Hi!
I am completely inexperienced when it comes to viruses and their removal, and was horrified when the Antivirus2010 bug popped up on my computer. I have followed your list of steps, and I can no longer see any signs of the thing, but I'm quite freaked out that it (or bits of it) might still be lurking somewhere. Especially since I have no idea how I got it - I don't open dodgy emails, click on adds or download random crap. I'm also a bit concerned because my computer is connected to my home and work networks - is it possible that I might spread the infection to other people?
I'm running XP on a Lenovo Thinkpad.
I'm also not sure if I've posted this in the right part of the forum - apologies if I haven't. Anyway, I'll paste the four logs below and would really appreciate any help. I really just want to know if my computer's safe or if I need to wipe the whole thing and start over.
Thanks so much in advance!
Bek
MBAM log:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 5168
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
23/11/2010 12:32:01 AM
mbam-log-2010-11-23 (00-32-01).txt
Scan type: Quick scan
Objects scanned: 188845
Time elapsed: 9 minute(s), 0 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 2
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\WINDOWS\idlgwi.dll (Trojan.Hiloti) -> Delete on reboot.
Registry Keys Infected:
HKEY_CURRENT_USER\Software\AntiVirus 2010 (Rogue.AntiVirus2010) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\AntiVirus 2010 (Rogue.AntiVirus2010) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hlenofezipah (Trojan.Hiloti) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antivirus 2010 (Rogue.AntiVirus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\kr_done1 (Malware.Trace) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Program Files\TeamBoard\TBDAEMON.EXE (Trojan.FakeAlert.H) -> Delete on reboot.
C:\WINDOWS\idlgwi.dll (Trojan.Hiloti) -> Delete on reboot.
C:\WINDOWS\system32\kr_done1 (Malware.Trace) -> Quarantined and deleted successfully.
GMER log:
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-11-23 00:43:26
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST9160827AS rev.3.CMG
Running: nqmi48fd.exe; Driver: C:\DOCUME~1\Rebekah\LOCALS~1\Temp\kfrdraob.sys
---- System - GMER 1.0.15 ----
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0xA763D9D2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0xA763DB0C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Devices - GMER 1.0.15 ----
Device aswSP.SYS (avast! self protection module/AVAST Software)
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip aswRdr.SYS (avast! TDI RDR Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp aswRdr.SYS (avast! TDI RDR Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp aswRdr.SYS (avast! TDI RDR Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
---- Threads - GMER 1.0.15 ----
Thread System [4:108] B9E6E096
---- EOF - GMER 1.0.15 ----
DDS log:
DDS (Ver_10-11-10.01) - NTFSx86
Run by 08791694 at 0:47:52.53 on Tue 23/11/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_19
Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.1992.970 [GMT 11:00]
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Outdated) {FB06448E-52B8-493A-90F3-E43226D3305C}
============== Running Processes ===============
C:\WINDOWS\system32\ibmpmsvc.exe
C:\Program Files\TeamBoard\tbupddwu.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
svchost.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Lenovo\System Update\SUService.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Spyware Doctor\pctsGui.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\vsnp2uvc.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\WINDOWS\system32\TpShocks.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\TeamBoard\Draw\drawsrv.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Rebekah\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com.au/
uWindow Title = Windows Internet Explorer provided by eduSTAR
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = proxy.education.netspace.net.au:8080
uInternet Settings,ProxyOverride = *.education.vic.gov.au;*.edumail.vic.gov.au;*.eduweb.vic.gov.au;*.sofweb.vic.edu.au;10.160.207.36
uURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: IePasswordManagerHelper Class: {bf468356-bb7e-42d7-9f15-4f3b9bcfced2} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [QuickTime Task] "c:\program files\quicktime alternative\qttask.exe" -atboottime
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [lh0mwausvfb9] c:\docume~1\rebekah\locals~1\temp\dwkkzpjg.exe
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1100458 -Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 1.1.4322; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog
mRun: [TPFNF7] c:\program files\lenovo\npdirect\TPFNF7SP.exe /r
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [LPManager] c:\progra~1\thinkv~1\prdctr\LPMGR.exe
mRun: [LPMailChecker] c:\progra~1\thinkv~1\prdctr\LPMLCHK.exe
mRun: [Apoint] rem \Apoint2K\Apoint.exe
mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [snp2uvc] c:\windows\vsnp2uvc.exe
mRun: [AwaySch] c:\program files\lenovo\awaytask\AwaySch.EXE
mRun: [TpShocks] TpShocks.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] rem c:\program files\common files\java\java update\jusched.exe
mRun: [LENOVO.TPFNF6R] c:\program files\lenovo\hotkey\TPFNF6R.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [QuickTime Task] rem "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [tbdaemon] c:\program files\teamboard\tbdaemon.exe
mRun: [Adobe Reader Speed Launcher] rem c:\program files\adobe\reader 9.0\reader\Reader_sl.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [ISTray] "c:\program files\spyware doctor\pctsGui.exe" /hideGUI
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [Glayij] rundll32.exe "c:\windows\utesevih.dll",Startup
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\rebekah\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\drawsrv.lnk - c:\program files\teamboard\draw\drawsrv.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
uPolicies-explorer: AlwaysShowClassicMenu = 1 (0x1)
uPolicies-system: HideLegacyLogonScripts = 1 (0x1)
mPolicies-system: disablecad = 1 (0x1)
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Send to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=67633
DPF: {2DAD3559-2923-4935-AD49-B673D2539944} - hxxp://www-307.ibm.com/pc/support/acpir.cab
DPF: {5C5941CD-159B-4CF8-8843-F95A1FA27B9D} - hxxp://10.160.207.36/plugins/aimTaskbar.CAB
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1216824868171
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
Notify: tpfnf2 - c:\program files\lenovo\hotkey\notifyf2.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\rebekah\applic~1\mozilla\firefox\profiles\tl3ik14n.new\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - component: c:\program files\spyware doctor\bdt\firefox\platform\winnt_x86-msvc\components\libheuristic.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: XULRunner: {12410A9C-5BDA-4741-94C1-415260033326} - c:\documents and settings\rebekah\local settings\application data\{12410A9C-5BDA-4741-94C1-415260033326}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
============= SERVICES / DRIVERS ===============
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-1-2 237632]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2010-11-22 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2010-11-22 656320]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2008-5-14 19496]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-11-22 165584]
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2006-9-6 337592]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2006-9-6 54968]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-11-22 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-11-22 40384]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-1-2 198608]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2007-5-29 192104]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2007-5-29 169576]
R2 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2007-10-7 116664]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-1-2 366840]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-1-2 1145304]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2007-10-7 1822648]
R2 tbupddwu;tbupddwu;c:\program files\teamboard\TBUPDDWU.EXE [2010-8-11 307269]
R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2008-3-27 62320]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-11-22 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-11-22 40384]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-8-30 102448]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20091211.002\naveng.sys [2009-12-14 84912]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20091211.002\navex15.sys [2009-12-14 1323568]
R3 tbupddsu;Universal Pointer Device Driver;c:\windows\system32\drivers\TBUPDDSU.SYS [2010-8-11 126969]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2007-5-22 30336]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2009-5-21 45424]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
=============== Created Last 30 ================
2010-11-22 13:07:17 -------- d-----w- c:\docume~1\rebekah\applic~1\Malwarebytes
2010-11-22 13:07:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-22 13:07:04 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-22 13:07:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-22 13:07:04 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-11-22 10:38:01 0 ----a-w- c:\windows\Asonalifip.bin
2010-11-22 10:37:59 -------- d-----w- c:\docume~1\rebekah\locals~1\applic~1\{12410A9C-5BDA-4741-94C1-415260033326}
2010-11-22 09:53:49 38848 ----a-w- c:\windows\avastSS.scr
2010-11-22 09:53:43 -------- d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-11-22 09:51:27 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2010-11-22 09:51:27 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2010-11-22 09:51:13 87400 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter.sys
2010-11-22 09:51:13 31960 ----a-w- c:\windows\system32\drivers\pctNdis-DNS.sys
2010-11-22 09:51:13 123712 ----a-w- c:\windows\system32\drivers\pctplfw.sys
2010-11-11 02:38:43 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-11-11 02:38:43 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-11-11 02:38:38 99840 -c----w- c:\windows\system32\dllcache\srvsvc.dll
2010-11-11 02:38:37 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2010-11-11 02:38:17 1288192 -c----w- c:\windows\system32\dllcache\ole32.dll
2010-11-08 22:44:35 -------- d-----w- c:\windows\speech
2010-11-08 21:55:57 -------- d-----w- c:\program files\Research Machines
2010-11-08 21:55:57 -------- d-----w- c:\docume~1\alluse~1\applic~1\Research Machines
2010-11-08 21:55:50 -------- d-----w- c:\program files\directx
==================== Find3M ====================
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-18 01:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58:06 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-02 02:02:09 1409 ----a-w- c:\windows\QTFont.for
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
============= FINISH: 0:49:34.27 ===============
DDS 'attach' log:
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-11-10.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 31/07/2009 8:30:44 AM
System Uptime: 23/11/2010 12:34:08 AM (0 hours ago)
Motherboard: LENOVO | | 2716AG7
Processor: Intel Pentium III Xeon processor | None | 1994/266mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 149 GiB total, 122.775 GiB free.
D: is CDROM ()
E: is Removable
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP240: 25/08/2010 9:12:57 AM - System Checkpoint
RP241: 26/08/2010 9:24:15 AM - System Checkpoint
RP242: 27/08/2010 11:48:38 AM - System Checkpoint
RP243: 30/08/2010 9:17:10 AM - System Checkpoint
RP244: 31/08/2010 9:17:27 AM - System Checkpoint
RP245: 1/09/2010 3:00:19 PM - System Checkpoint
RP246: 2/09/2010 3:29:03 PM - System Checkpoint
RP247: 3/09/2010 3:54:50 PM - System Checkpoint
RP248: 6/09/2010 1:22:45 PM - System Checkpoint
RP249: 7/09/2010 2:08:13 PM - System Checkpoint
RP250: 8/09/2010 2:14:37 PM - System Checkpoint
RP251: 9/09/2010 2:46:18 PM - System Checkpoint
RP252: 10/09/2010 2:56:46 PM - System Checkpoint
RP253: 13/09/2010 8:40:48 AM - System Checkpoint
RP254: 14/09/2010 8:44:10 AM - System Checkpoint
RP255: 15/09/2010 9:38:15 AM - Software Distribution Service 3.0
RP256: 16/09/2010 9:56:08 AM - System Checkpoint
RP257: 17/09/2010 1:12:08 PM - System Checkpoint
RP258: 25/09/2010 1:01:17 PM - System Checkpoint
RP259: 28/09/2010 10:18:30 PM - System Checkpoint
RP260: 4/10/2010 8:31:12 AM - System Checkpoint
RP261: 18/10/2010 12:47:29 PM - System Checkpoint
RP262: 22/10/2010 9:15:52 AM - System Checkpoint
RP263: 25/10/2010 8:48:24 AM - System Checkpoint
RP264: 28/10/2010 8:48:05 AM - System Checkpoint
RP265: 31/10/2010 2:27:50 PM - System Checkpoint
RP266: 4/11/2010 8:42:39 AM - System Checkpoint
RP267: 8/11/2010 5:33:42 PM - System Checkpoint
RP268: 9/11/2010 8:55:20 AM - Installed RM Easiteach.
RP269: 9/11/2010 10:33:45 AM - Installed Handwriting Recognition for Easiteach
RP270: 10/11/2010 10:41:20 AM - System Checkpoint
RP271: 12/11/2010 5:55:42 PM - Software Distribution Service 3.0
RP272: 17/11/2010 1:53:21 PM - Software Distribution Service 3.0
RP273: 19/11/2010 9:14:04 AM - System Checkpoint
RP274: 22/11/2010 8:15:52 PM - Removed GOG.com Downloader
RP275: 22/11/2010 8:20:15 PM - Removed Interwrite Workspace.
RP276: 22/11/2010 8:53:43 PM - avast! Free Antivirus Setup
==== Installed Programs ======================
2007 Microsoft Office Suite Service Pack 2 (SP2)
Acapela Speech Engine for Easiteach
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Reader 8.1.0
Adobe Reader 9.2
Adobe Shockwave Player 11
Audacity 1.2.6
avast! Free Antivirus
Basic Facts Worksheet Factory
Browser Defender 3.0.0.11
Client Security - Password Manager
Combined Community Codec Pack 2008-01-24
Conexant HD Audio
Critical Update for Windows Media Player 11 (KB959772)
EarthBrowser
Easiteach Geography Licence
Easiteach Literacy Licence
Easiteach Maths Licence
Easiteach Science Licence
Easiteach Starter Licence
Gabriel Knight 3
Handwriting Recognition for Easiteach
Help Center
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB969084)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Integrated Camera
Intel(R) Graphics Media Accelerator Driver
Intel(R) Management Engine Interface
Java Auto Updater
Java(TM) 6 Update 19
Java(TM) 6 Update 7
LADSPA_plugins-win-0.4.15
Lexmark Printer Software Uninstall
LiveUpdate 3.2 (Symantec Corporation)
Maintenance Manager
Malwarebytes' Anti-Malware
Math Resource Studio
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Digital Image Library 9 - Blocker
Microsoft Digital Image Starter Edition 2006
Microsoft Digital Image Starter Edition 2006 Editor
Microsoft Digital Image Starter Edition 2006 Library
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Communicator 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office FrontPage 2003
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visio 2007 Service Pack 2 (SP2)
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Professional 2007
Microsoft Office Word MUI (English) 2007
Microsoft Save as PDF Add-in for 2007 Microsoft Office programs
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.5.11)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nelson Maths for Victoria - Planning and Assessment software
On Screen Display
PowerDVD
Presentation Director
Productivity Center Supplement for ThinkPad
Quick Vic Reporting - Teacher Components
QuickTime
RecordNow Audio
RecordNow Copy
RecordNow Data
Remove Multimedia Center
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
RM Easiteach
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB2288953)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio 2007 (KB982127)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Skype Toolbars
Skype™ 4.2
Sonic DLA
Sonic Express Labeler
Sonic Icons for Lenovo
Spyware Doctor 8.0
Symantec AntiVirus
System Update
TeamBoard
ThinkPad Bluetooth with Enhanced Data Rate Software
ThinkPad EasyEject Utility
ThinkPad FullScreen Magnifier
ThinkPad Hotkey Features Setup
ThinkPad Modem Adapter
ThinkPad Power Management Driver
ThinkPad Power Manager
ThinkPad UltraNav Driver
ThinkPad UltraNav Utility
ThinkVantage Active Protection System
ThinkVantage Productivity Center
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Visio 2007 Help (KB963666)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft Windows (KB971513)
Update for Outlook 2007 Junk Email Filter (KB2443839)
Update for Windows Internet Explorer 8 (KB2362765)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB980302)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows Internet Explorer 8 (KB982664)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB942763)
Update for Windows XP (KB943729)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3
WinRAR archiver
XML Paper Specification Shared Components Pack 1.0
==== Event Viewer Messages From Past Week ========
23/11/2010 12:43:45 AM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
23/11/2010 12:36:12 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p asc3550 cbidf cd20xrnt CmdIde Cpqarray dac2w2k dac960nt dpti2o hpn i2omp iaStor ini910u IntelIde mraid35x perc2 perc2hib ql1080 Ql10wnt ql12160 ql1240 ql1280 sisagp Sparrow symc810 symc8xx sym_hi sym_u3 TosIde ultra viaagp ViaIde
23/11/2010 12:35:10 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
23/11/2010 12:12:08 AM, error: Service Control Manager [7031] - The Bluetooth Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
23/11/2010 12:12:07 AM, error: Service Control Manager [7034] - The TVT Scheduler service terminated unexpectedly. It has done this 1 time(s).
23/11/2010 12:12:07 AM, error: Service Control Manager [7034] - The ThinkVantage Registry Monitor Service service terminated unexpectedly. It has done this 1 time(s).
23/11/2010 12:12:07 AM, error: Service Control Manager [7034] - The ThinkPad HDD APS Logging Service service terminated unexpectedly. It has done this 1 time(s).
23/11/2010 12:12:07 AM, error: Service Control Manager [7034] - The System Update service terminated unexpectedly. It has done this 1 time(s).
23/11/2010 12:12:07 AM, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s).
23/11/2010 12:12:06 AM, error: Service Control Manager [7034] - The PC Tools Auxiliary Service service terminated unexpectedly. It has done this 1 time(s).
23/11/2010 12:12:06 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
23/11/2010 12:12:05 AM, error: Service Control Manager [7034] - The ThinkPad PM Service service terminated unexpectedly. It has done this 1 time(s).
23/11/2010 12:12:05 AM, error: Service Control Manager [7034] - The tbupddwu service terminated unexpectedly. It has done this 1 time(s).
23/11/2010 12:12:05 AM, error: Service Control Manager [7034] - The On Screen Display service terminated unexpectedly. It has done this 1 time(s).
23/11/2010 12:12:05 AM, error: Service Control Manager [7034] - The IPS Core Service service terminated unexpectedly. It has done this 1 time(s).
23/11/2010 12:12:05 AM, error: Service Control Manager [7034] - The Browser Defender Update Service service terminated unexpectedly. It has done this 1 time(s).
22/11/2010 8:14:15 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
22/11/2010 8:10:42 AM, error: Dhcp [1002] - The IP address lease 192.168.1.7 for the Network Card with network address 001E651F4058 has been denied by the DHCP server 10.152.212.17 (The DHCP Server sent a DHCPNACK message).
22/11/2010 7:34:46 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.nist.gov,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
19/11/2010 4:59:14 PM, error: Service Control Manager [7023] - The Lenovo Microphone Mute service terminated with the following error: Incorrect function.
19/11/2010 4:58:18 PM, error: NETLOGON [5719] - No Domain Controller is available for domain MRPS due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
19/11/2010 4:57:59 PM, error: Dhcp [1002] - The IP address lease 10.152.212.84 for the Network Card with network address 001E651F4058 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
==== End Of File ===========================
I am completely inexperienced when it comes to viruses and their removal, and was horrified when the Antivirus2010 bug popped up on my computer. I have followed your list of steps, and I can no longer see any signs of the thing, but I'm quite freaked out that it (or bits of it) might still be lurking somewhere. Especially since I have no idea how I got it - I don't open dodgy emails, click on adds or download random crap. I'm also a bit concerned because my computer is connected to my home and work networks - is it possible that I might spread the infection to other people?
I'm running XP on a Lenovo Thinkpad.
I'm also not sure if I've posted this in the right part of the forum - apologies if I haven't. Anyway, I'll paste the four logs below and would really appreciate any help. I really just want to know if my computer's safe or if I need to wipe the whole thing and start over.
Thanks so much in advance!
Bek
MBAM log:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 5168
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
23/11/2010 12:32:01 AM
mbam-log-2010-11-23 (00-32-01).txt
Scan type: Quick scan
Objects scanned: 188845
Time elapsed: 9 minute(s), 0 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 2
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\WINDOWS\idlgwi.dll (Trojan.Hiloti) -> Delete on reboot.
Registry Keys Infected:
HKEY_CURRENT_USER\Software\AntiVirus 2010 (Rogue.AntiVirus2010) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\AntiVirus 2010 (Rogue.AntiVirus2010) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hlenofezipah (Trojan.Hiloti) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antivirus 2010 (Rogue.AntiVirus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\kr_done1 (Malware.Trace) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Program Files\TeamBoard\TBDAEMON.EXE (Trojan.FakeAlert.H) -> Delete on reboot.
C:\WINDOWS\idlgwi.dll (Trojan.Hiloti) -> Delete on reboot.
C:\WINDOWS\system32\kr_done1 (Malware.Trace) -> Quarantined and deleted successfully.
GMER log:
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-11-23 00:43:26
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST9160827AS rev.3.CMG
Running: nqmi48fd.exe; Driver: C:\DOCUME~1\Rebekah\LOCALS~1\Temp\kfrdraob.sys
---- System - GMER 1.0.15 ----
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0xA763D9D2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0xA763DB0C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Devices - GMER 1.0.15 ----
Device aswSP.SYS (avast! self protection module/AVAST Software)
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip aswRdr.SYS (avast! TDI RDR Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp aswRdr.SYS (avast! TDI RDR Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp aswRdr.SYS (avast! TDI RDR Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
---- Threads - GMER 1.0.15 ----
Thread System [4:108] B9E6E096
---- EOF - GMER 1.0.15 ----
DDS log:
DDS (Ver_10-11-10.01) - NTFSx86
Run by 08791694 at 0:47:52.53 on Tue 23/11/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_19
Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.1992.970 [GMT 11:00]
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Outdated) {FB06448E-52B8-493A-90F3-E43226D3305C}
============== Running Processes ===============
C:\WINDOWS\system32\ibmpmsvc.exe
C:\Program Files\TeamBoard\tbupddwu.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
svchost.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Lenovo\System Update\SUService.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Spyware Doctor\pctsGui.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\vsnp2uvc.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\WINDOWS\system32\TpShocks.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\TeamBoard\Draw\drawsrv.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Rebekah\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com.au/
uWindow Title = Windows Internet Explorer provided by eduSTAR
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = proxy.education.netspace.net.au:8080
uInternet Settings,ProxyOverride = *.education.vic.gov.au;*.edumail.vic.gov.au;*.eduweb.vic.gov.au;*.sofweb.vic.edu.au;10.160.207.36
uURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: IePasswordManagerHelper Class: {bf468356-bb7e-42d7-9f15-4f3b9bcfced2} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [QuickTime Task] "c:\program files\quicktime alternative\qttask.exe" -atboottime
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [lh0mwausvfb9] c:\docume~1\rebekah\locals~1\temp\dwkkzpjg.exe
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1100458 -Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 1.1.4322; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog
mRun: [TPFNF7] c:\program files\lenovo\npdirect\TPFNF7SP.exe /r
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [LPManager] c:\progra~1\thinkv~1\prdctr\LPMGR.exe
mRun: [LPMailChecker] c:\progra~1\thinkv~1\prdctr\LPMLCHK.exe
mRun: [Apoint] rem \Apoint2K\Apoint.exe
mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [snp2uvc] c:\windows\vsnp2uvc.exe
mRun: [AwaySch] c:\program files\lenovo\awaytask\AwaySch.EXE
mRun: [TpShocks] TpShocks.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] rem c:\program files\common files\java\java update\jusched.exe
mRun: [LENOVO.TPFNF6R] c:\program files\lenovo\hotkey\TPFNF6R.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [QuickTime Task] rem "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [tbdaemon] c:\program files\teamboard\tbdaemon.exe
mRun: [Adobe Reader Speed Launcher] rem c:\program files\adobe\reader 9.0\reader\Reader_sl.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [ISTray] "c:\program files\spyware doctor\pctsGui.exe" /hideGUI
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [Glayij] rundll32.exe "c:\windows\utesevih.dll",Startup
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\rebekah\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\drawsrv.lnk - c:\program files\teamboard\draw\drawsrv.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
uPolicies-explorer: AlwaysShowClassicMenu = 1 (0x1)
uPolicies-system: HideLegacyLogonScripts = 1 (0x1)
mPolicies-system: disablecad = 1 (0x1)
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Send to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=67633
DPF: {2DAD3559-2923-4935-AD49-B673D2539944} - hxxp://www-307.ibm.com/pc/support/acpir.cab
DPF: {5C5941CD-159B-4CF8-8843-F95A1FA27B9D} - hxxp://10.160.207.36/plugins/aimTaskbar.CAB
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1216824868171
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
Notify: tpfnf2 - c:\program files\lenovo\hotkey\notifyf2.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\rebekah\applic~1\mozilla\firefox\profiles\tl3ik14n.new\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - component: c:\program files\spyware doctor\bdt\firefox\platform\winnt_x86-msvc\components\libheuristic.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: XULRunner: {12410A9C-5BDA-4741-94C1-415260033326} - c:\documents and settings\rebekah\local settings\application data\{12410A9C-5BDA-4741-94C1-415260033326}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
============= SERVICES / DRIVERS ===============
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-1-2 237632]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2010-11-22 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2010-11-22 656320]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2008-5-14 19496]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-11-22 165584]
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2006-9-6 337592]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2006-9-6 54968]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-11-22 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-11-22 40384]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-1-2 198608]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2007-5-29 192104]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2007-5-29 169576]
R2 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2007-10-7 116664]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-1-2 366840]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-1-2 1145304]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2007-10-7 1822648]
R2 tbupddwu;tbupddwu;c:\program files\teamboard\TBUPDDWU.EXE [2010-8-11 307269]
R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2008-3-27 62320]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-11-22 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-11-22 40384]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-8-30 102448]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20091211.002\naveng.sys [2009-12-14 84912]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20091211.002\navex15.sys [2009-12-14 1323568]
R3 tbupddsu;Universal Pointer Device Driver;c:\windows\system32\drivers\TBUPDDSU.SYS [2010-8-11 126969]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2007-5-22 30336]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2009-5-21 45424]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
=============== Created Last 30 ================
2010-11-22 13:07:17 -------- d-----w- c:\docume~1\rebekah\applic~1\Malwarebytes
2010-11-22 13:07:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-22 13:07:04 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-22 13:07:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-22 13:07:04 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-11-22 10:38:01 0 ----a-w- c:\windows\Asonalifip.bin
2010-11-22 10:37:59 -------- d-----w- c:\docume~1\rebekah\locals~1\applic~1\{12410A9C-5BDA-4741-94C1-415260033326}
2010-11-22 09:53:49 38848 ----a-w- c:\windows\avastSS.scr
2010-11-22 09:53:43 -------- d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-11-22 09:51:27 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2010-11-22 09:51:27 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2010-11-22 09:51:13 87400 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter.sys
2010-11-22 09:51:13 31960 ----a-w- c:\windows\system32\drivers\pctNdis-DNS.sys
2010-11-22 09:51:13 123712 ----a-w- c:\windows\system32\drivers\pctplfw.sys
2010-11-11 02:38:43 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-11-11 02:38:43 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-11-11 02:38:38 99840 -c----w- c:\windows\system32\dllcache\srvsvc.dll
2010-11-11 02:38:37 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2010-11-11 02:38:17 1288192 -c----w- c:\windows\system32\dllcache\ole32.dll
2010-11-08 22:44:35 -------- d-----w- c:\windows\speech
2010-11-08 21:55:57 -------- d-----w- c:\program files\Research Machines
2010-11-08 21:55:57 -------- d-----w- c:\docume~1\alluse~1\applic~1\Research Machines
2010-11-08 21:55:50 -------- d-----w- c:\program files\directx
==================== Find3M ====================
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-18 01:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58:06 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-02 02:02:09 1409 ----a-w- c:\windows\QTFont.for
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
============= FINISH: 0:49:34.27 ===============
DDS 'attach' log:
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-11-10.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 31/07/2009 8:30:44 AM
System Uptime: 23/11/2010 12:34:08 AM (0 hours ago)
Motherboard: LENOVO | | 2716AG7
Processor: Intel Pentium III Xeon processor | None | 1994/266mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 149 GiB total, 122.775 GiB free.
D: is CDROM ()
E: is Removable
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP240: 25/08/2010 9:12:57 AM - System Checkpoint
RP241: 26/08/2010 9:24:15 AM - System Checkpoint
RP242: 27/08/2010 11:48:38 AM - System Checkpoint
RP243: 30/08/2010 9:17:10 AM - System Checkpoint
RP244: 31/08/2010 9:17:27 AM - System Checkpoint
RP245: 1/09/2010 3:00:19 PM - System Checkpoint
RP246: 2/09/2010 3:29:03 PM - System Checkpoint
RP247: 3/09/2010 3:54:50 PM - System Checkpoint
RP248: 6/09/2010 1:22:45 PM - System Checkpoint
RP249: 7/09/2010 2:08:13 PM - System Checkpoint
RP250: 8/09/2010 2:14:37 PM - System Checkpoint
RP251: 9/09/2010 2:46:18 PM - System Checkpoint
RP252: 10/09/2010 2:56:46 PM - System Checkpoint
RP253: 13/09/2010 8:40:48 AM - System Checkpoint
RP254: 14/09/2010 8:44:10 AM - System Checkpoint
RP255: 15/09/2010 9:38:15 AM - Software Distribution Service 3.0
RP256: 16/09/2010 9:56:08 AM - System Checkpoint
RP257: 17/09/2010 1:12:08 PM - System Checkpoint
RP258: 25/09/2010 1:01:17 PM - System Checkpoint
RP259: 28/09/2010 10:18:30 PM - System Checkpoint
RP260: 4/10/2010 8:31:12 AM - System Checkpoint
RP261: 18/10/2010 12:47:29 PM - System Checkpoint
RP262: 22/10/2010 9:15:52 AM - System Checkpoint
RP263: 25/10/2010 8:48:24 AM - System Checkpoint
RP264: 28/10/2010 8:48:05 AM - System Checkpoint
RP265: 31/10/2010 2:27:50 PM - System Checkpoint
RP266: 4/11/2010 8:42:39 AM - System Checkpoint
RP267: 8/11/2010 5:33:42 PM - System Checkpoint
RP268: 9/11/2010 8:55:20 AM - Installed RM Easiteach.
RP269: 9/11/2010 10:33:45 AM - Installed Handwriting Recognition for Easiteach
RP270: 10/11/2010 10:41:20 AM - System Checkpoint
RP271: 12/11/2010 5:55:42 PM - Software Distribution Service 3.0
RP272: 17/11/2010 1:53:21 PM - Software Distribution Service 3.0
RP273: 19/11/2010 9:14:04 AM - System Checkpoint
RP274: 22/11/2010 8:15:52 PM - Removed GOG.com Downloader
RP275: 22/11/2010 8:20:15 PM - Removed Interwrite Workspace.
RP276: 22/11/2010 8:53:43 PM - avast! Free Antivirus Setup
==== Installed Programs ======================
2007 Microsoft Office Suite Service Pack 2 (SP2)
Acapela Speech Engine for Easiteach
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Reader 8.1.0
Adobe Reader 9.2
Adobe Shockwave Player 11
Audacity 1.2.6
avast! Free Antivirus
Basic Facts Worksheet Factory
Browser Defender 3.0.0.11
Client Security - Password Manager
Combined Community Codec Pack 2008-01-24
Conexant HD Audio
Critical Update for Windows Media Player 11 (KB959772)
EarthBrowser
Easiteach Geography Licence
Easiteach Literacy Licence
Easiteach Maths Licence
Easiteach Science Licence
Easiteach Starter Licence
Gabriel Knight 3
Handwriting Recognition for Easiteach
Help Center
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB969084)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Integrated Camera
Intel(R) Graphics Media Accelerator Driver
Intel(R) Management Engine Interface
Java Auto Updater
Java(TM) 6 Update 19
Java(TM) 6 Update 7
LADSPA_plugins-win-0.4.15
Lexmark Printer Software Uninstall
LiveUpdate 3.2 (Symantec Corporation)
Maintenance Manager
Malwarebytes' Anti-Malware
Math Resource Studio
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Digital Image Library 9 - Blocker
Microsoft Digital Image Starter Edition 2006
Microsoft Digital Image Starter Edition 2006 Editor
Microsoft Digital Image Starter Edition 2006 Library
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Communicator 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office FrontPage 2003
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visio 2007 Service Pack 2 (SP2)
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Professional 2007
Microsoft Office Word MUI (English) 2007
Microsoft Save as PDF Add-in for 2007 Microsoft Office programs
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.5.11)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nelson Maths for Victoria - Planning and Assessment software
On Screen Display
PowerDVD
Presentation Director
Productivity Center Supplement for ThinkPad
Quick Vic Reporting - Teacher Components
QuickTime
RecordNow Audio
RecordNow Copy
RecordNow Data
Remove Multimedia Center
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
RM Easiteach
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB2288953)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio 2007 (KB982127)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Skype Toolbars
Skype™ 4.2
Sonic DLA
Sonic Express Labeler
Sonic Icons for Lenovo
Spyware Doctor 8.0
Symantec AntiVirus
System Update
TeamBoard
ThinkPad Bluetooth with Enhanced Data Rate Software
ThinkPad EasyEject Utility
ThinkPad FullScreen Magnifier
ThinkPad Hotkey Features Setup
ThinkPad Modem Adapter
ThinkPad Power Management Driver
ThinkPad Power Manager
ThinkPad UltraNav Driver
ThinkPad UltraNav Utility
ThinkVantage Active Protection System
ThinkVantage Productivity Center
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Visio 2007 Help (KB963666)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft Windows (KB971513)
Update for Outlook 2007 Junk Email Filter (KB2443839)
Update for Windows Internet Explorer 8 (KB2362765)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB980302)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows Internet Explorer 8 (KB982664)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB942763)
Update for Windows XP (KB943729)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3
WinRAR archiver
XML Paper Specification Shared Components Pack 1.0
==== Event Viewer Messages From Past Week ========
23/11/2010 12:43:45 AM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
23/11/2010 12:36:12 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p asc3550 cbidf cd20xrnt CmdIde Cpqarray dac2w2k dac960nt dpti2o hpn i2omp iaStor ini910u IntelIde mraid35x perc2 perc2hib ql1080 Ql10wnt ql12160 ql1240 ql1280 sisagp Sparrow symc810 symc8xx sym_hi sym_u3 TosIde ultra viaagp ViaIde
23/11/2010 12:35:10 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
23/11/2010 12:12:08 AM, error: Service Control Manager [7031] - The Bluetooth Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
23/11/2010 12:12:07 AM, error: Service Control Manager [7034] - The TVT Scheduler service terminated unexpectedly. It has done this 1 time(s).
23/11/2010 12:12:07 AM, error: Service Control Manager [7034] - The ThinkVantage Registry Monitor Service service terminated unexpectedly. It has done this 1 time(s).
23/11/2010 12:12:07 AM, error: Service Control Manager [7034] - The ThinkPad HDD APS Logging Service service terminated unexpectedly. It has done this 1 time(s).
23/11/2010 12:12:07 AM, error: Service Control Manager [7034] - The System Update service terminated unexpectedly. It has done this 1 time(s).
23/11/2010 12:12:07 AM, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s).
23/11/2010 12:12:06 AM, error: Service Control Manager [7034] - The PC Tools Auxiliary Service service terminated unexpectedly. It has done this 1 time(s).
23/11/2010 12:12:06 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
23/11/2010 12:12:05 AM, error: Service Control Manager [7034] - The ThinkPad PM Service service terminated unexpectedly. It has done this 1 time(s).
23/11/2010 12:12:05 AM, error: Service Control Manager [7034] - The tbupddwu service terminated unexpectedly. It has done this 1 time(s).
23/11/2010 12:12:05 AM, error: Service Control Manager [7034] - The On Screen Display service terminated unexpectedly. It has done this 1 time(s).
23/11/2010 12:12:05 AM, error: Service Control Manager [7034] - The IPS Core Service service terminated unexpectedly. It has done this 1 time(s).
23/11/2010 12:12:05 AM, error: Service Control Manager [7034] - The Browser Defender Update Service service terminated unexpectedly. It has done this 1 time(s).
22/11/2010 8:14:15 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
22/11/2010 8:10:42 AM, error: Dhcp [1002] - The IP address lease 192.168.1.7 for the Network Card with network address 001E651F4058 has been denied by the DHCP server 10.152.212.17 (The DHCP Server sent a DHCPNACK message).
22/11/2010 7:34:46 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.nist.gov,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
19/11/2010 4:59:14 PM, error: Service Control Manager [7023] - The Lenovo Microphone Mute service terminated with the following error: Incorrect function.
19/11/2010 4:58:18 PM, error: NETLOGON [5719] - No Domain Controller is available for domain MRPS due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
19/11/2010 4:57:59 PM, error: Dhcp [1002] - The IP address lease 10.152.212.84 for the Network Card with network address 001E651F4058 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
==== End Of File ===========================