I need help

Try booting into Safe Mode and deleting that file.

Empty your Recylce Bin.

Reboot Windows normally and let me know how it goes.

See if you can get the new version of WinPFind to run too please. If so post the log it creates. If not... let me know.

Thanks.

 

Still, in safe mode... it gives me the same message and will not let me delete it.

 

Hmmm... ok.

Can you try to run the new version of WinPFind please.

 

WinPFind3 logfile created on: 4/3/2007 10:57:05 AM
WinPFind3U by OldTimer - Version 1.0.33 Folder = C:\Documents and Settings\Trisha\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)

255.55 Mb Total Physical Memory | 72.84 Mb Available Physical Memory | 28.50% Memory free
617.25 Mb Paging File | 458.33 Mb Available in Paging File | 74.25% Paging File free
Paging file location(s): C:\pagefile.sys 384 768;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 2.39 Gb Total Space | 0.30 Gb Free Space | 12.48% Space Free
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 31.47 Gb Total Space | 31.14 Gb Free Space | 98.94% Space Free

Computer Name: HOME
Current User Name: Trisha
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - Non-Microsoft Only]
avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.445 | Size = 353792 bytes | Modified Date = 4/1/2007 10:06:54 PM | Attr = ]
avgemc.exe -> %ProgramFiles%\Grisoft\AVG7\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 324096 bytes | Modified Date = 4/1/2007 10:06:56 PM | Attr = ]
avgupsvc.exe -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 4/1/2007 10:07:00 PM | Attr = ]
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3760 | Size = 185896 bytes | Modified Date = 2/25/2007 1:50:02 PM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.33.0 | Size = 318464 bytes | Modified Date = 4/2/2007 10:01:54 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 9/28/2006 7:13:20 AM | Attr = ]
(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.445 | Size = 353792 bytes | Modified Date = 4/1/2007 10:06:54 PM | Attr = ]
(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 4/1/2007 10:07:00 PM | Attr = ]
(AVGEMS) AVG E-mail Scanner [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 324096 bytes | Modified Date = 4/1/2007 10:06:56 PM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/3/2004 5:56:50 PM | Attr = ]
(gusvc) Google Updater Service [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 3/3/2007 12:35:10 PM | Attr = ]
(mmupdate) Macromedia Updater [Win32_Own | Disabled | Stopped] -> %SystemRoot%\TEMP\E64.tmp -> File not found
(Pctspk) PCTEL Speaker Phone [Win32_Own | Disabled | Stopped] -> %System32%\pctspk.exe -> PCtel, Inc. [Ver = 4.00 | Size = 86016 bytes | Modified Date = 8/17/2001 3:36:54 PM | Attr = ]
(STI Simulator) STI Simulator [Win32_Own | Disabled | Stopped] -> %System32%\PAStiSvc.exe -> [Ver = | Size = 53248 bytes | Modified Date = 1/14/2005 9:32:38 AM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
{0228e555-4f9c-4e35-a3ec-b109a192b4c2} -> %ProgramFiles%\Google\Gmail Notifier\gnotify.exe -> Google Inc. [Ver = 1.0.25.0 | Size = 479232 bytes | Modified Date = 7/15/2005 2:48:34 PM | Attr = ]
AVG7_CC -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.438 | Size = 411648 bytes | Modified Date = 4/1/2007 10:06:54 PM | Attr = ]
D_V_T -> -> File not found
Google -> %SystemRoot%\TEMP\BBD0.tmp -> File not found
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3760 | Size = 185896 bytes | Modified Date = 2/25/2007 1:50:02 PM | Attr = ]
winctl -> winctl.exe -> File not found
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Brave-Sentry -> %ProgramFiles%\BraveSentry\BraveSentry.exe -> File not found
FormAutoFill -> %ProgramFiles%\FormAutoFill\faf.exe -> File not found
MSMSGS -> %ProgramFiles%\Messenger\msmsgs.exe -> File not found
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup
%AllUsersStartup%\PalStart.lnk -> %ProgramFiles%\Paltalk Messenger\palstart.exe -> [Ver = | Size = 45568 bytes | Modified Date = 3/23/2007 8:34:14 PM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< HOSTS File > (798 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts
127.0.0.1 localhost -> ->
127.0.0.1 advertising.paltalk.com -> ->
127.0.0.1 c5.zedo.com -> ->
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://www.yahoo.com/ ->
HKLM: Main\\Default_Search_URL -> http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Bar -> http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html ->
HKLM: Search Page -> http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com ->
HKLM: Start Page -> http://www.yahoo.com/ ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: Search\\Default_Search_URL -> http://www.google.com/ie ->
HKLM: SearchAssistant -> http://www.google.com/ie ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Bar -> http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html ->
HKCU: Search Page -> http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com ->
HKCU: Start Page -> http://www.google.com ->
HKCU: SearchAssistant -> http://www.google.com/ie ->
HKCU: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> Reg Data - Key not found [Yahoo! Toolbar] -> File not found
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> f:\program files\Reader\ActiveX\AcroIEHelper.ocx [AcroIEHlprObj Class] -> [Ver = 1, 0, 0, 1 | Size = 37808 bytes | Modified Date = 4/16/2001 4:39:02 PM | Attr = ]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> %ProgramFiles%\Google\googletoolbar2.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R ]
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R ]
WebBrowser\\{724D43A0-0D85-11D4-9908-00400523E39A} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> Reg Data - Key not found [Yahoo! Toolbar] -> File not found
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_03\bin\npjpi150_03.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.30.7 | Size = 69746 bytes | Modified Date = 4/13/2005 4:06:32 AM | Attr = ]
{4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} -> %ProgramFiles%\Paltalk Messenger\paltalk.exe [ButtonText: PalTalk] -> AVM Software Inc. [Ver = 9.88.2129.0 | Size = 10874880 bytes | Modified Date = 3/23/2007 8:41:32 PM | Attr = ]
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [ButtonText: Yahoo! Messenger] -> Yahoo! Inc. [Ver = 8,1,0,209 | Size = 4662776 bytes | Modified Date = 11/30/2006 9:49:04 PM | Attr = ]
{FB5F1910-F110-11d2-BB9E-00C04F795683} -> %ProgramFiles%\Messenger\msmsgs.exe [ButtonText: Messenger] -> File not found
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
Yahoo! &SMS -> %ProgramFiles%\Yahoo!\Common\ycsms.htm -> File not found
< Internet Explorer Plugins [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension\
.spop -> %ProgramFiles%\Internet Explorer\PLUGINS\NPDocBox.dll [Reg Data - Value does not exist] -> Intertrust Technologies, Inc. [Ver = 1.0.0.32 | Size = 270336 bytes | Modified Date = 8/1/2001 5:05:42 PM | Attr = ]
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
SV1 -> ->
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{0397AAD7-2CE6-44D1-8C6F-1491DBCEE7B4} -> (Linksys LNE100TX(v5) Fast Ethernet Adapter) ->
{3F563A29-65E7-4EF5-9038-B645C7A17045} -> () ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
ipp\0x00000001 -> %SystemDrive%\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL -> File not found
msdaipp -> Reg Data - Key not found -> File not found
msdaipp\0x00000001 -> %SystemDrive%\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL -> File not found
msdaipp\oledb -> %SystemDrive%\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{01010200-5E80-11D8-9E86-0007E96C65AE} -> SupportSoft Installer - CodeBase = http://echat.qwest.supportsoft.com/sdccommon/download/tgctlins.cab ->
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} -> CKAVWebScan Object - CodeBase = http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab ->
{166B1BCA-3F9C-11CF-8075-444553540000} -> Shockwave ActiveX Control - CodeBase = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab ->
{17D72920-7A15-11D4-921E-0080C8DA7A5E} -> AimSp32 Class - CodeBase = http://makeover.ivillage.co.uk/save/makeover.cab ->
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -> YInstStarter Class - CodeBase = C:\Program Files\Yahoo!\Common\yinsthelper.dll ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.5.0_03 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab ->
{A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} -> InetDownload Class - CodeBase = https://media.pineconeresearch.com/ActiveX/downloadcontrol.cab ->
{B9940246-4344-4D1B-BD82-DBAF7E657FF9} -> AudioClient Control - CodeBase = http://mtstandard.serveftp.net:19141/SysCamInst.cab ->
{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_03 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab ->


[Files/Folders - Created Within 30 days]
$VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG -> [Folder | Created Date = 4/2/2007 1:16:57 PM | Attr = RH ]
avg7qt.dat -> %SystemDrive%\avg7qt.dat -> [Ver = | Size = 12220047 bytes | Created Date = 4/3/2007 8:09:35 AM | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 268029952 bytes | Created Date = 1/1/1601 7:00:00 AM | Attr = HS]
cache -> %SystemRoot%\cache -> [Folder | Created Date = 3/23/2007 9:34:10 AM | Attr = ]
gmer.dll -> %SystemRoot%\gmer.dll -> [Ver = 1, 0, 12, 12086 | Size = 565311 bytes | Created Date = 4/1/2007 2:09:39 PM | Attr = ]
gmer.exe -> %SystemRoot%\gmer.exe -> [Ver = 1, 0, 12, 12086 | Size = 573440 bytes | Created Date = 4/1/2007 2:09:39 PM | Attr = R ]
@Alternate Data Stream - 0 bytes -> %SystemRoot%\gmer.exe:Zone.Identifier ->
gmer.ini -> %SystemRoot%\gmer.ini -> [Ver = | Size = 250 bytes | Created Date = 4/1/2007 2:09:41 PM | Attr = ]
gmer_uninstall.cmd -> %SystemRoot%\gmer_uninstall.cmd -> [Ver = | Size = 80 bytes | Created Date = 4/1/2007 2:09:39 PM | Attr = ]
Minidump -> %SystemRoot%\Minidump -> [Folder | Created Date = 4/1/2007 2:11:18 PM | Attr = ]
Paltalk Messenger -> %SystemRoot%\Paltalk Messenger -> [Folder | Created Date = 3/26/2007 12:16:13 PM | Attr = ]
YAHELITE.INI -> %SystemRoot%\YAHELITE.INI -> [Ver = | Size = 2376 bytes | Created Date = 3/25/2007 4:39:30 PM | Attr = ]
ipv6mons.dll -> %System32%\ipv6mons.dll -> [Ver = | Size = 46176 bytes | Created Date = 3/30/2007 7:40:47 AM | Attr = ]
Kaspersky Lab -> %System32%\Kaspersky Lab -> [Folder | Created Date = 4/1/2007 11:00:19 AM | Attr = ]
winctl.dll -> %System32%\winctl.dll -> [Ver = | Size = 9728 bytes | Created Date = 3/30/2007 1:12:22 PM | Attr = ]
avg7core.sys -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.444 | Size = 775680 bytes | Created Date = 4/1/2007 10:07:24 PM | Attr = ]
avg7rsw.sys -> %System32%\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Created Date = 4/1/2007 10:07:42 PM | Attr = ]
avg7rsxp.sys -> %System32%\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Created Date = 4/1/2007 10:07:43 PM | Attr = ]
AvgAsCln.sys -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 4/1/2007 1:59:21 PM | Attr = ]
avgclean.sys -> %System32%\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 4/1/2007 10:07:48 PM | Attr = ]
avgmfx86.sys -> %System32%\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 19392 bytes | Created Date = 4/1/2007 10:07:46 PM | Attr = ]
avgtdi.sys -> %System32%\drivers\avgtdi.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,346 | Size = 4960 bytes | Created Date = 4/1/2007 10:07:46 PM | Attr = ]
gmer.sys -> %System32%\drivers\gmer.sys -> GMER [Ver = 1, 0, 12, 3816 | Size = 68993 bytes | Created Date = 4/1/2007 2:09:39 PM | Attr = ]

[Files/Folders - Modified Within 30 days]
$VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG -> [Folder | Modified Date = 4/2/2007 1:16:58 PM | Attr = RH ]
avg7qt.dat -> %SystemDrive%\avg7qt.dat -> [Ver = | Size = 12220047 bytes | Modified Date = 4/3/2007 8:09:36 AM | Attr = ]
boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 211 bytes | Modified Date = 4/2/2007 5:39:36 PM | Attr = HS]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 268029952 bytes | Modified Date = 4/3/2007 10:47:30 AM | Attr = HS]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 4/1/2007 9:42:10 PM | Attr = R ]
System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 4/2/2007 4:58:34 PM | Attr = HS]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 4/1/2007 10:06:38 PM | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 4/3/2007 10:47:48 AM | Attr = S]
cache -> %SystemRoot%\cache -> [Folder | Modified Date = 3/23/2007 9:34:12 AM | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 4/1/2007 11:00:26 AM | Attr = S]
gmer.dll -> %SystemRoot%\gmer.dll -> [Ver = 1, 0, 12, 12086 | Size = 565311 bytes | Modified Date = 4/1/2007 2:09:40 PM | Attr = ]
gmer.exe -> %SystemRoot%\gmer.exe -> [Ver = 1, 0, 12, 12086 | Size = 573440 bytes | Modified Date = 3/7/2007 3:52:36 PM | Attr = R ]
@Alternate Data Stream - 0 bytes -> %SystemRoot%\gmer.exe:Zone.Identifier ->
gmer.ini -> %SystemRoot%\gmer.ini -> [Ver = | Size = 250 bytes | Modified Date = 4/1/2007 7:23:58 PM | Attr = ]
gmer_uninstall.cmd -> %SystemRoot%\gmer_uninstall.cmd -> [Ver = | Size = 80 bytes | Modified Date = 4/1/2007 2:09:40 PM | Attr = ]
If42le.ini -> %SystemRoot%\If42le.ini -> [Ver = | Size = 4519 bytes | Modified Date = 4/1/2007 1:12:44 PM | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1891 bytes | Modified Date = 3/6/2007 5:02:42 PM | Attr = ]
INF -> %SystemRoot%\INF -> [Folder | Modified Date = 4/1/2007 11:00:20 AM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 3/30/2007 10:28:14 AM | Attr = HS]
Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 4/1/2007 7:25:48 PM | Attr = ]
Paltalk Messenger -> %SystemRoot%\Paltalk Messenger -> [Folder | Modified Date = 3/26/2007 12:16:14 PM | Attr = ]
ppa_if.bmp -> %SystemRoot%\ppa_if.bmp -> [Ver = | Size = 840862 bytes | Modified Date = 3/29/2007 8:01:22 PM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 4/2/2007 6:10:58 PM | Attr = ]
pss -> %SystemRoot%\pss -> [Folder | Modified Date = 4/2/2007 5:31:54 PM | Attr = ]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 4/2/2007 2:47:34 PM | Attr = ]
SYSTEM -> %SystemRoot%\SYSTEM -> [Folder | Modified Date = 4/1/2007 10:06:38 PM | Attr = ]
system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 4/2/2007 5:39:36 PM | Attr = ]
SYSTEM32 -> %System32% -> [Folder | Modified Date = 4/2/2007 1:16:58 PM | Attr = ]
@Alternate Data Stream - 74620 bytes -> %System32%:lzx32.sys ->
TEMP -> %SystemRoot%\TEMP -> [Folder | Modified Date = 4/3/2007 10:57:14 AM | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 612 bytes | Modified Date = 4/2/2007 5:39:36 PM | Attr = ]
YAHELITE.INI -> %SystemRoot%\YAHELITE.INI -> [Ver = | Size = 2376 bytes | Modified Date = 3/25/2007 5:03:50 PM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 3/31/2007 9:49:34 AM | Attr = H ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 4/1/2007 11:00:12 AM | Attr = ]
DRIVERS -> %System32%\DRIVERS -> [Folder | Modified Date = 4/1/2007 10:07:50 PM | Attr = ]
imon1.dat -> %System32%\imon1.dat -> [Ver = | Size = 275 bytes | Modified Date = 3/29/2007 7:49:32 PM | Attr = ]
ipv6mons.dll -> %System32%\ipv6mons.dll -> [Ver = | Size = 46176 bytes | Modified Date = 3/30/2007 7:40:48 AM | Attr = ]
Kaspersky Lab -> %System32%\Kaspersky Lab -> [Folder | Modified Date = 4/1/2007 11:00:20 AM | Attr = ]
Restore -> %System32%\Restore -> [Folder | Modified Date = 4/2/2007 4:58:34 PM | Attr = ]
winctl.dll -> %System32%\winctl.dll -> [Ver = | Size = 9728 bytes | Modified Date = 3/31/2007 4:31:52 PM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2278 bytes | Modified Date = 3/31/2007 9:39:12 AM | Attr = ]
avg7core.sys -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.444 | Size = 775680 bytes | Modified Date = 4/1/2007 10:07:26 PM | Attr = ]
avg7rsw.sys -> %System32%\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Modified Date = 4/1/2007 10:07:44 PM | Attr = ]
avg7rsxp.sys -> %System32%\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Modified Date = 4/1/2007 10:07:44 PM | Attr = ]
avgclean.sys -> %System32%\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Modified Date = 4/1/2007 10:07:50 PM | Attr = ]
avgmfx86.sys -> %System32%\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 19392 bytes | Modified Date = 4/1/2007 10:07:48 PM | Attr = ]
avgtdi.sys -> %System32%\drivers\avgtdi.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,346 | Size = 4960 bytes | Modified Date = 4/1/2007 10:07:48 PM | Attr = ]
etc -> %System32%\drivers\etc -> [Folder | Modified Date = 3/30/2007 4:01:50 PM | Attr = ]
gmer.sys -> %System32%\drivers\gmer.sys -> GMER [Ver = 1, 0, 12, 3816 | Size = 68993 bytes | Modified Date = 4/1/2007 2:09:40 PM | Attr = ]

[File String Scan - Non-Microsoft Only]
@Alternate Data Stream - 0 bytes -> %SystemRoot%\gmer.exe:Zone.Identifier ->
@Alternate Data Stream - 74620 bytes -> %System32%:lzx32.sys ->
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 8/16/2004 5:48:32 PM | Attr = ]
Thawte Consulting , -> %System32%\rmoc3260.dll -> RealNetworks, Inc. [Ver = 6.0.9.2568 | Size = 185952 bytes | Modified Date = 2/25/2007 1:50:36 PM | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 8/16/2004 5:49:40 PM | Attr = ]
UPX! , UPX0 , -> %System32%\winctl.dll -> [Ver = | Size = 9728 bytes | Modified Date = 3/31/2007 4:31:52 PM | Attr = ]
UPX! , FSG! , PEC2 , aspack , -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.444 | Size = 775680 bytes | Modified Date = 4/1/2007 10:07:26 PM | Attr = ]

< End of report >

 

Excellent... will need a bit of time to go through this.

Might not be able to get back to you till I get home from work though.

Just a quick scan of the log showed me a few things. One being the presence of a RootKit.

Also noted some things we can do to free up some space on your C:\ Drive. As I said before though... we will take of that once we've got your PC cleaned up.

 

Ok, no problem. Thanks for helping me so much. It's much appreciated!

 

OK... lets get rid of the RootKit first.

Download RustBFix from one of the following locations...

http://www.uploads.ejvindh.net/rustbfix.exe

http://uploads.ejvindh.andymanchesta.com/Rustbfix.exe

...and save it to your desktop.

Double click on rustbfix.exe to run the tool. If a Rustock.b-infection is found, you will shortly hereafter be asked to reboot the computer. The reboot will probably take quite a while, and perhaps 2 reboots will be needed. But this will happen automatically. After the reboot 2 logfiles will open (%root%\avenger.txt & %root%\rustbfix\pelog.txt). Post the content of these logfiles along with a new HijackThis log.

 

************************* Rustock.b-fix -- By ejvindh *************************
Tue 04/03/2007 18:25:54.30

******************* Pre-run Status of system *******************

Rootkit driver PE386 is found. Starting the unload-procedure....

Rustock.b-ADS attached to the System32-folder:
:lzx32.sys 74620
Total size: 74620 bytes.
Attempting to remove ADS...
system32: deleted 74620 bytes in 1 streams.

Looking for Rustock.b-files in the System32-folder:
system32\lzx32.sys FOUND!
attempting to delete lzx32.sys from system32-folder


******************* Post-run Status of system *******************

Rustock.b-driver on the system: NONE!

Rustock.b-ADS attached to the System32-folder:
No System32-ADS found.

Looking for Rustock.b-files in the System32-folder:
No Rustock.b-files found in system32


******************************* End of Logfile ********************************

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\dvtubxyw

*******************

Script file located at: \??\C:\Program Files\bxvidevt.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Driver PE386 unloaded successfully.
Program C:\Rustbfix\2run.bat successfully set up to run once on reboot.

Completed script processing.

*******************

Finished! Terminate.

Now I will do the Hijack report... in next reply.

 

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 6:37:15 PM, on 4/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Trisha\Local Settings\Temporary Internet Files\Content.IE5\NX1G3RHH\HiJackThis_v2.0.0.0[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - f:\program files\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [winctl] winctl.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Google] C:\WINDOWS\TEMP\BBD0.tmp
O4 - HKLM\..\Run: [D_V_T] C:\\dvt.exe /S \C:\\d_v_t.reg\
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [FormAutoFill] C:\Program Files\FormAutoFill\faf.exe
O4 - HKCU\..\Run: [Brave-Sentry] C:\Program Files\BraveSentry\BraveSentry.exe
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User '?')
O4 - HKUS\S-1-5-21-2052111302-1935655697-1343024091-1004\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-2052111302-1935655697-1343024091-1004\..\Run: [Brave-Sentry] C:\Program Files\BraveSentry\BraveSentry.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: PalStart.lnk = C:\Program Files\Paltalk Messenger\palstart.exe
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01010200-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Installer) - http://echat.qwest.supportsoft.com/sdccommon/download/tgctlins.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://makeover.ivillage.co.uk/save/makeover.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/ActiveX/downloadcontrol.cab
O16 - DPF: {B9940246-4344-4D1B-BD82-DBAF7E657FF9} (AudioClient Control) - http://mtstandard.serveftp.net:19141/SysCamInst.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

--
End of file - 6330 bytes

 

OK... you're doing great

Now start WinPFind3U. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

The fix should only take a very short time and then you will be asked if you want to reboot. Choose Yes.

Once back in Windows post the following back here:

[*] a new WinPFind3U report
[*] the latest .log file from the WinPFind3u folder (it will have a name in the format mmddyyyy_hhmmss.log)

I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

 

It didn't ask me to reboot.[Registry - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\winctl deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Brave-Sentry deleted successfully.
DNS NameServer information removed successfully for adapter:
[Files/Folders - Created Within 30 days]
C:\WINDOWS\SYSTEM32\ipv6mons.dll moved successfully.
C:\WINDOWS\SYSTEM32\winctl.dll moved successfully.
[Files/Folders - Modified Within 30 days]
C:\WINDOWS\If42le.ini moved successfully.
C:\WINDOWS\imsins.BAK moved successfully.
File C:\WINDOWS\SYSTEM32\ipv6mons.dll not found!
File C:\WINDOWS\SYSTEM32\winctl.dll not found!
[File String Scan - Non-Microsoft Only]
File C:\WINDOWS\SYSTEM32\winctl.dll not found!
< End of log >
Created on 04/03/2007 18:45:59
___________________________________________________________________

I guess this is the log file you were talking about... right?
[Registry - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\winctl deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Brave-Sentry deleted successfully.
DNS NameServer information removed successfully for adapter:
[Files/Folders - Created Within 30 days]
C:\WINDOWS\SYSTEM32\ipv6mons.dll moved successfully.
C:\WINDOWS\SYSTEM32\winctl.dll moved successfully.
[Files/Folders - Modified Within 30 days]
C:\WINDOWS\If42le.ini moved successfully.
C:\WINDOWS\imsins.BAK moved successfully.
File C:\WINDOWS\SYSTEM32\ipv6mons.dll not found!
File C:\WINDOWS\SYSTEM32\winctl.dll not found!
[File String Scan - Non-Microsoft Only]
File C:\WINDOWS\SYSTEM32\winctl.dll not found!
< End of log >
Created on 04/03/2007 18:45:59

 

Can I get you run WinPFind through another scan and post the new log please.

Thanks

 

WinPFind3 logfile created on: 4/3/2007 7:29:01 PM
WinPFind3U by OldTimer - Version 1.0.33 Folder = C:\Documents and Settings\Trisha\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)

255.55 Mb Total Physical Memory | 78.11 Mb Available Physical Memory | 30.56% Memory free
617.19 Mb Paging File | 463.64 Mb Available in Paging File | 75.12% Paging File free
Paging file location(s): C:\pagefile.sys 384 768;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 2.39 Gb Total Space | 0.30 Gb Free Space | 12.53% Space Free
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 31.47 Gb Total Space | 31.14 Gb Free Space | 98.94% Space Free

Computer Name: HOME
Current User Name: Trisha
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - Non-Microsoft Only]
avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.445 | Size = 353792 bytes | Modified Date = 4/1/2007 10:06:54 PM | Attr = ]
avgemc.exe -> %ProgramFiles%\Grisoft\AVG7\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 324096 bytes | Modified Date = 4/1/2007 10:06:56 PM | Attr = ]
avgupsvc.exe -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 4/1/2007 10:07:00 PM | Attr = ]
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3760 | Size = 185896 bytes | Modified Date = 2/25/2007 1:50:02 PM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.33.0 | Size = 318464 bytes | Modified Date = 4/2/2007 10:01:54 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 9/28/2006 7:13:20 AM | Attr = ]
(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.445 | Size = 353792 bytes | Modified Date = 4/1/2007 10:06:54 PM | Attr = ]
(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 4/1/2007 10:07:00 PM | Attr = ]
(AVGEMS) AVG E-mail Scanner [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 324096 bytes | Modified Date = 4/1/2007 10:06:56 PM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/3/2004 5:56:50 PM | Attr = ]
(gusvc) Google Updater Service [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 3/3/2007 12:35:10 PM | Attr = ]
(mmupdate) Macromedia Updater [Win32_Own | Disabled | Stopped] -> %SystemRoot%\TEMP\E64.tmp -> File not found
(Pctspk) PCTEL Speaker Phone [Win32_Own | Disabled | Stopped] -> %System32%\pctspk.exe -> PCtel, Inc. [Ver = 4.00 | Size = 86016 bytes | Modified Date = 8/17/2001 3:36:54 PM | Attr = ]
(STI Simulator) STI Simulator [Win32_Own | Disabled | Stopped] -> %System32%\PAStiSvc.exe -> [Ver = | Size = 53248 bytes | Modified Date = 1/14/2005 9:32:38 AM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
{0228e555-4f9c-4e35-a3ec-b109a192b4c2} -> %ProgramFiles%\Google\Gmail Notifier\gnotify.exe -> Google Inc. [Ver = 1.0.25.0 | Size = 479232 bytes | Modified Date = 7/15/2005 2:48:34 PM | Attr = ]
AVG7_CC -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.438 | Size = 411648 bytes | Modified Date = 4/1/2007 10:06:54 PM | Attr = ]
D_V_T -> -> File not found
Google -> %SystemRoot%\TEMP\BBD0.tmp -> File not found
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3760 | Size = 185896 bytes | Modified Date = 2/25/2007 1:50:02 PM | Attr = ]
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
FormAutoFill -> %ProgramFiles%\FormAutoFill\faf.exe -> File not found
MSMSGS -> %ProgramFiles%\Messenger\msmsgs.exe -> File not found
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup
%AllUsersStartup%\PalStart.lnk -> %ProgramFiles%\Paltalk Messenger\palstart.exe -> [Ver = | Size = 45568 bytes | Modified Date = 3/23/2007 8:34:14 PM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< HOSTS File > (798 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts
127.0.0.1 localhost -> ->
127.0.0.1 advertising.paltalk.com -> ->
127.0.0.1 c5.zedo.com -> ->
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://www.yahoo.com/ ->
HKLM: Main\\Default_Search_URL -> http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Bar -> http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html ->
HKLM: Search Page -> http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com ->
HKLM: Start Page -> http://www.yahoo.com/ ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: Search\\Default_Search_URL -> http://www.google.com/ie ->
HKLM: SearchAssistant -> http://www.google.com/ie ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Bar -> http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html ->
HKCU: Search Page -> http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com ->
HKCU: Start Page -> http://www.google.com ->
HKCU: SearchAssistant -> http://www.google.com/ie ->
HKCU: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> Reg Data - Key not found [Yahoo! Toolbar] -> File not found
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> f:\program files\Reader\ActiveX\AcroIEHelper.ocx [AcroIEHlprObj Class] -> [Ver = 1, 0, 0, 1 | Size = 37808 bytes | Modified Date = 4/16/2001 4:39:02 PM | Attr = ]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> %ProgramFiles%\Google\googletoolbar2.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R ]
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R ]
WebBrowser\\{724D43A0-0D85-11D4-9908-00400523E39A} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> Reg Data - Key not found [Yahoo! Toolbar] -> File not found
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_03\bin\npjpi150_03.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.30.7 | Size = 69746 bytes | Modified Date = 4/13/2005 4:06:32 AM | Attr = ]
{4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} -> %ProgramFiles%\Paltalk Messenger\paltalk.exe [ButtonText: PalTalk] -> AVM Software Inc. [Ver = 9.88.2129.0 | Size = 10874880 bytes | Modified Date = 3/23/2007 8:41:32 PM | Attr = ]
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [ButtonText: Yahoo! Messenger] -> Yahoo! Inc. [Ver = 8,1,0,209 | Size = 4662776 bytes | Modified Date = 11/30/2006 9:49:04 PM | Attr = ]
{FB5F1910-F110-11d2-BB9E-00C04F795683} -> %ProgramFiles%\Messenger\msmsgs.exe [ButtonText: Messenger] -> File not found
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
Yahoo! &SMS -> %ProgramFiles%\Yahoo!\Common\ycsms.htm -> File not found
< Internet Explorer Plugins [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension\
.spop -> %ProgramFiles%\Internet Explorer\PLUGINS\NPDocBox.dll [Reg Data - Value does not exist] -> Intertrust Technologies, Inc. [Ver = 1.0.0.32 | Size = 270336 bytes | Modified Date = 8/1/2001 5:05:42 PM | Attr = ]
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
SV1 -> ->
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{0397AAD7-2CE6-44D1-8C6F-1491DBCEE7B4} -> (Linksys LNE100TX(v5) Fast Ethernet Adapter) ->
{3F563A29-65E7-4EF5-9038-B645C7A17045} -> () ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
ipp\0x00000001 -> %SystemDrive%\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL -> File not found
msdaipp -> Reg Data - Key not found -> File not found
msdaipp\0x00000001 -> %SystemDrive%\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL -> File not found
msdaipp\oledb -> %SystemDrive%\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{01010200-5E80-11D8-9E86-0007E96C65AE} -> SupportSoft Installer - CodeBase = http://echat.qwest.supportsoft.com/sdccommon/download/tgctlins.cab ->
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} -> CKAVWebScan Object - CodeBase = http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab ->
{166B1BCA-3F9C-11CF-8075-444553540000} -> Shockwave ActiveX Control - CodeBase = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab ->
{17D72920-7A15-11D4-921E-0080C8DA7A5E} -> AimSp32 Class - CodeBase = http://makeover.ivillage.co.uk/save/makeover.cab ->
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -> YInstStarter Class - CodeBase = C:\Program Files\Yahoo!\Common\yinsthelper.dll ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.5.0_03 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab ->
{A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} -> InetDownload Class - CodeBase = https://media.pineconeresearch.com/ActiveX/downloadcontrol.cab ->
{B9940246-4344-4D1B-BD82-DBAF7E657FF9} -> AudioClient Control - CodeBase = http://mtstandard.serveftp.net:19141/SysCamInst.cab ->
{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_03 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab ->


[Files/Folders - Created Within 30 days]
$VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG -> [Folder | Created Date = 4/2/2007 1:16:57 PM | Attr = RH ]
avenger -> %SystemDrive%\avenger -> [Folder | Created Date = 4/3/2007 6:32:28 PM | Attr = ]
avg7qt.dat -> %SystemDrive%\avg7qt.dat -> [Ver = | Size = 12220047 bytes | Created Date = 4/3/2007 8:09:35 AM | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 268029952 bytes | Created Date = 1/1/1601 7:00:00 AM | Attr = HS]
Rustbfix -> %SystemDrive%\Rustbfix -> [Folder | Created Date = 4/3/2007 6:25:52 PM | Attr = ]
cache -> %SystemRoot%\cache -> [Folder | Created Date = 3/23/2007 9:34:10 AM | Attr = ]
gmer.dll -> %SystemRoot%\gmer.dll -> [Ver = 1, 0, 12, 12086 | Size = 565311 bytes | Created Date = 4/1/2007 2:09:39 PM | Attr = ]
gmer.exe -> %SystemRoot%\gmer.exe -> [Ver = 1, 0, 12, 12086 | Size = 573440 bytes | Created Date = 4/1/2007 2:09:39 PM | Attr = R ]
@Alternate Data Stream - 0 bytes -> %SystemRoot%\gmer.exe:Zone.Identifier ->
gmer.ini -> %SystemRoot%\gmer.ini -> [Ver = | Size = 250 bytes | Created Date = 4/1/2007 2:09:41 PM | Attr = ]
gmer_uninstall.cmd -> %SystemRoot%\gmer_uninstall.cmd -> [Ver = | Size = 80 bytes | Created Date = 4/1/2007 2:09:39 PM | Attr = ]
Minidump -> %SystemRoot%\Minidump -> [Folder | Created Date = 4/1/2007 2:11:18 PM | Attr = ]
Paltalk Messenger -> %SystemRoot%\Paltalk Messenger -> [Folder | Created Date = 3/26/2007 12:16:13 PM | Attr = ]
YAHELITE.INI -> %SystemRoot%\YAHELITE.INI -> [Ver = | Size = 2376 bytes | Created Date = 3/25/2007 4:39:30 PM | Attr = ]
Kaspersky Lab -> %System32%\Kaspersky Lab -> [Folder | Created Date = 4/1/2007 11:00:19 AM | Attr = ]
avg7core.sys -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.444 | Size = 775680 bytes | Created Date = 4/1/2007 10:07:24 PM | Attr = ]
avg7rsw.sys -> %System32%\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Created Date = 4/1/2007 10:07:42 PM | Attr = ]
avg7rsxp.sys -> %System32%\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Created Date = 4/1/2007 10:07:43 PM | Attr = ]
AvgAsCln.sys -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 4/1/2007 1:59:21 PM | Attr = ]
avgclean.sys -> %System32%\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 4/1/2007 10:07:48 PM | Attr = ]
avgmfx86.sys -> %System32%\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 19392 bytes | Created Date = 4/1/2007 10:07:46 PM | Attr = ]
avgtdi.sys -> %System32%\drivers\avgtdi.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,346 | Size = 4960 bytes | Created Date = 4/1/2007 10:07:46 PM | Attr = ]
gmer.sys -> %System32%\drivers\gmer.sys -> GMER [Ver = 1, 0, 12, 3816 | Size = 68993 bytes | Created Date = 4/1/2007 2:09:39 PM | Attr = ]

[Files/Folders - Modified Within 30 days]
$VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG -> [Folder | Modified Date = 4/2/2007 1:16:58 PM | Attr = RH ]
avenger -> %SystemDrive%\avenger -> [Folder | Modified Date = 4/3/2007 6:32:30 PM | Attr = ]
avg7qt.dat -> %SystemDrive%\avg7qt.dat -> [Ver = | Size = 12220047 bytes | Modified Date = 4/3/2007 8:09:36 AM | Attr = ]
boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 211 bytes | Modified Date = 4/2/2007 5:39:36 PM | Attr = HS]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 268029952 bytes | Modified Date = 4/3/2007 6:30:44 PM | Attr = HS]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 4/3/2007 6:30:18 PM | Attr = R ]
Rustbfix -> %SystemDrive%\Rustbfix -> [Folder | Modified Date = 4/3/2007 6:31:52 PM | Attr = ]
System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 4/2/2007 4:58:34 PM | Attr = HS]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 4/3/2007 6:46:00 PM | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 4/3/2007 6:31:02 PM | Attr = S]
cache -> %SystemRoot%\cache -> [Folder | Modified Date = 3/23/2007 9:34:12 AM | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 4/1/2007 11:00:26 AM | Attr = S]
gmer.dll -> %SystemRoot%\gmer.dll -> [Ver = 1, 0, 12, 12086 | Size = 565311 bytes | Modified Date = 4/1/2007 2:09:40 PM | Attr = ]
gmer.exe -> %SystemRoot%\gmer.exe -> [Ver = 1, 0, 12, 12086 | Size = 573440 bytes | Modified Date = 3/7/2007 3:52:36 PM | Attr = R ]
@Alternate Data Stream - 0 bytes -> %SystemRoot%\gmer.exe:Zone.Identifier ->
gmer.ini -> %SystemRoot%\gmer.ini -> [Ver = | Size = 250 bytes | Modified Date = 4/1/2007 7:23:58 PM | Attr = ]
gmer_uninstall.cmd -> %SystemRoot%\gmer_uninstall.cmd -> [Ver = | Size = 80 bytes | Modified Date = 4/1/2007 2:09:40 PM | Attr = ]
INF -> %SystemRoot%\INF -> [Folder | Modified Date = 4/1/2007 11:00:20 AM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 3/30/2007 10:28:14 AM | Attr = HS]
Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 4/1/2007 7:25:48 PM | Attr = ]
Paltalk Messenger -> %SystemRoot%\Paltalk Messenger -> [Folder | Modified Date = 3/26/2007 12:16:14 PM | Attr = ]
ppa_if.bmp -> %SystemRoot%\ppa_if.bmp -> [Ver = | Size = 840862 bytes | Modified Date = 3/29/2007 8:01:22 PM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 4/2/2007 6:10:58 PM | Attr = ]
pss -> %SystemRoot%\pss -> [Folder | Modified Date = 4/2/2007 5:31:54 PM | Attr = ]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 4/2/2007 2:47:34 PM | Attr = ]
SYSTEM -> %SystemRoot%\SYSTEM -> [Folder | Modified Date = 4/1/2007 10:06:38 PM | Attr = ]
system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 4/2/2007 5:39:36 PM | Attr = ]
SYSTEM32 -> %System32% -> [Folder | Modified Date = 4/3/2007 6:46:00 PM | Attr = ]
TEMP -> %SystemRoot%\TEMP -> [Folder | Modified Date = 4/3/2007 6:26:00 PM | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 612 bytes | Modified Date = 4/2/2007 5:39:36 PM | Attr = ]
YAHELITE.INI -> %SystemRoot%\YAHELITE.INI -> [Ver = | Size = 2376 bytes | Modified Date = 3/25/2007 5:03:50 PM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 3/31/2007 9:49:34 AM | Attr = H ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 4/1/2007 11:00:12 AM | Attr = ]
DRIVERS -> %System32%\DRIVERS -> [Folder | Modified Date = 4/3/2007 6:32:30 PM | Attr = ]
imon1.dat -> %System32%\imon1.dat -> [Ver = | Size = 275 bytes | Modified Date = 3/29/2007 7:49:32 PM | Attr = ]
Kaspersky Lab -> %System32%\Kaspersky Lab -> [Folder | Modified Date = 4/1/2007 11:00:20 AM | Attr = ]
Restore -> %System32%\Restore -> [Folder | Modified Date = 4/2/2007 4:58:34 PM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2278 bytes | Modified Date = 3/31/2007 9:39:12 AM | Attr = ]
avg7core.sys -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.444 | Size = 775680 bytes | Modified Date = 4/1/2007 10:07:26 PM | Attr = ]
avg7rsw.sys -> %System32%\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Modified Date = 4/1/2007 10:07:44 PM | Attr = ]
avg7rsxp.sys -> %System32%\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Modified Date = 4/1/2007 10:07:44 PM | Attr = ]
avgclean.sys -> %System32%\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Modified Date = 4/1/2007 10:07:50 PM | Attr = ]
avgmfx86.sys -> %System32%\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 19392 bytes | Modified Date = 4/1/2007 10:07:48 PM | Attr = ]
avgtdi.sys -> %System32%\drivers\avgtdi.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,346 | Size = 4960 bytes | Modified Date = 4/1/2007 10:07:48 PM | Attr = ]
etc -> %System32%\drivers\etc -> [Folder | Modified Date = 3/30/2007 4:01:50 PM | Attr = ]
gmer.sys -> %System32%\drivers\gmer.sys -> GMER [Ver = 1, 0, 12, 3816 | Size = 68993 bytes | Modified Date = 4/1/2007 2:09:40 PM | Attr = ]

[File String Scan - Non-Microsoft Only]
@Alternate Data Stream - 0 bytes -> %SystemRoot%\gmer.exe:Zone.Identifier ->
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 8/16/2004 5:48:32 PM | Attr = ]
Thawte Consulting , -> %System32%\rmoc3260.dll -> RealNetworks, Inc. [Ver = 6.0.9.2568 | Size = 185952 bytes | Modified Date = 2/25/2007 1:50:36 PM | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 8/16/2004 5:49:40 PM | Attr = ]
UPX! , FSG! , PEC2 , aspack , -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.444 | Size = 775680 bytes | Modified Date = 4/1/2007 10:07:26 PM | Attr = ]

< End of report >

 

Looks good!

How is your PC behaving?

 

It's running just fine.

 

Excellent!

Now... lets see if we can reclaim some space on your C: Drive.

System Restore and the Hibernation feature in XP can take up some space.

So...

Right click on the My Computer icon on your Desktop and choose Properties. Click on the System Restore tab. Hilite the C: Drive and click the Settings button. This should open up another window with a slider. Drag the slider not all the way to the left... but to the last tick mark under the slider line and click OK. Close that Window when done and the close the System Properties window.

Next click Start>Control Panel>Performance and Maintenance>Power Options. Click the Hiberate tab. Uncheck Enable Hibernation.

Reboot.

Doing that should have cleared up quite a bit of space on your C: Drive.

Let me know how it goes.

 

Yes, that helped tremendously!

 

Great!

Anything else you are concerned about Trisha?

 

Well, just wondering what programs would be okay to delete. Like since I have the AVG Spy Ware scan... should I still keep Adaware?
Also, I want you to know that I really appreciate all of your help. There is no way I could have done any of this on my own. Thank you so much!

 

Oh, also... do you suggest a good popup blocker? I am pretty sure that (a pop up) is what caused all of this trouble.