC43751B593}\TcpAllowedPorts
old REG_MULTI_SZ =
0

reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F17F71C9-4F89-46ED-A1CC-CFC43751B593}\UdpAllowedPorts
old REG_MULTI_SZ =
0

deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DontAddDefaultGatewayDefault
added SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\SearchList
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\UseDomainNameDevolution
<completed>


#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:19 AM

Posted 26 June 2010 - 10:03 PM

I think this is more of a network problem than a malware issue - I think you would be best help here - http://www.bleepingcomputer.com/forums/f/21/networking/ you can open a topic there while we finish making sure you are clean - is this ok with you

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 thrillhouse

thrillhouse
  • Topic Starter

  • Members
  • 1,040 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Va
  • Local time:06:19 AM

Posted 26 June 2010 - 10:29 PM

Yea, I was about to ask what it was infected with, that's good it's clean though. I'll start a new thread if I can't figure it out from here. Thanks for your help.

Edited by thrillhouse, 26 June 2010 - 10:30 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users