ooh it is nice to see all of my icons in the system tray again.
Folder RECYCLER is still on the G drive with a recycle bin image inside it at 85bytes. I cannot delete this so should I run avenger again on this drive?
Log file from ComboFix - Sorry had to split the log as the message was too big
ComboFix 09-01-01.02 - Parents 2009-01-03 15:56:52.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1511 [GMT 0:00]
Running from: c:\documents and settings\Parents\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\Downloaded Program Files\setup.inf
c:\windows\system32\drivers\msqpdxwosruwbi.sys
c:\windows\system32\msqpdxvkkdqvmy.dll
.
((((((((((((((((((((((((( Files Created from 2008-12-03 to 2009-01-03 )))))))))))))))))))))))))))))))
.
2009-01-03 12:56 . 2009-01-03 12:56
d-------- c:\program files\Trend Micro
2009-01-02 22:43 . 2009-01-02 22:43 d-------- c:\documents and settings\All Users\Application Data\Uniblue
2008-12-24 12:30 . 2008-12-24 12:30 d-------- c:\documents and settings\Parents\Contacts
2008-12-24 12:29 . 2008-12-24 12:29 d-------- c:\program files\Windows Live
2008-12-24 12:29 . 2008-12-24 12:29 d--hs---- c:\program files\Common Files\WindowsLiveInstaller
2008-12-24 12:29 . 2008-12-24 12:29 d-------- c:\documents and settings\All Users\Application Data\WLInstaller
2008-12-17 19:06 . 2008-12-17 19:06 d-------- c:\program files\iPod
2008-12-17 19:06 . 2008-12-17 19:06 d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-06 18:04 . 2009-01-02 17:05 640 --a------ c:\windows\system32\SGLCH32.USR
2008-12-06 18:04 . 2009-01-02 17:05 125 --a------ c:\windows\system32\SageInformer50.ssf
2008-12-06 18:00 . 2008-12-06 18:00 d-------- c:\program files\Common Files\InstallEngine
2008-12-06 17:58 . 2008-12-06 17:58 d-------- c:\program files\Common Files\Sage Shared
2008-12-06 17:58 . 2008-12-06 17:58 d-------- c:\program files\Common Files\Sage Line50
2008-12-06 17:56 . 2008-12-06 17:56 d-------- c:\program files\Sage
2008-12-06 17:56 . 2008-12-06 17:56 d-------- c:\program files\Common Files\Sage SBD
2008-12-06 17:56 . 2008-12-06 17:56 d-------- c:\program files\Common Files\Sage Report Designer 2007
2008-12-06 17:56 . 2008-12-06 17:56 d-------- c:\documents and settings\All Users\Application Data\Sage
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-13 06:40 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll
2008-12-12 03:28 36,272 ----a-r c:\windows\system32\drivers\SymIM.sys
2008-11-17 07:10 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2008-11-13 20:41 --------- d-----w c:\program files\Common Files\PCSuite
2008-11-13 20:41 --------- d-----w c:\program files\Common Files\Nokia
2008-11-13 05:17 --------- d-----r c:\program files\Norton Support
2008-11-06 17:47 --------- d-----w c:\program files\Apple Software Update
2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
2008-10-16 14:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 14:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 14:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 14:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 14:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 14:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 14:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 14:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 14:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 14:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-16 13:11 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-10-15 17:34 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-15 07:06 633,632 ------w c:\windows\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-10-03 10:02 247,326 ------w c:\windows\system32\dllcache\strmdll.dll
2006-02-01 18:03 114,144 ----a-w c:\documents and settings\Parents\Application Data\GDIPFONTCACHEV1.DAT
2004-04-05 13:02 141,812 ----a-w c:\documents and settings\Parents\Winsock2.reg
2003-08-04 19:23 784 ----a-w c:\documents and settings\Parents\Application Data\mpauth.dat
2001-02-28 13:14 476,576 ----a-w c:\program files\SETUP.EXE
2000-12-12 11:17 100,432 ------w c:\program files\Win2000PPAHotfix.exe
2003-09-14 10:07 56 --sh--r c:\windows\system32\46C0110EBB.sys
2002-04-16 11:27 5 --sha-w c:\windows\system32\CdI5T.drv
2008-05-10 10:58 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008051020080511\index.dat
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 71,328 2006-03-09 11:47:52 c:\program files\Common Files\Symantec Shared\bak\ccApp.exe
----a-w 180,269 2006-04-26 17:24:34 c:\program files\Common Files\Real\Update_OB\bak\realsched.exe
----a-w 35,328 2002-01-28 09:43:00 c:\program files\MouseWare\system\bak\EM_EXEC.EXE
----a-w 131,072 2006-02-27 07:44:40 c:\program files\CA\eTrust PestPatrol\bak\PPActiveDetection.exe
----a-w 94,208 2002-01-24 20:41:12 c:\program files\QUICKENW\bak\QAGENT.EXE
----a-w 282,624 2006-05-17 09:21:48 c:\program files\QuickTime\bak\qttask.exe
----a-w 413,696 2008-11-04 10:30:50 c:\program files\QuickTime\QTTask.exe
----a-w 176,128 2002-07-30 01:22:34 c:\program files\Keymaestro\Multimedia Keyboard\bak\MMKeybd.exe
----a-w 278,528 2006-02-23 16:45:20 c:\program files\iTunes\bak\iTunesHelper.exe
----a-w 290,088 2008-11-20 13:20:54 c:\program files\iTunes\iTunesHelper.exe
----a-w 81,920 2004-08-22 17:05:02 c:\program files\D-Tools\bak\daemon.exe
----a-w 81,920 2004-08-22 17:05:02 c:\program files\D-Tools\daemon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-05-06 202088]
"EPSON Stylus D92 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIBZE.EXE" [2006-09-27 139264]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-10-02 1124352]
"Uniblue SpyEraser"="c:\program files\Uniblue\SpyEraser\SpyEraser.exe" [2008-01-08 1260296]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
""="c:\program files\Internet Explorer\iexplore.exe" [2008-10-15 633632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [N/A]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"PtiuPbmd"="ulutil2.dll" [2003-11-06 c:\windows\system32\ulutil2.dll]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Quicken Startup.lnk - c:\program files\QUICKENW\QWDLLS.EXE [2003-07-25 36864]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BTTray.lnk]
backup=c:\windows\pss\BTTray.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QAGENT
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
c:\program files\Alcatel\SpeedTouch USB\Dragdiag.exe [N/A]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
--a------ 2008-05-06 09:42 202088 c:\program files\TomTom HOME 2\HOMERunner.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CARPService]
--a------ 2001-12-23 17:02 4608 c:\windows\system32\carpserv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2002-06-19 02:44 46592 c:\windows\SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\MSMSGS.EXE"=
"c:\\Program Files\\AIM95\\aim.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"c:\\Program Files\\Real\\RealPlayer\\RealPlay.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\groove.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"63523:TCP"= 63523:TCP:PORT_63523
"40391:TCP"= 40391:TCP:PORT_40391
"9742:TCP"= 9742:TCP:PORT_9742
"37723:TCP"= 37723:TCP:PORT_37723
"9207:TCP"= 9207:TCP:PORT_9207
"25316:TCP"= 25316:TCP:PORT_25316
"21523:TCP"= 21523:TCP:PORT_21523
"27396:TCP"= 27396:TCP:PORT_27396
"23033:TCP"= 23033:TCP:PORT_23033
"58283:TCP"= 58283:TCP:PORT_58283
"54573:TCP"= 54573:TCP:PORT_54573
"41520:TCP"= 41520:TCP:PORT_41520
"7176:TCP"= 7176:TCP:PORT_7176
"13316:TCP"= 13316:TCP:PORT_13316
"52857:TCP"= 52857:TCP:PORT_52857
"9047:TCP"= 9047:TCP:PORT_9047
"38536:TCP"= 38536:TCP:PORT_38536
"59332:TCP"= 59332:TCP:PORT_59332
"46363:TCP"= 46363:TCP:PORT_46363
"63969:TCP"= 63969:TCP:PORT_63969
"54305:TCP"= 54305:TCP:PORT_54305
"24142:TCP"= 24142:TCP:PORT_24142
"65117:TCP"= 65117:TCP:PORT_65117
"57528:TCP"= 57528:TCP:PORT_57528
"63173:TCP"= 63173:TCP:PORT_63173
"40809:TCP"= 40809:TCP:PORT_40809
"32851:TCP"= 32851:TCP:PORT_32851