Free Malware Removal Forum

[emoulding]

03/23/10 19:37:45 [Note]: 7002 0
03/23/10 19:37:45 [Note]: 7003 1
03/23/10 19:37:45 [Note]: 10002 3
03/23/10 19:37:47 [Info]: Hidden file: c:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\Ma
03/23/10 19:37:47 [Note]: 7002 0
03/23/10 19:37:47 [Note]: 7003 1
03/23/10 19:37:47 [Note]: 10002 3
03/23/10 19:37:47 [Info]: Hidden file: c:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-
03/23/10 19:37:47 [Note]: 7002 0
03/23/10 19:37:47 [Note]: 7003 1
03/23/10 19:37:47 [Note]: 10002 3
03/23/10 19:37:47 [Info]: Hidden file: c:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-
03/23/10 19:37:47 [Note]: 7002 0
03/23/10 19:37:47 [Note]: 7003 1
03/23/10 19:37:47 [Note]: 10002 3
03/23/10 19:37:47 [Info]: Hidden file: c:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-
03/23/10 19:37:47 [Note]: 7002 0
03/23/10 19:37:47 [Note]: 7003 1
03/23/10 19:37:47 [Note]: 10002 3
03/23/10 19:37:47 [Info]: Hidden file: c:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-
03/23/10 19:37:47 [Note]: 7002 0
03/23/10 19:37:47 [Note]: 7003 1
03/23/10 19:37:47 [Note]: 10002 3
03/23/10 19:37:47 [Info]: Hidden file: c:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-
03/23/10 19:37:47 [Note]: 7002 0
03/23/10 19:37:47 [Note]: 7003 1
03/23/10 19:37:47 [Note]: 10002 3
03/23/10 19:37:47 [Info]: Hidden file: c:\RRbackups\Documents and Settings\All Users\Application Data\ThinkVantage\Client Sec
03/23/10 19:37:47 [Note]: 7002 0
03/23/10 19:37:47 [Note]: 7003 1
03/23/10 19:37:47 [Note]: 10002 3
03/23/10 19:37:47 [Info]: Hidden file: c:\RRbackups\Documents and Settings\All Users\Application Data\ThinkVantage\Client Sec
03/23/10 19:37:47 [Note]: 7002 0
03/23/10 19:37:47 [Note]: 7003 1
03/23/10 19:37:47 [Note]: 10002 3
03/23/10 19:37:47 [Info]: Hidden file: c:\RRbackups\Documents and Settings\All Users\Application Data\ThinkVantage\Client Sec
03/23/10 19:37:47 [Note]: 7002 0
03/23/10 19:37:47 [Note]: 7003 1
03/23/10 19:37:47 [Note]: 10002 3
03/23/10 19:37:47 [Info]: Hidden file: c:\RRbackups\Documents and Settings\All Users\Application Data\ThinkVantage\Client Sec
03/23/10 19:37:47 [Note]: 7002 0
03/23/10 19:37:47 [Note]: 7003 1
03/23/10 19:37:47 [Note]: 10002 3
03/23/10 19:37:47 [Info]: Hidden file: c:\RRbackups\Documents and Settings\Erin.ERIN\Application Data\Microsoft\Crypto\RSA\S-
03/23/10 19:37:47 [Note]: 7002 0
03/23/10 19:37:47 [Note]: 7003 1
03/23/10 19:37:47 [Note]: 10002 3
03/23/10 19:37:47 [Info]: Hidden file: c:\RRbackups\Documents and Settings\Erin.ERIN\Application Data\Microsoft\Crypto\RSA\S-
03/23/10 19:37:47 [Note]: 7002 0
03/23/10 19:37:47 [Note]: 7003 1
03/23/10 19:37:47 [Note]: 10002 3
03/23/10 19:37:47 [Info]: Hidden file: c:\RRbackups\Documents and Settings\Erin.ERIN\Application Data\Microsoft\Crypto\RSA\S-
03/23/10 19:37:47 [Note]: 7002 0
03/23/10 19:37:47 [Note]: 7003 1
03/23/10 19:37:47 [Note]: 10002 3
03/23/10 19:37:47 [Info]: Hidden file: c:\RRbackups\Documents and Settings\Erin.ERIN\Application Data\Microsoft\Crypto\RSA\S-
03/23/10 19:37:47 [Note]: 7002 0
03/23/10 19:37:47 [Note]: 7003 1
03/23/10 19:37:47 [Note]: 10002 3
03/23/10 19:37:47 [Info]: Hidden file: c:\RRbackups\Documents and Settings\Erin.ERIN\Application Data\Microsoft\Crypto\RSA\S-
03/23/10 19:37:47 [Note]: 7002 0
03/23/10 19:37:47 [Note]: 7003 1
03/23/10 19:37:47 [Note]: 10002 3
03/23/10 19:37:47 [Info]: Hidden file: c:\RRbackups\Documents and Settings\Erin.ERIN\Application Data\Microsoft\Crypto\RSA\S-
03/23/10 19:37:47 [Note]: 7002 0
03/23/10 19:37:47 [Note]: 7003 1
03/23/10 19:37:47 [Note]: 10002 3
03/23/10 19:37:47 [Info]: Hidden file: c:\RRbackups\Documents and Settings\Erin.ERIN\Application Data\Microsoft\Crypto\RSA\S-
03/23/10 19:37:47 [Note]: 7002 0
03/23/10 19:37:47 [Note]: 7003 1
03/23/10 19:37:47 [Note]: 10002 3
03/23/10 19:37:47 [Info]: Hidden file: c:\RRbackups\Documents and Settings\Erin.ERIN\Application Data\Microsoft\Crypto\RSA\S-
03/23/10 19:37:47 [Note]: 7002 0
03/23/10 19:37:47 [Note]: 7003 1
03/23/10 19:37:47 [Note]: 10002 3
03/23/10 19:37:47 [Info]: Hidden file: c:\RRbackups\Documents and Settings\Erin.ERIN\Application Data\Microsoft\Protect\CREDH
03/23/10 19:37:47 [Note]: 7002 0
03/23/10 19:37:47 [Note]: 7003 1
03/23/10 19:37:47 [Note]: 10002 3
03/23/10 19:37:47 [Info]: Hidden file: c:\RRbackups\Documents and Settings\Erin.ERIN\Application Data\Microsoft\Protect\S-1-5
03/23/10 19:37:47 [Note]: 7002 0
03/23/10 19:37:47 [Note]: 7003 1
03/23/10 19:37:47 [Note]: 10002 3
03/23/10 19:37:47 [Info]: Hidden file: c:\RRbackups\Documents and Settings\Erin.ERIN\Application Data\Microsoft\Protect\S-1-5
03/23/10 19:37:47 [Note]: 7002 0
03/23/10 19:37:47 [Note]: 7003 1
03/23/10 19:37:47 [Note]: 10002 3
03/23/10 19:37:47 [Info]: Hidden file: c:\RRbackups\Documents and Settings\Erin.ERIN\Application Data\Microsoft\Protect\S-1-5
03/23/10 19:37:47 [Note]: 7002 0
03/23/10 19:37:47 [Note]: 7003 1
03/23/10 19:37:47 [Note]: 10002 3
03/23/10 19:37:47 [Info]: Hidden file: c:\RRbackups\Documents and Settings\Erin.ERIN\Application Data\Microsoft\Protect\S-1-5
03/23/10 19:37:47 [Note]: 7002 0
03/23/10 19:37:47 [Note]: 7003 1
03/23/10 19:37:47 [Note]: 10002 3
03/23/10 19:37:47 [Info]: Hidden file: c:\RRbackups\Documents and Settings\Erin.ERIN\Application Data\Microsoft\Protect\S-1-5
03/23/10 19:37:47 [Note]: 7002 0
03/23/10 19:37:47 [Note]: 7003 1
03/23/10 19:37:47 [Note]: 10002 3
03/23/10 19:37:47 [Info]: Hidden file: c:\RRbackups\Documents and Settings\Erin.ERIN\Application Data\Microsoft\Protect\S-1-5
03/23/10 19:37:47 [Note]: 7002 0
03/23/10 19:37:47 [Note]: 7003 1
03/23/10 19:37:47 [Note]: 10002 3
03/23/10 19:37:47 [Info]: Hidden file: c:\RRbackups\Documents and Settings\Erin.ERIN\Application Data\Microsoft\Protect\S-1-5
03/23/10 19:37:47 [Note]: 7002 0
03/23/10 19:37:47 [Note]: 7003 1
03/23/10 19:37:47 [Note]: 10002 3
03/23/10 19:37:47 [Info]: Hidden file: c:\RRbackups\Documents and Settings\Erin.ERIN\Application Data\Microsoft\Protect\S-1-5
03/23/10 19:37:47 [Note]: 7002 0
03/23/10 19:37:47 [Note]: 7003 1
03/23/10 19:37:47 [Note]: 10002 3
03/23/10 19:37:47 [Info]: Hidden file: c:\RRbackups\Documents and Settings\Erin.ERIN\Application Data\Microsoft\Protect\S-1-5
03/23/10 19:37:47 [Note]: 7002 0
03/23/10 19:37:47 [Note]: 7003 1
03/23/10 19:37:47 [Note]: 10002 3
03/23/10 19:37:47 [Info]: Hidden file: c:\RRbackups\Documents and Settings\Erin.ERIN\Application Data\Microsoft\Protect\S-1-5
03/23/10 19:37:47 [Note]: 7002 0
03/23/10 19:37:47 [Note]: 7003 1
03/23/10 19:37:47 [Note]: 10002 3
03/23/10 19:37:47 [Info]: Hidden file: c:\RRbackups\Documents and Settings\Erin.ERIN\Application Data\Microsoft\Protect\S-1-5
03/23/10 19:37:47 [Note]: 7002 0
03/23/10 19:37:47 [Note]: 7003 1
03/23/10 19:37:47 [Note]: 10002 3
03/23/10 19:37:47 [Info]: Hidden file: c:\RRbackups\Documents and Settings\Erin.ERIN\Application Data\Microsoft\Protect\S-1-5
03/23/10 19:37:47 [Note]: 7002 0
03/23/10 19:37:47 [Note]: 7003 1
03/23/10 19:37:47 [Note]: 10002 3
03/23/10 19:37:47 [Info]: Hidden file: c:\RRbackups\Documents and Settings\Erin.ERIN\Application Data\Microsoft\Protect\S-1-5
03/23/10 19:37:47 [Note]: 7002 0
03/23/10 19:37:47 [Note]: 7003 1
03/23/10 19:37:47 [Note]: 10002 3
03/23/10 19:37:47 [Info]: Hidden file: c:\RRbackups\Documents and Settings\Erin.ERIN\Application Data\Microsoft\Protect\S-1-5
03/23/10 19:37:47 [Note]: 7002 0
03/23/10 19:37:47 [Note]: 7003 1
03/23/10 19:37:47 [Note]: 10002 3
03/23/10 19:37:47 [Info]: Hidden file: c:\RRbackups\Documents and Settings\Erin.ERIN\Application Data\Microsoft\Protect\S-1-5
03/23/10 19:37:47 [Note]: 7002 0
03/23/10 19:37:47 [Note]: 7003 1
03/23/10 19:37:47 [Note]: 10002 3
03/23/10 19:37:47 [Info]: Hidden file: c:\RRbackups\Documents and Settings\Erin.ERIN\Application Data\Microsoft\Protect\S-1-5
03/23/10 19:37:47 [Note]: 7002 0
03/23/10 19:37:47 [Note]: 7003 1
03/23/10 19:37:47 [Note]: 10002 3
03/23/10 19:37:47 [Info]: Hidden file: c:\RRbackups\Documents and Settings\Erin.ERIN\Application Data\Microsoft\Protect\S-1-5
03/23/10 19:37:47 [Note]: 7002 0
03/23/10 19:37:47 [Note]: 7003 1
03/23/10 19:37:47 [Note]: 10002 3
03/23/10 19:37:47 [Info]: Hidden file: c:\RRbackups\Documents and Settings\Erin.ERIN\Application Data\Microsoft\Protect\S-1-5
03/23/10 19:37:47 [Note]: 7002 0
03/23/10 19:37:47 [Note]: 7003 1
03/23/10 19:37:47 [Note]: 10002 3
03/23/10 19:37:47 [Info]: Hidden file: c:\RRbackups\Documents and Settings\Erin.ERIN\Application Data\Microsoft\Protect\S-1-5
03/23/10 19:37:47 [Note]: 7002 0
03/23/10 19:37:47 [Note]: 7003 1
03/23/10 19:37:47 [Note]: 10002 3
03/23/10 19:37:47 [Info]: Hidden file: c:\RRbackups\Documents and Settings\Erin.ERIN\Application Data\Microsoft\Protect\S-1-5
03/23/10 19:37:47 [Note]: 7002 0
03/23/10 19:37:47 [Note]: 7003 1
03/23/10 19:37:47 [Note]: 10002 3
03/23/10 19:37:47 [Info]: Hidden file: c:\RRbackups\Documents and Settings\Erin.ERIN\Application Data\Microsoft\Protect\S-1-5
03/23/10 19:37:47 [Note]: 7002 0
03/23/10 19:37:47 [Note]: 7003 1
03/23/10 19:37:47 [Note]: 10002 3
03/23/10 19:37:47 [Info]: Hidden file: c:\RRbackups\Documents and Settings\Erin.ERIN\Application Data\Microsoft\Protect\S-1-5
03/23/10 19:37:47 [Note]: 7002 0
03/23/10 19:37:47 [Note]: 7003 1
03/23/10 19:37:47 [Note]: 10002 3
03/23/10 19:37:47 [Info]: Hidden file: c:\RRbackups\Documents and Settings\Erin.ERIN\Application Data\Microsoft\Protect\S-1-5
03/23/10 19:37:47 [Note]: 7002 0
03/23/10 19:37:47 [Note]: 7003 1
03/23/10 19:37:47 [Note]: 10002 3
03/23/10 19:37:47 [Info]: Hidden file: c:\RRbackups\Documents and Settings\Erin.ERIN\Application Data\ThinkVantage\Client Sec
03/23/10 19:37:47 [Note]: 7002 0
03/23/10 19:37:47 [Note]: 7003 1
03/23/10 19:37:47 [Note]: 10002 3
03/23/10 19:37:47 [Info]: Hidden file: c:\RRbackups\Documents and Settings\Erin.ERIN\Application Data\ThinkVantage\Client Sec
03/23/10 19:37:47 [Note]: 7002 0
03/23/10 19:37:47 [Note]: 7003 1
03/23/10 19:37:47 [Note]: 10002 3
03/23/10 19:37:47 [Info]: Hidden file: c:\RRbackups\Documents and Settings\Erin.ERIN\Application Data\ThinkVantage\Client Sec
03/23/10 19:37:47 [Note]: 7002 0
03/23/10 19:37:47 [Note]: 7003 1
03/23/10 19:37:47 [Note]: 10002 3
03/23/10 19:37:47 [Info]: Hidden file: c:\RRbackups\Documents and Settings\Erin.ERIN\Application Data\ThinkVantage\Client Sec
03/23/10 19:37:47 [Note]: 7002 0
03/23/10 19:37:47 [Note]: 7003 1
03/23/10 19:37:47 [Note]: 10002 3
03/23/10 19:37:48 [Info]: Hidden file: c:\RRbackups\Documents and Settings\uofs\Application Data\Microsoft\Crypto\RSA\S-1-5-2
03/23/10 19:37:48 [Note]: 7002 0
03/23/10 19:37:48 [Note]: 7003 1
03/23/10 19:37:48 [Note]: 10002 3
03/23/10 19:37:48 [Info]: Hidden file: c:\RRbackups\Documents and Settings\uofs\Application Data\Microsoft\Protect\CREDHIST
03/23/10 19:37:48 [Note]: 7002 0
03/23/10 19:37:48 [Note]: 7003 1
03/23/10 19:37:48 [Note]: 10002 3
03/23/10 19:37:48 [Info]: Hidden file: c:\RRbackups\Documents and Settings\uofs\Application Data\Microsoft\Protect\S-1-5-21-2
03/23/10 19:37:48 [Note]: 7002 0
03/23/10 19:37:48 [Note]: 7003 1
03/23/10 19:37:48 [Note]: 10002 3
03/23/10 19:37:48 [Info]: Hidden file: c:\RRbackups\Documents and Settings\uofs\Application Data\Microsoft\Protect\S-1-5-21-2
03/23/10 19:37:48 [Note]: 7002 0
03/23/10 19:37:48 [Note]: 7003 1
03/23/10 19:37:48 [Note]: 10002 3
03/23/10 19:37:48 [Info]: Hidden file: c:\RRbackups\Documents and Settings\uofs\Application Data\Microsoft\Protect\S-1-5-21-2
03/23/10 19:37:48 [Note]: 7002 0
03/23/10 19:37:48 [Note]: 7003 1
03/23/10 19:37:48 [Note]: 10002 3
03/23/10 19:37:48 [Info]: Hidden file: c:\RRbackups\Documents and Settings\uofs\Application Data\Microsoft\Protect\S-1-5-21-2
03/23/10 19:37:48 [Note]: 7002 0
03/23/10 19:37:48 [Note]: 7003 1
03/23/10 19:37:48 [Note]: 10002 3
03/23/10 19:37:48 [Info]: Hidden file: c:\RRbackups\Documents and Settings\uofs\Application Data\Microsoft\Protect\S-1-5-21-3
03/23/10 19:37:48 [Note]: 7002 0
03/23/10 19:37:48 [Note]: 7003 1
03/23/10 19:37:48 [Note]: 10002 3
03/23/10 19:37:48 [Info]: Hidden file: c:\RRbackups\Documents and Settings\uofs\Application Data\Microsoft\Protect\S-1-5-21-3
03/23/10 19:37:48 [Note]: 7002 0
03/23/10 19:37:48 [Note]: 7003 1
03/23/10 19:37:48 [Note]: 10002 3
03/23/10 19:37:48 [Info]: Hidden file: c:\RRbackups\Documents and Settings\uofs\Application Data\Microsoft\Protect\S-1-5-21-3
03/23/10 19:37:48 [Note]: 7002 0
03/23/10 19:37:48 [Note]: 7003 1
03/23/10 19:37:48 [Note]: 10002 3
03/23/10 19:37:48 [Info]: Hidden file: c:\RRbackups\Documents and Settings\uofs\Application Data\Microsoft\Protect\S-1-5-21-3
03/23/10 19:37:48 [Note]: 7002 0
03/23/10 19:37:48 [Note]: 7003 1
03/23/10 19:37:48 [Note]: 10002 3
03/23/10 19:37:48 [Info]: Hidden file: c:\RRbackups\Documents and Settings\uofs\Application Data\Microsoft\Protect\S-1-5-21-4
03/23/10 19:37:48 [Note]: 7002 0
03/23/10 19:37:48 [Note]: 7003 1
03/23/10 19:37:48 [Note]: 10002 3
03/23/10 19:37:48 [Info]: Hidden file: c:\RRbackups\Documents and Settings\uofs\Application Data\Microsoft\Protect\S-1-5-21-4
03/23/10 19:37:48 [Note]: 7002 0
03/23/10 19:37:48 [Note]: 7003 1
03/23/10 19:37:48 [Note]: 10002 3
03/23/10 19:37:48 [Info]: Hidden file: c:\RRbackups\Documents and Settings\uofs\Application Data\Microsoft\Protect\S-1-5-21-8
03/23/10 19:37:48 [Note]: 7002 0
03/23/10 19:37:48 [Note]: 7003 1
03/23/10 19:37:48 [Note]: 10002 3
03/23/10 19:37:48 [Info]: Hidden file: c:\RRbackups\Documents and Settings\uofs\Application Data\Microsoft\Protect\S-1-5-21-8
03/23/10 19:37:48 [Note]: 7002 0
03/23/10 19:37:48 [Note]: 7003 1
03/23/10 19:37:48 [Note]: 10002 3
03/23/10 19:37:48 [Info]: Hidden file: c:\RRbackups\Documents and Settings\uofs\Application Data\Microsoft\Protect\S-1-5-21-9
03/23/10 19:37:48 [Note]: 7002 0
03/23/10 19:37:48 [Note]: 7003 1
03/23/10 19:37:48 [Note]: 10002 3
03/23/10 19:37:48 [Info]: Hidden file: c:\RRbackups\Documents and Settings\uofs\Application Data\Microsoft\Protect\S-1-5-21-9
03/23/10 19:37:48 [Note]: 7002 0
03/23/10 19:37:48 [Note]: 7003 1
03/23/10 19:37:48 [Note]: 10002 3
03/23/10 19:37:48 [Info]: Hidden file: c:\RRbackups\Documents and Settings\uofs\Application Data\ThinkVantage\Client Security
03/23/10 19:37:48 [Note]: 7002 0
03/23/10 19:37:48 [Note]: 7003 1
03/23/10 19:37:48 [Note]: 10002 3
03/23/10 19:37:48 [Info]: Hidden file: c:\RRbackups\Documents and Settings\uofs\Application Data\ThinkVantage\Client Security
03/23/10 19:37:48 [Note]: 7002 0
03/23/10 19:37:48 [Note]: 7003 1
03/23/10 19:37:48 [Note]: 10002 3
03/23/10 19:37:48 [Info]: Hidden file: c:\RRbackups\Documents and Settings\uofs\Application Data\ThinkVantage\Client Security
03/23/10 19:37:48 [Note]: 7002 0
03/23/10 19:37:48 [Note]: 7003 1
03/23/10 19:37:48 [Note]: 10002 3
03/23/10 19:37:48 [Info]: Hidden file: c:\RRbackups\Documents and Settings\uofs\Application Data\ThinkVantage\Client Security
03/23/10 19:37:48 [Note]: 7002 0
03/23/10 19:37:48 [Note]: 7003 1
03/23/10 19:37:48 [Note]: 10002 3
03/23/10 19:37:50 [Info]: Hidden file: c:\RRbackups\hints.dat
03/23/10 19:37:50 [Note]: 7002 0
03/23/10 19:37:50 [Note]: 7003 1
03/23/10 19:37:50 [Note]: 10002 1
03/23/10 19:37:51 [Info]: Hidden file: c:\RRbackups\osfilter.txt
03/23/10 19:37:51 [Note]: 7002 0
03/23/10 19:37:51 [Note]: 7003 1
03/23/10 19:37:51 [Note]: 10002 1
03/23/10 19:37:53 [Info]: Hidden file: c:\RRbackups\regcerts.dat
03/23/10 19:37:53 [Note]: 7002 0
03/23/10 19:37:53 [Note]: 7003 1
03/23/10 19:37:53 [Note]: 10002 1
03/23/10 19:37:55 [Info]: Hidden file: c:\RRbackups\rr.log
03/23/10 19:37:55 [Note]: 7002 0
03/23/10 19:37:55 [Note]: 7003 1
03/23/10 19:37:55 [Note]: 10002 1
03/23/10 19:37:57 [Info]: Hidden file: c:\RRbackups\SAM
03/23/10 19:37:57 [Note]: 7002 0
03/23/10 19:37:57 [Note]: 7003 1
03/23/10 19:37:57 [Note]: 10002 1
03/23/10 19:37:58 [Info]: Hidden file: c:\RRbackups\system
03/23/10 19:37:58 [Note]: 7002 0
03/23/10 19:37:58 [Note]: 7003 1
03/23/10 19:37:58 [Note]: 10002 1
03/23/10 19:38:00 [Info]: Hidden file: c:\RRbackups\system.dat
03/23/10 19:38:00 [Note]: 7002 0
03/23/10 19:38:00 [Note]: 7003 1
03/23/10 19:38:00 [Note]: 10002 1
03/23/10 19:38:02 [Info]: Hidden file: c:\RRbackups\tvt.txt
03/23/10 19:38:02 [Note]: 7002 0
03/23/10 19:38:02 [Note]: 7003 1
03/23/10 19:38:02 [Note]: 10002 1
03/23/10 19:38:03 [Info]: Hidden file: c:\RRbackups\usersids.dat
03/23/10 19:38:03 [Note]: 7002 0
03/23/10 19:38:03 [Note]: 7003 1
03/23/10 19:38:03 [Note]: 10002 1
03/23/10 19:43:16 [Note]: 7007 0

[emoulding]

Logfile of random's system information tool 1.06 (written by random/random)
Run by Erin at 2010-03-23 20:05:46
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 51 GB (36%) free of 142 GB
Total RAM: 1526 MB (48% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:06:05 PM, on 23/03/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\system32\PMSveH.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\HOTKEY\TPHKMGR.exe
C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe
C:\WINDOWS\system32\PMHandler.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Softex\OmniPass\scureapp.exe
C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe
C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauthe.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Erin.ERIN\Desktop\RSIT.exe
C:\Program Files\trend micro\Erin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lenovo.com/us/en/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lenovo.com/us/en/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.lenovo.com/us/en/
O2 - BHO: Sophos Web Content Scanner - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TPWAUDAP] C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe
O4 - HKLM\..\Run: [PMHandler] C:\WINDOWS\system32\PMHandler.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [suScheduler] C:\Program Files\ThinkVantage\SystemUpdate\UCLauncher.exe /SCHEDULER
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe
O4 - HKLM\..\Run: [cssauthe] "C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauthe.exe" silent
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com/us/en/
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b56986.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b56986.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PMSveH - Lenovo - C:\WINDOWS\system32\PMSveH.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Unknown owner - C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
O23 - Service: ThinkVantage System Update (UCLauncherService) - Unknown owner - C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe

--
End of file - 10329 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Daily.job
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1207502187.job
C:\WINDOWS\tasks\Standard Daily Scan at 2 AM.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39EA7695-B3F2-4C44-A4BC-297ADA8FD235}]
Sophos Web Content Scanner - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll [2010-02-03 240680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2006-09-21 114748]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-10-28 761945]
"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\HDAShCut.exe [2005-01-07 61952]
"TPHOTKEY"=C:\Program Files\Lenovo\HOTKEY\TPHKMGR.exe [2005-12-20 94208]
"TPWAUDAP"=C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe [2005-12-10 24064]
"PMHandler"=C:\WINDOWS\system32\PMHandler.exe [2006-05-20 24576]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2005-12-12 88204]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-11-03 98304]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-11-03 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-11-03 118784]
"suScheduler"=C:\Program Files\ThinkVantage\SystemUpdate\UCLauncher.exe [2005-08-01 40960]
"ISUSPM Startup"=c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2007-08-30 205480]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2007-08-28 73728]
"OmniPass"=C:\Program Files\Softex\OmniPass\scureapp.exe [2006-02-28 2076672]
"LPManager"=C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe [2005-12-07 106496]
"cssauthe"=C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauthe.exe [2005-12-21 1988144]
"DiskeeperSystray"=C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe [2005-11-29 196696]
"ACTray"=C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe [2006-04-17 409600]
"ACWLIcon"=C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe [2006-04-17 98304]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2006-09-21 127036]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-08-13 177440]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-09 153136]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-11-10 417792]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-02-15 141608]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2007-08-30 205480]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
AutoUpdate Monitor.lnk - C:\Program Files\Sophos\AutoUpdate\ALMon.exe
hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Documents and Settings\Erin.ERIN\Start Menu\Programs\Startup
PowerReg Scheduler.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ACNotify]
c:\program files\thinkpad\connectutilities\ACNotify.dll [2006-04-17 32768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-11-03 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OPXPGina]
C:\Program Files\Softex\OmniPass\opxpgina.dll [2006-02-28 49152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey]
C:\WINDOWS\system32\tphklock.dll [2005-12-20 24576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SAVService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=36
"NoDriveAutoRun"=FFFFFFFF

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ThinkVantage\SystemUpdate\jre\bin\javaw.exe"="C:\Program Files\ThinkVantage\SystemUpdate\jre\bin\javaw.exe:*:Enabled:ThinkVantage System Update"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ThinkVantage\SystemUpdate\jre\bin\javaw.exe"="C:\Program Files\ThinkVantage\SystemUpdate\jre\bin\javaw.exe:*:Enabled:ThinkVantage System Update"

======List of files/folders created in the last 1 months======

2010-03-23 19:05:06 ----D---- C:\_OTM
2010-03-23 19:03:41 ----D---- C:\WINDOWS\ERDNT
2010-03-23 19:03:30 ----D---- C:\Program Files\ERUNT
2010-03-21 18:28:04 ----D---- C:\Documents and Settings\Erin.ERIN\Application Data\Malwarebytes
2010-03-21 18:27:52 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-03-21 18:27:51 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-03-19 15:52:53 ----D---- C:\Program Files\trend micro
2010-03-19 15:52:46 ----D---- C:\rsit
2010-03-12 19:45:26 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$
2010-03-12 19:39:58 ----RASHD---- C:\autorun.inf
2010-03-07 15:23:49 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-03-07 15:23:49 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2010-03-02 21:32:38 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$

======List of files/folders modified in the last 1 months======

2010-03-23 20:05:54 ----D---- C:\WINDOWS\Prefetch
2010-03-23 19:15:57 ----RSHD---- C:\RRbackups
2010-03-23 19:13:43 ----D---- C:\WINDOWS\Temp
2010-03-23 19:06:51 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-23 19:05:11 ----RD---- C:\Program Files
2010-03-23 19:03:41 ----AD---- C:\WINDOWS
2010-03-23 19:01:50 ----D---- C:\Program Files\Mozilla Firefox
2010-03-23 09:04:50 ----D---- C:\IBMSHARE
2010-03-22 17:49:39 ----D---- C:\WINDOWS\system32\config
2010-03-21 18:27:55 ----D---- C:\WINDOWS\system32\drivers
2010-03-21 18:07:00 ----AD---- C:\WINDOWS\system32
2010-03-21 16:00:51 ----SHD---- C:\WINDOWS\Installer
2010-03-12 21:53:34 ----N---- C:\WINDOWS\matlab.ini
2010-03-12 19:45:53 ----HD---- C:\WINDOWS\inf
2010-03-12 19:45:37 ----RSHD---- C:\WINDOWS\system32\dllcache
2010-03-12 19:45:34 ----D---- C:\Program Files\Movie Maker
2010-03-12 19:43:58 ----HD---- C:\WINDOWS\$hf_mig$
2010-03-12 19:43:54 ----D---- C:\WINDOWS\system32\CatRoot2
2010-03-12 19:04:33 ----D---- C:\Documents and Settings
2010-03-08 13:15:11 ----N---- C:\WINDOWS\win.ini
2010-03-07 23:14:29 ----N---- C:\WINDOWS\imsins.BAK
2010-03-07 23:07:25 ----C---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-03-07 23:04:44 ----D---- C:\Program Files\Common Files
2010-03-07 23:02:33 ----D---- C:\Program Files\Google
2010-03-07 23:02:26 ----D---- C:\Program Files\Common Files\AOL
2010-03-07 22:48:55 ----SHD---- C:\System Volume Information
2010-03-07 22:02:00 ----SD---- C:\WINDOWS\Tasks
2010-03-07 17:16:08 ----D---- C:\Program Files\Common Files\Real
2010-03-07 17:13:52 ----D---- C:\Documents and Settings\Erin.ERIN\Application Data\Real
2010-03-01 23:30:12 ----N---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-07 35840]
R1 ANC;ANC; C:\WINDOWS\System32\drivers\ANC.SYS [2005-11-08 11520]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2006-03-17 5660]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2006-03-17 22684]
R1 IBMTPCHK;IBMTPCHK; \??\C:\WINDOWS\system32\Drivers\IBMBLDID.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 PMHler;PMHler; C:\WINDOWS\system32\drivers\PMHler.sys [2005-12-21 10240]
R1 SAVOnAccessControl;SAVOnAccessControl; C:\WINDOWS\system32\DRIVERS\savonaccesscontrol.sys [2009-02-26 110848]
R1 SAVOnAccessFilter;SAVOnAccessFilter; C:\WINDOWS\system32\DRIVERS\savonaccessfilter.sys [2009-02-26 38528]
R1 TPHKDRV;TPHKDRV; C:\WINDOWS\system32\drivers\TPHKDRV.sys [2005-12-07 18101]
R1 TSMAPIP;TSMAPIP; C:\WINDOWS\System32\drivers\TSMAPIP.SYS [2006-01-11 7168]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.9.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-06-27 21275]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2006-09-21 26044]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2006-09-21 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2006-09-21 87004]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2006-09-21 15068]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2006-09-21 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2006-09-21 88476]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2006-09-21 94460]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2006-03-17 40544]
R2 EGATHDRV;IBM eGatherer; \??\C:\WINDOWS\SYSTEM32\EGATHDRV.SYS []
R2 ibmfilter;ibmfilter; \??\C:\WINDOWS\system32\drivers\ibmfilter.sys []
R2 PMEM;PMEM; \??\C:\WINDOWS\system32\drivers\PMEMNT.SYS []
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2005-12-28 13568]
R2 smi2;smi2; \??\C:\Program Files\SMI2\smi2.sys []
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2005-08-18 138752]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-12-12 1124097]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ATSWPDRV;AuthenTec TruePrint USB Driver (AES2500); C:\WINDOWS\System32\Drivers\ATSwpDrv.sys [2005-03-29 116594]
R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2006-01-17 328061]
R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2006-01-17 30459]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2006-01-17 850474]
R3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2006-01-17 148900]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2006-01-17 65688]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-11-03 1353820]
R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2003-09-11 21060]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2005-11-16 28928]
R3 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2005-11-01 51584]
R3 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2005-11-01 308992]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-02-27 81408]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-10-28 191936]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2005-12-05 1428096]
S3 ac97intc;Intel(r) 82801 Audio Driver Install Service (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2005-01-07 145920]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2003-03-09 51024]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2003-03-09 16080]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2003-03-09 21456]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 psadd;IBM PSA Access Driver; \??\C:\WINDOWS\system32\Drivers\psadd.sys []
S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2007-10-31 30464]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 SophosBootDriver;SophosBootDriver; C:\WINDOWS\system32\DRIVERS\SophosBootDriver.sys [2008-09-30 14976]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcPrfMgrSvc;Ac Profile Manager Service; C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe [2006-04-17 40960]
R2 AcSvc;Access Connections Main Service; C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe [2006-04-17 151552]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 btwdins;Bluetooth Service; C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe [2006-01-17 266295]
R2 Diskeeper;Diskeeper; C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe [2005-12-14 622700]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2005-12-28 114753]
R2 omniserv;Softex OmniPass Service; C:\Program Files\Softex\OmniPass\Omniserv.exe [2006-02-28 32768]
R2 PMSveH;PMSveH; C:\WINDOWS\system32\PMSveH.exe [2006-05-19 57344]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2005-12-28 217164]
R2 S24EventMonitor;Intel(R) PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2005-12-28 540745]
R2 SAVAdminService;Sophos Anti-Virus status reporter; C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2009-10-28 80936]
R2 SAVService;Sophos Anti-Virus; C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe [2008-09-30 98304]
R2 Sophos AutoUpdate Service;Sophos AutoUpdate Service; C:\Program Files\Sophos\AutoUpdate\ALsvc.exe [2009-07-01 172032]
R2 TVT Backup Service;TVT Backup Service; C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe [2005-12-21 1384448]
R2 TVT Scheduler;TVT Scheduler; C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe [2005-12-21 77824]
R2 UCLauncherService;ThinkVantage System Update; C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe [2005-08-01 40960]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-02-15 545576]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-03-29 779824]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-03-12 271920]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2003-03-09 65795]
S3 PsaSrv;IBM PSA Access Driver Control; C:\WINDOWS\system32\PsaSrv.exe []
S3 WmcCds;Windows Media Connect (WMC); c:\program files\windows media connect\mswmccds.exe [2004-08-11 483328]
S3 WmcCdsLs;Windows Media Connect (WMC) Helper; C:\Program Files\Windows Media Connect\mswmcls.exe [2004-08-10 28160]

-----------------EOF-----------------

[Dakeyras]

Hi.

Sometimes it does this when I click restart, a dialog window pops up. The title says "OPXPApp.exe - DLL initialization failed", and the contents say "Initialization failed because the windows station is shutting down". I click ok, and it pops up again, and it does not go away no matter how many times I click.
OmniPass

This may relate to the Softex OmniPass biometric application and it appears you do indeed have OmniPass present in the Add/Remove list.

So is the aforementioned application still actually installed or not?

Check Hard Disk For Errors:

Press Start->Run, then copy/paste the following command into the box and press OK:

cmd /c chkdsk c: |find /v "percent" >> "%userprofile%\desktop\checkhd.txt"

A blank command window will open on your desktop, then close in a few minutes. This is normal.
A file icon named checkhd.txt should appear on your Desktop. Please post the contents of this file.

[emoulding]

Yeah, OmniPass is installed. Is that what that is? I wouldn't be concerned about anything except viruses, spyware, etc., things that could be transferred to my new computer. Anything else probably isn't worth the effort, since I won't be keeping this one.

Check: run.


The type of the file system is NTFS.
Volume label is IBM_PRELOAD.

WARNING! F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
CHKDSK is verifying indexes (stage 2 of 3)...
Deleting index entry A67ED2~1 in index $I30 of file 9509.
Deleting index entry AAB2E2EBd01 in index $I30 of file 9509.
Deleting index entry AAB2E2~1 in index $I30 of file 9509.
Deleting index entry CBBAFA~1 in index $I30 of file 9509.
Deleting index entry D1557E79d01 in index $I30 of file 9509.
Deleting index entry D1557E~1 in index $I30 of file 9509.
Deleting index entry SESSIO~1.JS in index $I30 of file 44158.

Errors found. CHKDSK cannot continue in read-only mode.

[Dakeyras]

Hi.

Yeah, OmniPass is installed. Is that what that is?

Aye my research leads myself to believe the actual installation may be corrupted. So you can either uninstall it and leave it at that if not used and or re-install again and either should rectify the problem. As it stands I do not think malware is the culprit here but we will be running another scan in due course after the below to verify your machine is indeed malware free.

Hard-Drive Maintenance/Repair:

Note: For the CHKDSK portion you may refer to this tutorial of mine here and follow the instructions for Graphical Mode if you so wish.

• Click Start >> Run... then type in CMD and click on OK.
• At the Command Prompt C:\ > type the following:
• CD C:\ and hit the Enter/Return key.
• Now type in DEFRAG C: -F
• A Analysis report will be displayed and then Windows will start the Defragmention run automatically.
• This may take some time, when completed the Command Prompt C:\ > will appear.
• Now type in CHKDSK C: /R and hit the Enter/Return key.
• When prompted with:

CHKDSK cannot run because the volume is in use by another process
Would you like to schedule this volume to be checked next time the system
restarts (Y/N)

• Hit the Y key then at the Command Prompt C:\ >
• Type in EXIT and and hit the Enter/Return key.
• Now Reboot(Restart) your computer.

Note: Upon Reboot(Restart) the CHKDSK(check-disk) will start and carry out the repairs required.

You should see a screen like this just after the Post(power on self test) screen:



Note: Do not touch either the keyboard or Mouse, otherwise the Check-Disk will be cancelled and you computer will continue to boot-up as normal.

Let myself know when completed the above procedures, thank you.

[emoulding]

OmniPass: uninstalled.
Defrag: it's running...it took a while for the analysis report to appear, and nothing has appeared in the window since then. It's been about 12 hours. How much time should it take?

[Dakeyras]

Hi.

The defrag' run may take a good few hrs yet as the HDD is in quite a state due to all the cold shut-downs. Now if it does take longer than say another 3-4 hrs. Stop the defrag' and proceed to the Check-Disk instructions and when that is completed let myself know please.

[emoulding]

The defrag did finish, and I ran the check disk. My new laptop has also arrived (I have to pick it up yet), so there's not much point in cleaning this one beyond the basics.

[Dakeyras]

The defrag did finish, and I ran the check disk. My new laptop has also arrived (I have to pick it up yet), so there's not much point in cleaning this one beyond the basics.

Ok fair enough, just carry out the below please as a precaution. This way we can ensure your machine is clean before you transfer anything to the new one.

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

• Please go here then click on:
  

  Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
  All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

• Select the option YES, I accept the Terms of Use then click on:
• When prompted allow the Add-On/Active X to install.
• Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
• Now click on Advanced Settings and select the following:

• Scan for potentially unwanted applications
  
• Scan for potentially unsafe applications
• Enable Anti-Stealth Technology
• Now click on:
• The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
• When completed the Online Scan will begin automatically.
• Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
• When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
• Now click on:
• Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
• Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

[emoulding]

Done.

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=a1ac34c73eac894891e96063548eb33a
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-03-26 05:22:29
# local_time=2010-03-25 11:22:29 (-0600, Canada Central Standard Time)
# country="Canada"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# compatibility_mode=8449 16775141 100 99 0 87122068 0 0
# scanned=387
# found=0
# cleaned=0
# scan_time=555
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=a1ac34c73eac894891e96063548eb33a
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-03-26 05:26:13
# local_time=2010-03-25 11:26:13 (-0600, Canada Central Standard Time)
# country="Canada"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# compatibility_mode=8449 16775141 100 99 0 87122727 0 0
# scanned=378
# found=0
# cleaned=0
# scan_time=121
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=a1ac34c73eac894891e96063548eb33a
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-03-26 03:04:07
# local_time=2010-03-26 09:04:07 (-0600, Canada Central Standard Time)
# country="Canada"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# compatibility_mode=8449 16775141 100 99 0 87125386 0 0
# scanned=165487
# found=0
# cleaned=0
# scan_time=32134

[Dakeyras]

Hi.

The scan results are good. Congratulations your computer now appears to be malware free!

Just carry out the below and you will be good to go for starting the transfer what you want to your new computer.

Download/Run OTC:

Please download OTC and save it to desktop.

This tool will remove all the tools(and logs created) we used to clean your pc. Any left over merely delete yourself and empty the Recycle Bin.

• Double-click OTC.exe.
• Click the CleanUp! button.
• Select Yes when the "Begin cleanup Process?" prompt appears.
• If you are prompted to Reboot during the cleanup, select Yes.
• The tool will delete itself once it finishes, if not delete it by yourself.

Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

Reset the System Restore points:

• Create a new, clean System Restore point which you can use in case of future system problems:
• Press Start >> All Programs >> Accessories >>System Tools >> System Restore
• Select Create a restore point, then Next, type a name like All Clean then press the Create button and once it's done press Close
• Now remove old, infected System Restore points:
• Next click Start >> Run and type cleanmgr in the box and press OK
• Ensure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
• Select the More Options tab, under System Restore press Clean up... and say Yes to the prompt
• Press OK and Yes to confirm

Next:

Any questions? If so feel free to ask, if not stay safe!

[emoulding]

Done.

Was there any information on that virus check thing that pops up? This one:
Performs virus scanning and disinfection functions has encountered a problem and needs to close. We are sorry for the inconvenience.


If you could suggest a standard course of maintenance for spyware and viruses, that would be good. It would be for my old laptop and my husbands laptop (both XP SP3), my parents machines (Vista) and my new laptop (64 bit 7). My new laptop came with McAfee, and I have AVG on my parents machines. Also, is there anything you think should be done with a new laptop for setup or settings?

[Dakeyras]

Hi.

Follow my original advice here for all the machines mentioned and the chance for any malware gaining a foot-hold will be greatly reduced.

[emoulding]

A few specific questions:

McAfee's spyware protection. Is this enough for active scanning, or should I get the full version of MBAM?
ERUNT on Vista/7 machines. Apparently it won't do the auto-backup thing on them without changing the user control settings. Which is more important?

[Dakeyras]

Hi.

McAfee's spyware protection. Is this enough for active scanning, or should I get the full version of MBAM?

Aye should be adequate providing you keep it updated. Though by all means purchasing a licence for MBAM will add a extra layer of protection that should not cause a system conflict.

ERUNT on Vista/7 machines. Apparently it won't do the auto-backup thing on them without changing the user control settings. Which is more important?

No it will not unfortunately because both operating systems require such a application to be ran in Admin' mode to gain the correct access/permissions. So the minor inconvenience of creating a backup manually say once per week is worth it in my humble opinion.