|
|
|
I need help
|
|
|
trishajoy
Junior Member
|
3. April 2007 @ 16:49 |
Link to this message
|
|
It didn't ask me to reboot.[Registry - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\winctl deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Brave-Sentry deleted successfully.
DNS NameServer information removed successfully for adapter:
[Files/Folders - Created Within 30 days]
C:\WINDOWS\SYSTEM32\ipv6mons.dll moved successfully.
C:\WINDOWS\SYSTEM32\winctl.dll moved successfully.
[Files/Folders - Modified Within 30 days]
C:\WINDOWS\If42le.ini moved successfully.
C:\WINDOWS\imsins.BAK moved successfully.
File C:\WINDOWS\SYSTEM32\ipv6mons.dll not found!
File C:\WINDOWS\SYSTEM32\winctl.dll not found!
[File String Scan - Non-Microsoft Only]
File C:\WINDOWS\SYSTEM32\winctl.dll not found!
< End of log >
Created on 04/03/2007 18:45:59
___________________________________________________________________
I guess this is the log file you were talking about... right?
[Registry - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\winctl deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Brave-Sentry deleted successfully.
DNS NameServer information removed successfully for adapter:
[Files/Folders - Created Within 30 days]
C:\WINDOWS\SYSTEM32\ipv6mons.dll moved successfully.
C:\WINDOWS\SYSTEM32\winctl.dll moved successfully.
[Files/Folders - Modified Within 30 days]
C:\WINDOWS\If42le.ini moved successfully.
C:\WINDOWS\imsins.BAK moved successfully.
File C:\WINDOWS\SYSTEM32\ipv6mons.dll not found!
File C:\WINDOWS\SYSTEM32\winctl.dll not found!
[File String Scan - Non-Microsoft Only]
File C:\WINDOWS\SYSTEM32\winctl.dll not found!
< End of log >
Created on 04/03/2007 18:45:59
|
|
Advertisement
|
|
|
|
|
KotaGuy
Member
|
3. April 2007 @ 17:26 |
Link to this message
|
|
Can I get you run WinPFind through another scan and post the new log please.
Thanks :)
|
|
trishajoy
Junior Member
|
3. April 2007 @ 17:38 |
Link to this message
|
WinPFind3 logfile created on: 4/3/2007 7:29:01 PM
WinPFind3U by OldTimer - Version 1.0.33 Folder = C:\Documents and Settings\Trisha\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)
255.55 Mb Total Physical Memory | 78.11 Mb Available Physical Memory | 30.56% Memory free
617.19 Mb Paging File | 463.64 Mb Available in Paging File | 75.12% Paging File free
Paging file location(s): C:\pagefile.sys 384 768;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 2.39 Gb Total Space | 0.30 Gb Free Space | 12.53% Space Free
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 31.47 Gb Total Space | 31.14 Gb Free Space | 98.94% Space Free
Computer Name: HOME
Current User Name: Trisha
Logged in as Administrator.
Current Boot Mode: Normal
[Processes - Non-Microsoft Only]
avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.445 | Size = 353792 bytes | Modified Date = 4/1/2007 10:06:54 PM | Attr = ]
avgemc.exe -> %ProgramFiles%\Grisoft\AVG7\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 324096 bytes | Modified Date = 4/1/2007 10:06:56 PM | Attr = ]
avgupsvc.exe -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 4/1/2007 10:07:00 PM | Attr = ]
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3760 | Size = 185896 bytes | Modified Date = 2/25/2007 1:50:02 PM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.33.0 | Size = 318464 bytes | Modified Date = 4/2/2007 10:01:54 PM | Attr = ]
[Win32 Services - Non-Microsoft Only]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 9/28/2006 7:13:20 AM | Attr = ]
(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.445 | Size = 353792 bytes | Modified Date = 4/1/2007 10:06:54 PM | Attr = ]
(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 4/1/2007 10:07:00 PM | Attr = ]
(AVGEMS) AVG E-mail Scanner [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 324096 bytes | Modified Date = 4/1/2007 10:06:56 PM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/3/2004 5:56:50 PM | Attr = ]
(gusvc) Google Updater Service [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 3/3/2007 12:35:10 PM | Attr = ]
(mmupdate) Macromedia Updater [Win32_Own | Disabled | Stopped] -> %SystemRoot%\TEMP\E64.tmp -> File not found
(Pctspk) PCTEL Speaker Phone [Win32_Own | Disabled | Stopped] -> %System32%\pctspk.exe -> PCtel, Inc. [Ver = 4.00 | Size = 86016 bytes | Modified Date = 8/17/2001 3:36:54 PM | Attr = ]
(STI Simulator) STI Simulator [Win32_Own | Disabled | Stopped] -> %System32%\PAStiSvc.exe -> [Ver = | Size = 53248 bytes | Modified Date = 1/14/2005 9:32:38 AM | Attr = ]
[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
{0228e555-4f9c-4e35-a3ec-b109a192b4c2} -> %ProgramFiles%\Google\Gmail Notifier\gnotify.exe -> Google Inc. [Ver = 1.0.25.0 | Size = 479232 bytes | Modified Date = 7/15/2005 2:48:34 PM | Attr = ]
AVG7_CC -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.438 | Size = 411648 bytes | Modified Date = 4/1/2007 10:06:54 PM | Attr = ]
D_V_T -> -> File not found
Google -> %SystemRoot%\TEMP\BBD0.tmp -> File not found
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3760 | Size = 185896 bytes | Modified Date = 2/25/2007 1:50:02 PM | Attr = ]
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
FormAutoFill -> %ProgramFiles%\FormAutoFill\faf.exe -> File not found
MSMSGS -> %ProgramFiles%\Messenger\msmsgs.exe -> File not found
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup
%AllUsersStartup%\PalStart.lnk -> %ProgramFiles%\Paltalk Messenger\palstart.exe -> [Ver = | Size = 45568 bytes | Modified Date = 3/23/2007 8:34:14 PM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< HOSTS File > (798 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts
127.0.0.1 localhost -> ->
127.0.0.1 advertising.paltalk.com -> ->
127.0.0.1 c5.zedo.com -> ->
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://www.yahoo.com/ ->
HKLM: Main\\Default_Search_URL -> http://us.rd.yahoo.com/customize/ie/defa...//www.yahoo.com ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Bar -> http://us.rd.yahoo.com/customize/ie/defa...rch/search.html ->
HKLM: Search Page -> http://us.rd.yahoo.com/customize/ie/defa...//www.yahoo.com ->
HKLM: Start Page -> http://www.yahoo.com/ ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: Search\\Default_Search_URL -> http://www.google.com/ie ->
HKLM: SearchAssistant -> http://www.google.com/ie ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Bar -> http://us.rd.yahoo.com/customize/ie/defa...rch/search.html ->
HKCU: Search Page -> http://us.rd.yahoo.com/customize/ie/defa...//www.yahoo.com ->
HKCU: Start Page -> http://www.google.com ->
HKCU: SearchAssistant -> http://www.google.com/ie ->
HKCU: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> Reg Data - Key not found [Yahoo! Toolbar] -> File not found
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> f:\program files\Reader\ActiveX\AcroIEHelper.ocx [AcroIEHlprObj Class] -> [Ver = 1, 0, 0, 1 | Size = 37808 bytes | Modified Date = 4/16/2001 4:39:02 PM | Attr = ]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> %ProgramFiles%\Google\googletoolbar2.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R ]
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R ]
WebBrowser\\{724D43A0-0D85-11D4-9908-00400523E39A} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> Reg Data - Key not found [Yahoo! Toolbar] -> File not found
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_03\bin\npjpi150_03.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.30.7 | Size = 69746 bytes | Modified Date = 4/13/2005 4:06:32 AM | Attr = ]
{4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} -> %ProgramFiles%\Paltalk Messenger\paltalk.exe [ButtonText: PalTalk] -> AVM Software Inc. [Ver = 9.88.2129.0 | Size = 10874880 bytes | Modified Date = 3/23/2007 8:41:32 PM | Attr = ]
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [ButtonText: Yahoo! Messenger] -> Yahoo! Inc. [Ver = 8,1,0,209 | Size = 4662776 bytes | Modified Date = 11/30/2006 9:49:04 PM | Attr = ]
{FB5F1910-F110-11d2-BB9E-00C04F795683} -> %ProgramFiles%\Messenger\msmsgs.exe [ButtonText: Messenger] -> File not found
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
Yahoo! &SMS -> %ProgramFiles%\Yahoo!\Common\ycsms.htm -> File not found
< Internet Explorer Plugins [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension\
.spop -> %ProgramFiles%\Internet Explorer\PLUGINS\NPDocBox.dll [Reg Data - Value does not exist] -> Intertrust Technologies, Inc. [Ver = 1.0.0.32 | Size = 270336 bytes | Modified Date = 8/1/2001 5:05:42 PM | Attr = ]
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
SV1 -> ->
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{0397AAD7-2CE6-44D1-8C6F-1491DBCEE7B4} -> (Linksys LNE100TX(v5) Fast Ethernet Adapter) ->
{3F563A29-65E7-4EF5-9038-B645C7A17045} -> () ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
ipp\0x00000001 -> %SystemDrive%\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL -> File not found
msdaipp -> Reg Data - Key not found -> File not found
msdaipp\0x00000001 -> %SystemDrive%\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL -> File not found
msdaipp\oledb -> %SystemDrive%\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{01010200-5E80-11D8-9E86-0007E96C65AE} -> SupportSoft Installer - CodeBase = http://echat.qwest.supportsoft.com/sdcco...ad/tgctlins.cab ->
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} -> CKAVWebScan Object - CodeBase = http://www.kaspersky.com/kos/eng/partner...can_unicode.cab ->
{166B1BCA-3F9C-11CF-8075-444553540000} -> Shockwave ActiveX Control - CodeBase = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab ->
{17D72920-7A15-11D4-921E-0080C8DA7A5E} -> AimSp32 Class - CodeBase = http://makeover.ivillage.co.uk/save/makeover.cab ->
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -> YInstStarter Class - CodeBase = C:\Program Files\Yahoo!\Common\yinsthelper.dll ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.5.0_03 - CodeBase = http://java.sun.com/update/1.5.0/jinstal...indows-i586.cab ->
{A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} -> InetDownload Class - CodeBase = https://media.pineconeresearch.com/ActiveX/downloadcontrol.cab ->
{B9940246-4344-4D1B-BD82-DBAF7E657FF9} -> AudioClient Control - CodeBase = http://mtstandard.serveftp.net:19141/SysCamInst.cab ->
{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_03 - CodeBase = http://java.sun.com/update/1.5.0/jinstal...indows-i586.cab ->
[Files/Folders - Created Within 30 days]
$VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG -> [Folder | Created Date = 4/2/2007 1:16:57 PM | Attr = RH ]
avenger -> %SystemDrive%\avenger -> [Folder | Created Date = 4/3/2007 6:32:28 PM | Attr = ]
avg7qt.dat -> %SystemDrive%\avg7qt.dat -> [Ver = | Size = 12220047 bytes | Created Date = 4/3/2007 8:09:35 AM | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 268029952 bytes | Created Date = 1/1/1601 7:00:00 AM | Attr = HS]
Rustbfix -> %SystemDrive%\Rustbfix -> [Folder | Created Date = 4/3/2007 6:25:52 PM | Attr = ]
cache -> %SystemRoot%\cache -> [Folder | Created Date = 3/23/2007 9:34:10 AM | Attr = ]
gmer.dll -> %SystemRoot%\gmer.dll -> [Ver = 1, 0, 12, 12086 | Size = 565311 bytes | Created Date = 4/1/2007 2:09:39 PM | Attr = ]
gmer.exe -> %SystemRoot%\gmer.exe -> [Ver = 1, 0, 12, 12086 | Size = 573440 bytes | Created Date = 4/1/2007 2:09:39 PM | Attr = R ]
@Alternate Data Stream - 0 bytes -> %SystemRoot%\gmer.exe:Zone.Identifier ->
gmer.ini -> %SystemRoot%\gmer.ini -> [Ver = | Size = 250 bytes | Created Date = 4/1/2007 2:09:41 PM | Attr = ]
gmer_uninstall.cmd -> %SystemRoot%\gmer_uninstall.cmd -> [Ver = | Size = 80 bytes | Created Date = 4/1/2007 2:09:39 PM | Attr = ]
Minidump -> %SystemRoot%\Minidump -> [Folder | Created Date = 4/1/2007 2:11:18 PM | Attr = ]
Paltalk Messenger -> %SystemRoot%\Paltalk Messenger -> [Folder | Created Date = 3/26/2007 12:16:13 PM | Attr = ]
YAHELITE.INI -> %SystemRoot%\YAHELITE.INI -> [Ver = | Size = 2376 bytes | Created Date = 3/25/2007 4:39:30 PM | Attr = ]
Kaspersky Lab -> %System32%\Kaspersky Lab -> [Folder | Created Date = 4/1/2007 11:00:19 AM | Attr = ]
avg7core.sys -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.444 | Size = 775680 bytes | Created Date = 4/1/2007 10:07:24 PM | Attr = ]
avg7rsw.sys -> %System32%\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Created Date = 4/1/2007 10:07:42 PM | Attr = ]
avg7rsxp.sys -> %System32%\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Created Date = 4/1/2007 10:07:43 PM | Attr = ]
AvgAsCln.sys -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 4/1/2007 1:59:21 PM | Attr = ]
avgclean.sys -> %System32%\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 4/1/2007 10:07:48 PM | Attr = ]
avgmfx86.sys -> %System32%\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 19392 bytes | Created Date = 4/1/2007 10:07:46 PM | Attr = ]
avgtdi.sys -> %System32%\drivers\avgtdi.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,346 | Size = 4960 bytes | Created Date = 4/1/2007 10:07:46 PM | Attr = ]
gmer.sys -> %System32%\drivers\gmer.sys -> GMER [Ver = 1, 0, 12, 3816 | Size = 68993 bytes | Created Date = 4/1/2007 2:09:39 PM | Attr = ]
[Files/Folders - Modified Within 30 days]
$VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG -> [Folder | Modified Date = 4/2/2007 1:16:58 PM | Attr = RH ]
avenger -> %SystemDrive%\avenger -> [Folder | Modified Date = 4/3/2007 6:32:30 PM | Attr = ]
avg7qt.dat -> %SystemDrive%\avg7qt.dat -> [Ver = | Size = 12220047 bytes | Modified Date = 4/3/2007 8:09:36 AM | Attr = ]
boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 211 bytes | Modified Date = 4/2/2007 5:39:36 PM | Attr = HS]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 268029952 bytes | Modified Date = 4/3/2007 6:30:44 PM | Attr = HS]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 4/3/2007 6:30:18 PM | Attr = R ]
Rustbfix -> %SystemDrive%\Rustbfix -> [Folder | Modified Date = 4/3/2007 6:31:52 PM | Attr = ]
System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 4/2/2007 4:58:34 PM | Attr = HS]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 4/3/2007 6:46:00 PM | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 4/3/2007 6:31:02 PM | Attr = S]
cache -> %SystemRoot%\cache -> [Folder | Modified Date = 3/23/2007 9:34:12 AM | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 4/1/2007 11:00:26 AM | Attr = S]
gmer.dll -> %SystemRoot%\gmer.dll -> [Ver = 1, 0, 12, 12086 | Size = 565311 bytes | Modified Date = 4/1/2007 2:09:40 PM | Attr = ]
gmer.exe -> %SystemRoot%\gmer.exe -> [Ver = 1, 0, 12, 12086 | Size = 573440 bytes | Modified Date = 3/7/2007 3:52:36 PM | Attr = R ]
@Alternate Data Stream - 0 bytes -> %SystemRoot%\gmer.exe:Zone.Identifier ->
gmer.ini -> %SystemRoot%\gmer.ini -> [Ver = | Size = 250 bytes | Modified Date = 4/1/2007 7:23:58 PM | Attr = ]
gmer_uninstall.cmd -> %SystemRoot%\gmer_uninstall.cmd -> [Ver = | Size = 80 bytes | Modified Date = 4/1/2007 2:09:40 PM | Attr = ]
INF -> %SystemRoot%\INF -> [Folder | Modified Date = 4/1/2007 11:00:20 AM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 3/30/2007 10:28:14 AM | Attr = HS]
Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 4/1/2007 7:25:48 PM | Attr = ]
Paltalk Messenger -> %SystemRoot%\Paltalk Messenger -> [Folder | Modified Date = 3/26/2007 12:16:14 PM | Attr = ]
ppa_if.bmp -> %SystemRoot%\ppa_if.bmp -> [Ver = | Size = 840862 bytes | Modified Date = 3/29/2007 8:01:22 PM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 4/2/2007 6:10:58 PM | Attr = ]
pss -> %SystemRoot%\pss -> [Folder | Modified Date = 4/2/2007 5:31:54 PM | Attr = ]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 4/2/2007 2:47:34 PM | Attr = ]
SYSTEM -> %SystemRoot%\SYSTEM -> [Folder | Modified Date = 4/1/2007 10:06:38 PM | Attr = ]
system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 4/2/2007 5:39:36 PM | Attr = ]
SYSTEM32 -> %System32% -> [Folder | Modified Date = 4/3/2007 6:46:00 PM | Attr = ]
TEMP -> %SystemRoot%\TEMP -> [Folder | Modified Date = 4/3/2007 6:26:00 PM | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 612 bytes | Modified Date = 4/2/2007 5:39:36 PM | Attr = ]
YAHELITE.INI -> %SystemRoot%\YAHELITE.INI -> [Ver = | Size = 2376 bytes | Modified Date = 3/25/2007 5:03:50 PM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 3/31/2007 9:49:34 AM | Attr = H ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 4/1/2007 11:00:12 AM | Attr = ]
DRIVERS -> %System32%\DRIVERS -> [Folder | Modified Date = 4/3/2007 6:32:30 PM | Attr = ]
imon1.dat -> %System32%\imon1.dat -> [Ver = | Size = 275 bytes | Modified Date = 3/29/2007 7:49:32 PM | Attr = ]
Kaspersky Lab -> %System32%\Kaspersky Lab -> [Folder | Modified Date = 4/1/2007 11:00:20 AM | Attr = ]
Restore -> %System32%\Restore -> [Folder | Modified Date = 4/2/2007 4:58:34 PM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2278 bytes | Modified Date = 3/31/2007 9:39:12 AM | Attr = ]
avg7core.sys -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.444 | Size = 775680 bytes | Modified Date = 4/1/2007 10:07:26 PM | Attr = ]
avg7rsw.sys -> %System32%\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Modified Date = 4/1/2007 10:07:44 PM | Attr = ]
avg7rsxp.sys -> %System32%\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Modified Date = 4/1/2007 10:07:44 PM | Attr = ]
avgclean.sys -> %System32%\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Modified Date = 4/1/2007 10:07:50 PM | Attr = ]
avgmfx86.sys -> %System32%\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 19392 bytes | Modified Date = 4/1/2007 10:07:48 PM | Attr = ]
avgtdi.sys -> %System32%\drivers\avgtdi.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,346 | Size = 4960 bytes | Modified Date = 4/1/2007 10:07:48 PM | Attr = ]
etc -> %System32%\drivers\etc -> [Folder | Modified Date = 3/30/2007 4:01:50 PM | Attr = ]
gmer.sys -> %System32%\drivers\gmer.sys -> GMER [Ver = 1, 0, 12, 3816 | Size = 68993 bytes | Modified Date = 4/1/2007 2:09:40 PM | Attr = ]
[File String Scan - Non-Microsoft Only]
@Alternate Data Stream - 0 bytes -> %SystemRoot%\gmer.exe:Zone.Identifier ->
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 8/16/2004 5:48:32 PM | Attr = ]
Thawte Consulting , -> %System32%\rmoc3260.dll -> RealNetworks, Inc. [Ver = 6.0.9.2568 | Size = 185952 bytes | Modified Date = 2/25/2007 1:50:36 PM | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 8/16/2004 5:49:40 PM | Attr = ]
UPX! , FSG! , PEC2 , aspack , -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.444 | Size = 775680 bytes | Modified Date = 4/1/2007 10:07:26 PM | Attr = ]
< End of report >
|
|
KotaGuy
Member
|
3. April 2007 @ 18:36 |
Link to this message
|
|
Looks good!
How is your PC behaving?
|
|
trishajoy
Junior Member
|
3. April 2007 @ 18:38 |
Link to this message
|
|
It's running just fine. :)
|
|
KotaGuy
Member
|
3. April 2007 @ 19:18 |
Link to this message
|
|
Excellent! :)
Now... lets see if we can reclaim some space on your C: Drive.
System Restore and the Hibernation feature in XP can take up some space.
So...
Right click on the My Computer icon on your Desktop and choose Properties. Click on the System Restore tab. Hilite the C: Drive and click the Settings button. This should open up another window with a slider. Drag the slider not all the way to the left... but to the last tick mark under the slider line and click OK. Close that Window when done and the close the System Properties window.
Next click Start>Control Panel>Performance and Maintenance>Power Options. Click the Hiberate tab. Uncheck Enable Hibernation.
Reboot.
Doing that should have cleared up quite a bit of space on your C: Drive.
Let me know how it goes.
|
|
trishajoy
Junior Member
|
3. April 2007 @ 19:31 |
Link to this message
|
|
Yes, that helped tremendously!
|
|
KotaGuy
Member
|
3. April 2007 @ 19:42 |
Link to this message
|
|
Great!
Anything else you are concerned about Trisha?
|
|
trishajoy
Junior Member
|
3. April 2007 @ 19:48 |
Link to this message
|
Well, just wondering what programs would be okay to delete. Like since I have the AVG Spy Ware scan... should I still keep Adaware?
Also, I want you to know that I really appreciate all of your help. There is no way I could have done any of this on my own. Thank you so much!
|
|
trishajoy
Junior Member
|
3. April 2007 @ 19:51 |
Link to this message
|
|
Oh, also... do you suggest a good popup blocker? I am pretty sure that (a pop up) is what caused all of this trouble.
|
|
KotaGuy
Member
|
3. April 2007 @ 19:58 |
Link to this message
|
No I'd keep both Ad-Aware and AVG AntiSpyware. One may catch something the other misses. Just remember to update them weekly and scan with them often.
But you can now delete WinPFind, RustBFix, Gmer, FindAWF and FixBlast.
Keep ATFCleaner and run it weekly to clean up temp files/junk that you don't need clogging up your hard drive.
And honestly... your 2.4gig hard drive is barely enough for XP... I highly recommend you get a bigger one if you can. A 20 or 40 Gig one would probably be fine for you... and they're pretty cheap nowadays.
And you're very welcome... I'm glad I could help :)
|
|
KotaGuy
Member
|
3. April 2007 @ 19:59 |
Link to this message
|
|
As for a PopupBlocker... install the Google Toobar for IE... it has its own PopupBlocker that works good :)
Edit: Just remembered you have that installed... do you have the blocker function of the toolbar enabled?
This message has been edited since posting. Last time this message was edited on 3. April 2007 @ 20:01
|
|
trishajoy
Junior Member
|
3. April 2007 @ 20:05 |
Link to this message
|
|
Yeah, I know about the hard drive being too barely enough. It origionally had the 40 gig but that crashed on me, so I took an older comp. drive and installed the xp on it, and by the suggestion of my brother, wiped clean the 40 gig and am now using that as the slave.... not sure how to get that to be the Master.
Anyway, again... I thank you!
|
|
KotaGuy
Member
|
3. April 2007 @ 20:09 |
Link to this message
|
|
You would need to change the jumpers on the back of the hard drives to switch them from slave>master and master>slave.
That would mean reinstalling XP on the 40Gig one though.
|
|
trishajoy
Junior Member
|
3. April 2007 @ 20:18 |
Link to this message
|
|
I did try that once and for some reason I just kept having trouble. Not sure why. I must have been doing it wrong, but then I am not that comp. knowledgeable. Also, my brother is usually my only help in this type of stuff and he isn't very easy to get ahold of and so since I had it up and running the way I did (with the smaller drive)when I did get ahold of him, he suggested to just use the 40 gig as slave.
Anyway, again... thank you!
|
|
KotaGuy
Member
|
3. April 2007 @ 20:31 |
Link to this message
|
|
No problem.
And thank you for being so patient while we worked through it.
You had some nasty infections in your PC.
You did good though ;)
|
|
trishajoy
Junior Member
|
4. April 2007 @ 13:57 |
Link to this message
|
|
Hey, just thought I'd let you know that your suspicions on that c:/Windows/System32/setldr.dll came up in my scan today as a Trojan.Downloader.Agent.KCU in my scan today and was successfully deleted. So, now you know what that is when you see it.
Also, is it okay to go in and uninstal the Kaspersky?
|
|
KotaGuy
Member
|
4. April 2007 @ 15:06 |
Link to this message
|
|
Thanks Trisha :)
You shouldn't have anything from Kaspersky to uninstall... it was just online scanner you were using.
|
|
trishajoy
Junior Member
|
4. April 2007 @ 15:24 |
Link to this message
|
|
there is a folder in my system32 that says Kaspersky Lab and it's also in my add and remove program area.
|
|
Advertisement
|
|
|
|
KotaGuy
Member
|
4. April 2007 @ 18:00 |
Link to this message
|
|
???
OK... yes you can uninstall that then.
If the Kaspersky folder is still in your System32 folder after you've uninstalled it you can delete the Kaspersky folder too.
|
|
