Tweaks.com Forum / Windows & System Security / HiJack This Logs / White X in a Red Circle in my System Tray / Latest PostsInstantForum.NET v4.1.4Tweaks.com Forum http://forum.tweaks.com/forum/forum@tweaks.comMon, 06 Oct 2008 19:49:09 GMT20RE: White X in a Red Circle in my System Trayhttp://forum.tweaks.com/forum/Topic239390-29-1.aspxYou're welcome:)Wed, 14 May 2008 12:21:02 GMTRichieUKRE: White X in a Red Circle in my System Trayhttp://forum.tweaks.com/forum/Topic239390-29-1.aspxthanks for all your help, I really appreciate it.Wed, 14 May 2008 10:31:45 GMTsundancekid726RE: White X in a Red Circle in my System Trayhttp://forum.tweaks.com/forum/Topic239390-29-1.aspxYour log is clean:),please do the following:<br><br>You should take the time to read and follow the information found in the links below,to help you prevent any possible future infections and stay safe and secure while online:<br><br>[b][color="blue"]Simple and easy ways to keep your computer safe and secure on the Internet[/color][/b]:<br>[url]http://www.bleepingcomputer.com/tutorials/tutorial82.html[/url]<br><br>[b][color="blue"]How to prevent Malware[/color][/b]:<br>[url]http://users.telenet.be/bluepatchy/miekiemoes/prevention.html[/url]<br><br>[B][color="blue"]So how did I get infected in the first place[/color][/B]:<br>[URL]http://forums.spybot.info/showthread.php?t=279[/URL]<br><br>[B][color="blue"]Malware Cleanup Programs and Preventative Procedures[/color][/B]: <br>[URL]http://russelltexas.com/malware/allclear.htm[/URL]<br><br>[b][color="blue"]Hardening Windows Security - Part 1[/color][/b]:<br>[url]http://www.malwarehelp.org/Malware-Prevention-Hardening-Windows-Security1.html[/url]<br><br>[b][color="blue"]Hardening Windows Security - Part 2[/color][/b]:<br>[url]http://www.malwarehelp.org/malware-prevention-hardening-windows-security2.html[/url]Wed, 14 May 2008 01:46:06 GMTRichieUKRE: White X in a Red Circle in my System Trayhttp://forum.tweaks.com/forum/Topic239390-29-1.aspxSorry that this took so long. Here is my latest hijack this log, everything seems to be running well.<BR><BR>Logfile of Trend Micro HijackThis v2.0.2<BR>Scan saved at 11:02:33 PM, on 5/13/2008<BR>Platform: Windows XP SP2 (WinNT 5.01.2600)<BR>MSIE: Internet Explorer v7.00 (7.00.6000.16640)<BR>Boot mode: Normal</P><P>Running processes:<BR>C:\WINDOWS\System32\smss.exe<BR>C:\WINDOWS\system32\winlogon.exe<BR>C:\WINDOWS\system32\services.exe<BR>C:\WINDOWS\system32\lsass.exe<BR>C:\WINDOWS\system32\svchost.exe<BR>C:\WINDOWS\System32\svchost.exe<BR>C:\WINDOWS\Explorer.EXE<BR>C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe<BR>C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe<BR>C:\WINDOWS\system32\LEXBCES.EXE<BR>C:\WINDOWS\system32\LEXPPS.EXE<BR>C:\WINDOWS\system32\spoolsv.exe<BR>C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe<BR>C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe<BR>C:\WINDOWS\System32\CTsvcCDA.exe<BR>C:\WINDOWS\System32\MsPMSPSv.exe<BR>C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe<BR>C:\Program Files\Dell\Media Experience\PCMService.exe<BR>C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe<BR>C:\Program Files\Real\RealPlayer\RealPlay.exe<BR>C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe<BR>C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe<BR>C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe<BR>C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe<BR>C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe<BR>C:\Program Files\iTunes\iTunesHelper.exe<BR>C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe<BR>C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe<BR>C:\Program Files\DellSupport\DSAgnt.exe<BR>C:\WINDOWS\system32\ctfmon.exe<BR>C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe<BR>C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe<BR>C:\WINDOWS\System32\svchost.exe<BR>C:\Program Files\iPod\bin\iPodService.exe<BR>C:\WINDOWS\system32\wuauclt.exe<BR>C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe<BR>C:\Program Files\Trend Micro\HijackThis\HijackThis.exe<BR>C:\Program Files\internet explorer\iexplore.exe<BR>C:\WINDOWS\system32\wuauclt.exe</P><P>R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = <A href="http://www.yahoo.com/">http://www.yahoo.com/</A><BR>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = <A href="http://go.microsoft.com/fwlink/?LinkId=69157">http://go.microsoft.com/fwlink/?LinkId=69157</A><BR>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = <A href="http://go.microsoft.com/fwlink/?LinkId=54896">http://go.microsoft.com/fwlink/?LinkId=54896</A><BR>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = <A href="http://go.microsoft.com/fwlink/?LinkId=54896">http://go.microsoft.com/fwlink/?LinkId=54896</A><BR>R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = <A href="http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com">http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com</A><BR>R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll<BR>O2 - BHO: &amp;Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll<BR>O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll<BR>O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll<BR>O3 - Toolbar: &amp;Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll<BR>O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll<BR>O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe<BR>O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe<BR>O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe<BR>O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup<BR>O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE<BR>O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"<BR>O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe<BR>O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r<BR>O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER<BR>O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup<BR>O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start<BR>O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN<BR>O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe<BR>O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"<BR>O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"<BR>O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime<BR>O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"<BR>O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"<BR>O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"<BR>O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"<BR>O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"<BR>O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup<BR>O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe<BR>O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe<BR>O4 - HKCU\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe"<BR>O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe<BR>O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE<BR>O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?<BR>O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe<BR>O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll<BR>O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe<BR>O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe<BR>O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe<BR>O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe<BR>O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - <A href="http://go.microsoft.com/fwlink/?linkid=39204">http://go.microsoft.com/fwlink/?linkid=39204</A><BR>O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - <A href="http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab">http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab</A><BR>O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - <A href="http://upload.facebook.com/controls/FacebookPhotoUploader3.cab">http://upload.facebook.com/controls/FacebookPhotoUploader3.cab</A><BR>O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - <A href="http://upload.facebook.com/controls/FacebookPhotoUploader.cab">http://upload.facebook.com/controls/FacebookPhotoUploader.cab</A><BR>O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - <A href="http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab">http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab</A><BR>O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - <A href="https://webdl.symantec.com/activex/symdlmgr.cab">https://webdl.symantec.com/activex/symdlmgr.cab</A><BR>O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - <A href="http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124836278656">http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124836278656</A><BR>O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - <A href="https://a248.e.akamai.net/f/248/5462/2h/www.symantecstore.com/v2.0-img/operations/symbizpr/xcontrol/SymDlBrg.cab">https://a248.e.akamai.net/f/248/5462/2h/www.symantecstore.com/v2.0-img/operations/symbizpr/xcontrol/SymDlBrg.cab</A><BR>O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - <A href="http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab">http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab</A><BR>O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - <A href="http://www.shockwave.com/content/bejeweled2/sis/popcaploader_v10.cab">http://www.shockwave.com/content/bejeweled2/sis/popcaploader_v10.cab</A><BR>O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll<BR>O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe<BR>O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe<BR>O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe<BR>O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe<BR>O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe<BR>O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe<BR>O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe<BR>O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe<BR>O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe<BR>O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe<BR>O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe<BR>O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE<BR>O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE<BR>O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe<BR>O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe<BR>O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe</P><P>--<BR>End of file - 10283 bytes<BR>Tue, 13 May 2008 22:08:27 GMTsundancekid726RE: White X in a Red Circle in my System Trayhttp://forum.tweaks.com/forum/Topic239390-29-1.aspxClick on Start/Run,copy and paste [b]ComboFix /u[/b] into the 'Open:' space,then press Ok.<br>This will uninstall Combofix,delete its related folders and files,reset your clock settings,hide file extensions,hide the system/hidden files and resets System Restore.<br><br>[IMG]http://img.photobucket.com/albums/v624/29wood/comu.gif[/IMG]<br><br><br>Please double-click [b]OTMoveIt.exe[/b] again to run it.<br>Click on the 'Cleanup' button [IMG]http://img.photobucket.com/albums/v624/29wood/Clipboard01cleanup.gif[/IMG]<br>When you do this a text file named cleanup.txt will be downloaded from the internet. <br>If you get a warning from your firewall or other security programs regarding OTMoveIt attempting to contact the internet you should allow it to do so. <br>When the 'Confirm' box appears click 'Yes'.<br>[b]Restart your pc when prompted.[/b]<br><br><br>Download and scan with [b][color="red"]CCleaner[/color][/b]:<br>[url]http://www.ccleaner.com/downloadbuilds.asp[/url]<br>1. Starting with v1.27.260, CCleaner installs the [b]Yahoo Toolbar[/b] as an option which IS checkmarked by default during the installation. IF you do NOT want it, REMOVE the checkmark when provided with the option OR download the toolbar-free Basic or Slim versions instead of the Standard Build.<br><br>2. Before first use, select Options > Advanced and UNCHECK [b]"Only delete files in Windows Temp folder older than 48 hours"[/b]<br><br>3. Then select the items you wish to clean up.<br><br>[b]In the Windows Tab:[/b]<br>* Clean all entries in the "Internet Explorer" section except Cookies.<br>* Clean all the entries in the "Windows Explorer" section.<br>* Clean all entries in the "System" section.<br>* Clean all entries in the "Advanced" section.<br>* Clean any others that you choose.<br><br>[b]In the Applications Tab:[/b]<br>* Clean all except cookies in the Firefox/Mozilla section if you use it.<br>* Clean all in the Opera section if you use it.<br>* Clean Sun Java in the Internet Section.<br>* Clean any others that you choose.<br><br>4. Click the "Run Cleaner" button.<br>5. A pop up box will appear advising this process will permanently delete files from your system.<br>6. Click "OK" and it will scan and clean your system.<br>7. Click "Exit" when done.<br><br><br>Your version of [b]Sun Java[/b] is out of date.<br>Older versions have vulnerabilities that malware can use to infect your system.<br>Please follow these steps to remove older versions of Sun Java,and then update.<br>1. Download the latest version of [b][url=http://java.sun.com/javase/downloads/index.jsp][color="blue"]Java Runtime Environment (JRE)[/color][/url][/b]<br>2. Scroll down to where it says '[b]Java Runtime Environment (JRE) 6u6[/b]'.<br>3. Click the "Download" button to the right.<br>4. Select the Platform and Language for your download,then check the box that says: "Accept License Agreement".<br>5. The page will refresh.<br>6. Click on the link to download [b]'Windows Offline Installation, Multi-language - jre-6u6-windows-i586-p.exe'[/b] [15.21 MB] and save to your desktop.<br>7. Close any programs you may have running - especially your web browser.<br>8. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.<br>9. Check any item with Java Runtime Environment (JRE or J2SE) in the name.<br>10. Click the Change/Remove button.<br>11. Repeat as many times as necessary to remove each Java version.<br>12. Reboot your computer once all Java components are removed.<br>13. Then from your desktop double-click on [b]jre-6u6-windows-i586-p.exe[/b] to install the newest version.<br><br><br>Download\install [b]'SuperAntiSpyware Free Version Home Users'[/b] from here:<br>[URL]http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE[/URL]<br><br>Launch SuperAntiSpyware and click on 'Check for updates'.<br>If you encounter any error messages while downloading the updates,manually download them from [B][URL=http://www.superantispyware.com/definitions.html][COLOR="BLUE"]Here[/COLOR][/URL][/B].<br>Once the updates have been installed,[b]exit[/b] SuperAntiSpyware.<br>[b]Do not run it just yet.[/b]<br><br>Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'. <br>Make sure all browser and all Windows Explorer windows are closed before fixing:<br>[b]O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)<br>O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)<br>O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)<br>O16 - DPF: {FCF289D4-0AC8-4ED8-BE31-E8AF09606AB5} (download_35mb_com.applet) - http://static.35mb.com/applet/applet_o.cab[/b]<br>Exit Hijackthis.<br><br>[b]Now Start SuperAntiSpyware.[/b]<br>On the main screen click on 'Scan your computer'.<br>Check: 'Perform Complete Scan'.<br>Click 'Next' to start the scan.<br><br>Superantispyware will now scan your computer,when it's finished it will list all/any infections found.<br>Make sure everything found has a checkmark next to it,then press 'Next'.<br>Click on 'Finish' when you've done.<br><br>It's possible that the program will ask you to reboot in order to delete some files.<br><br>Obtain the SuperAntiSpyware log as follows:<br>Click on 'Preferences'.<br>Click on the 'Statistics/Logs' tab.<br>Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.<br>It will then open in your default text editor,such as Notepad.<br>[b]Copy and paste the contents of that report into your next reply.<br>Also post a new Hijackthis log,let me know how your pc is running now.[/b]Tue, 13 May 2008 18:01:56 GMTRichieUKRE: White X in a Red Circle in my System Trayhttp://forum.tweaks.com/forum/Topic239390-29-1.aspxC:\WINDOWS\bak moved successfully.<BR>C:\Program Files\AIM6\bak moved successfully.<BR>C:\Program Files\DellSupport\bak moved successfully.<BR>C:\Program Files\iTunes\bak moved successfully.<BR>C:\Program Files\QuickTime\bak moved successfully.<BR>C:\Program Files\REGSHAVE\bak moved successfully.<BR>C:\WINDOWS\SYSTEM32\bak moved successfully.<BR>C:\Program Files\Dell\Media Experience\bak moved successfully.<BR>C:\Program Files\Intel\Modem Event Monitor\bak moved successfully.<BR>C:\Program Files\Real\RealPlayer\bak moved successfully.<BR>C:\Program Files\Yahoo!\Search Protection\bak moved successfully.<BR>C:\WINDOWS\SYSTEM32\dla\bak moved successfully.<BR>C:\Program Files\Adobe\Reader 8.0\Reader\bak moved successfully.<BR>C:\Program Files\Common Files\InstallShield\UpdateService\bak moved successfully.<BR>C:\Program Files\Common Files\Sonic\Update Manager\bak moved successfully.<BR>C:\Program Files\Creative\SBLive\Diagnostics\bak moved successfully.<BR>C:\Program Files\Java\j2re1.4.2_03\bin\bak moved successfully.<BR>C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\bak moved successfully.<BR>C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\bak moved successfully.<BR>C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\bak moved successfully.<BR> <BR>OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 05132008_185014<BR><BR><BR><BR><BR><BR>MY LATEST HIJACK THIS LOG:<BR>Logfile of Trend Micro HijackThis v2.0.2<BR>Scan saved at 6:51:51 PM, on 5/13/2008<BR>Platform: Windows XP SP2 (WinNT 5.01.2600)<BR>MSIE: Internet Explorer v7.00 (7.00.6000.16640)<BR>Boot mode: Normal</P><P>Running processes:<BR>C:\WINDOWS\System32\smss.exe<BR>C:\WINDOWS\system32\winlogon.exe<BR>C:\WINDOWS\system32\services.exe<BR>C:\WINDOWS\system32\lsass.exe<BR>C:\WINDOWS\system32\svchost.exe<BR>C:\WINDOWS\System32\svchost.exe<BR>C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe<BR>C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe<BR>C:\WINDOWS\system32\LEXBCES.EXE<BR>C:\WINDOWS\system32\spoolsv.exe<BR>C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe<BR>C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe<BR>C:\WINDOWS\System32\CTsvcCDA.exe<BR>C:\WINDOWS\System32\MsPMSPSv.exe<BR>C:\WINDOWS\System32\svchost.exe<BR>C:\Program Files\iPod\bin\iPodService.exe<BR>C:\WINDOWS\Explorer.EXE<BR>C:\Program Files\iTunes\iTunesHelper.exe<BR>C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe<BR>C:\WINDOWS\system32\lexpps.exe<BR>C:\WINDOWS\system32\ctfmon.exe<BR>C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe<BR>C:\Program Files\internet explorer\iexplore.exe<BR>C:\WINDOWS\system32\wuauclt.exe<BR>C:\Program Files\Trend Micro\HijackThis\HijackThis.exe</P><P>R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = <A href="http://www.yahoo.com/">http://www.yahoo.com/</A><BR>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = <A href="http://go.microsoft.com/fwlink/?LinkId=69157">http://go.microsoft.com/fwlink/?LinkId=69157</A><BR>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = <A href="http://go.microsoft.com/fwlink/?LinkId=54896">http://go.microsoft.com/fwlink/?LinkId=54896</A><BR>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = <A href="http://go.microsoft.com/fwlink/?LinkId=54896">http://go.microsoft.com/fwlink/?LinkId=54896</A><BR>R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = <A href="http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com">http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com</A><BR>R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll<BR>O2 - BHO: &amp;Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll<BR>O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll<BR>O3 - Toolbar: &amp;Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll<BR>O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll<BR>O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe<BR>O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe<BR>O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe<BR>O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe<BR>O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup<BR>O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE<BR>O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"<BR>O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe<BR>O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r<BR>O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER<BR>O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup<BR>O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start<BR>O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN<BR>O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe<BR>O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"<BR>O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"<BR>O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime<BR>O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"<BR>O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"<BR>O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"<BR>O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"<BR>O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup<BR>O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe<BR>O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe<BR>O4 - HKCU\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe"<BR>O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE<BR>O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?<BR>O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)<BR>O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)<BR>O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe<BR>O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll<BR>O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - <A href="http://wwws.musicmatch.com/mmz/openWebRadio.html">http://wwws.musicmatch.com/mmz/openWebRadio.html</A> (file missing)<BR>O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe<BR>O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe<BR>O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe<BR>O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe<BR>O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - <A href="http://go.microsoft.com/fwlink/?linkid=39204">http://go.microsoft.com/fwlink/?linkid=39204</A><BR>O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - <A href="http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab">http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab</A><BR>O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - <A href="http://upload.facebook.com/controls/FacebookPhotoUploader3.cab">http://upload.facebook.com/controls/FacebookPhotoUploader3.cab</A><BR>O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - <A href="http://upload.facebook.com/controls/FacebookPhotoUploader.cab">http://upload.facebook.com/controls/FacebookPhotoUploader.cab</A><BR>O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - <A href="http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab">http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab</A><BR>O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - <A href="https://webdl.symantec.com/activex/symdlmgr.cab">https://webdl.symantec.com/activex/symdlmgr.cab</A><BR>O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - <A href="http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124836278656">http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124836278656</A><BR>O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - <A href="https://a248.e.akamai.net/f/248/5462/2h/www.symantecstore.com/v2.0-img/operations/symbizpr/xcontrol/SymDlBrg.cab">https://a248.e.akamai.net/f/248/5462/2h/www.symantecstore.com/v2.0-img/operations/symbizpr/xcontrol/SymDlBrg.cab</A><BR>O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - <A href="http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab">http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab</A><BR>O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - <A href="http://www.shockwave.com/content/bejeweled2/sis/popcaploader_v10.cab">http://www.shockwave.com/content/bejeweled2/sis/popcaploader_v10.cab</A><BR>O16 - DPF: {FCF289D4-0AC8-4ED8-BE31-E8AF09606AB5} (download_35mb_com.applet) - <A href="http://static.35mb.com/applet/applet_o.cab">http://static.35mb.com/applet/applet_o.cab</A><BR>O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe<BR>O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe<BR>O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe<BR>O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe<BR>O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe<BR>O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe<BR>O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe<BR>O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe<BR>O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe<BR>O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe<BR>O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe<BR>O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE<BR>O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE<BR>O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe<BR>O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe<BR>O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe</P><P>--<BR>End of file - 9696 bytes<BR><BR>Tue, 13 May 2008 17:52:20 GMTsundancekid726RE: White X in a Red Circle in my System Trayhttp://forum.tweaks.com/forum/Topic239390-29-1.aspxPlease download [b]OTMoveIt[/b] by [b]OldTimer[/b],save it to your desktop:<br>[url]http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe[/url]<br>Please double-click OTMoveIt.exe to run it.<br>Copy [b]ALL[/b] the text inside the code box below to the clipboard by highlighting [b]ALL[/b] of it and pressing CTRL + C (or, after highlighting, right-click and choose 'Copy'):<br><br>[quote]C:\WINDOWS\bak<br>C:\Program Files\AIM6\bak<br>C:\Program Files\DellSupport\bak<br>C:\Program Files\iTunes\bak<br>C:\Program Files\QuickTime\bak<br>C:\Program Files\REGSHAVE\bak<br>C:\WINDOWS\SYSTEM32\bak<br>C:\Program Files\Dell\Media Experience\bak<br>C:\Program Files\Intel\Modem Event Monitor\bak<br>C:\Program Files\Real\RealPlayer\bak<br>C:\Program Files\Yahoo!\Search Protection\bak<br>C:\WINDOWS\SYSTEM32\dla\bak<br>C:\Program Files\Adobe\Reader 8.0\Reader\bak<br>C:\Program Files\Common Files\InstallShield\UpdateService\bak<br>C:\Program Files\Common Files\Sonic\Update Manager\bak<br>C:\Program Files\Creative\SBLive\Diagnostics\bak<br>C:\Program Files\Java\j2re1.4.2_03\bin\bak<br>C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\bak<br>C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\bak<br>C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\bak[/quote]<br>Return to OTMoveIt, right click on the "[b]Paste List of Files/Folders to Move[/b]" window under the [b]"yellow"[/b] bar,and choose [b]Paste[/b],see image below:<br><br>[IMG]http://img.photobucket.com/albums/v624/29wood/Clipboard01-3.png[/IMG]<br><br>Click on the Moveit! button [IMG]http://img.photobucket.com/albums/v624/29wood/Clipboard01moveit.gif[/IMG]<br>[b]Copy everything on the 'Results' window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose 'Copy'), and paste it into your next reply.[/b]<br>Close OTMoveIt by clicking on the "Exit" button.<br>If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. <br>If you are asked to reboot the machine choose [b]Yes[/b].<br><br>[b]Also post a new Hijackthis log please.[/b]Tue, 13 May 2008 17:42:27 GMTRichieUKRE: White X in a Red Circle in my System Trayhttp://forum.tweaks.com/forum/Topic239390-29-1.aspx Find AWF report by noahdfear ©2006<BR> Version 1.40<BR>Option 2 run successfully</P><P>The current date is: Tue 05/13/2008 <BR>The current time is: 18:28:33.64</P><P><BR> bak folders found<BR> ~~~~~~~~~~~</P><P><BR> Directory of C:\WINDOWS\BAK</P><P>05/11/2000 02:00 AM 90,112 UpdReg.EXE<BR> 1 File(s) 90,112 bytes</P><P> Directory of C:\PROGRA~1\AIM6\BAK</P><P>11/07/2006 11:29 AM 50,736 aim6.exe<BR> 1 File(s) 50,736 bytes</P><P> Directory of C:\PROGRA~1\DELLSU~1\BAK</P><P>03/15/2007 11:09 AM 460,784 DSAgnt.exe<BR> 1 File(s) 460,784 bytes</P><P> Directory of C:\PROGRA~1\ITUNES\BAK</P><P>11/02/2007 07:36 PM 267,048 iTunesHelper.exe<BR> 1 File(s) 267,048 bytes</P><P> Directory of C:\PROGRA~1\QUICKT~1\BAK</P><P>10/19/2007 09:16 PM 286,720 qttask.exe<BR> 1 File(s) 286,720 bytes</P><P> Directory of C:\PROGRA~1\REGSHAVE\BAK</P><P>02/04/2002 11:32 PM 53,248 REGSHAVE.EXE<BR> 1 File(s) 53,248 bytes</P><P> Directory of C:\WINDOWS\SYSTEM32\BAK</P><P>08/04/2004 03:56 AM 15,360 ctfmon.exe<BR>06/22/2005 12:44 AM 126,976 hkcmd.exe<BR>06/22/2005 12:48 AM 155,648 igfxtray.exe<BR> 3 File(s) 297,984 bytes</P><P> Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\BAK</P><P> 0 File(s) 0 bytes</P><P> Directory of C:\PROGRA~1\DELL\MEDIAE~1\BAK</P><P>04/11/2004 09:15 PM 290,816 PCMService.exe<BR> 1 File(s) 290,816 bytes</P><P> Directory of C:\PROGRA~1\INTEL\MODEME~1\BAK</P><P>09/03/2003 09:12 PM 221,184 IntelMEM.exe<BR> 1 File(s) 221,184 bytes</P><P> Directory of C:\PROGRA~1\REAL\REALPL~1\BAK</P><P>08/10/2004 10:01 AM 26,112 RealPlay.exe<BR> 1 File(s) 26,112 bytes</P><P> Directory of C:\PROGRA~1\YAHOO!\SEARCH~1\BAK</P><P>06/08/2007 10:59 AM 224,248 SearchProtection.exe<BR> 1 File(s) 224,248 bytes</P><P> Directory of C:\WINDOWS\SYSTEM32\DLA\BAK</P><P>03/15/2004 02:04 AM 122,933 tfswctrl.exe<BR> 1 File(s) 122,933 bytes</P><P> Directory of C:\PROGRA~1\ADOBE\READER~1.0\READER\BAK</P><P>10/10/2007 07:51 PM 39,792 Reader_sl.exe<BR> 1 File(s) 39,792 bytes</P><P> Directory of C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\BAK</P><P>06/16/2004 06:03 AM 81,920 issch.exe<BR>06/16/2004 07:03 AM 221,184 ISUSPM.exe<BR> 2 File(s) 303,104 bytes</P><P> Directory of C:\PROGRA~1\COMMON~1\SONIC\UPDATE~1\BAK</P><P>08/19/2003 02:01 AM 110,592 sgtray.exe<BR> 1 File(s) 110,592 bytes</P><P> Directory of C:\PROGRA~1\CREATIVE\SBLIVE\DIAGNO~1\BAK</P><P>04/03/2002 02:01 AM 135,264 diagent.exe<BR> 1 File(s) 135,264 bytes</P><P> Directory of C:\PROGRA~1\JAVA\J2RE14~1.2_0\BIN\BAK</P><P>11/19/2003 06:48 PM 32,881 jusched.exe<BR> 1 File(s) 32,881 bytes</P><P> Directory of C:\DOCUME~1\ALLUSE~1\APPLIC~1\DELL\TRANSF~1\BAK</P><P>11/13/2007 05:46 PM 135,168 TransferAgent.exe<BR> 1 File(s) 135,168 bytes</P><P> Directory of C:\PROGRA~1\ADOBE\PHOTOS~1\3.2\APPS\BAK</P><P>03/09/2007 11:09 AM 63,712 apdproxy.exe<BR> 1 File(s) 63,712 bytes</P><P> Directory of C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\BAK</P><P>03/04/2004 11:46 AM 172,032 hpztsb10.exe<BR> 1 File(s) 172,032 bytes</P><P><BR> Duplicate files of bak directory contents<BR> ~~~~~~~~~~~~~~~~~~~~~~~</P><P> 90112 May 11 2000 "C:\WINDOWS\UpdReg.EXE"<BR> 90112 May 11 2000 "C:\WINDOWS\bak\UpdReg.EXE"<BR> 50528 Jan 3 2008 "C:\Program Files\AIM6\aim6.exe"<BR> 50736 Nov 7 2006 "C:\Program Files\AIM6\bak\aim6.exe"<BR> 460784 Mar 15 2007 "C:\Program Files\DellSupport\DSAgnt.exe"<BR> 460784 Mar 15 2007 "C:\Program Files\DellSupport\bak\DSAgnt.exe"<BR> 267048 Nov 2 2007 "C:\Program Files\iTunes\iTunesHelper.exe"<BR> 267048 Nov 2 2007 "C:\Program Files\iTunes\bak\iTunesHelper.exe"<BR> 102400 Mar 6 2008 "C:\WINDOWS\Installer\{E3FEE4E7-4488-4A3F-A6BD-13745936EADB}\iTunesIco.exe"<BR> 116008 Nov 2 2007 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.5.0.20\iTunesSetupAdmin.exe"<BR> 286720 Oct 19 2007 "C:\Program Files\QuickTime\qttask.exe"<BR> 286720 Oct 19 2007 "C:\Program Files\QuickTime\bak\qttask.exe"<BR> 53248 Feb 4 2002 "C:\Program Files\REGSHAVE\REGSHAVE.EXE"<BR> 53248 Feb 4 2002 "C:\Program Files\REGSHAVE\bak\REGSHAVE.EXE"<BR> 15360 Aug 4 2004 "C:\WINDOWS\SYSTEM32\ctfmon.exe"<BR> 15360 Aug 4 2004 "C:\WINDOWS\SYSTEM32\bak\ctfmon.exe"<BR> 118784 Feb 10 2004 "C:\DRIVERS\VIDEO\HKCMD.EXE"<BR> 126976 Jun 22 2005 "C:\DRIVERS\R106456\Win2000\hkcmd.exe"<BR> 126976 Jun 22 2005 "C:\WINDOWS\SYSTEM32\bak\hkcmd.exe"<BR> 126976 Jan 23 2005 "C:\WINDOWS\SYSTEM32\ReinstallBackups\0000\DriverFiles\hkcmd.exe"<BR> 155648 Feb 10 2004 "C:\DRIVERS\VIDEO\IGFXTRAY.EXE"<BR> 155648 Jun 22 2005 "C:\WINDOWS\SYSTEM32\igfxtray.exe"<BR> 155648 Jun 22 2005 "C:\DRIVERS\R106456\Win2000\igfxtray.exe"<BR> 155648 Jun 22 2005 "C:\WINDOWS\SYSTEM32\bak\igfxtray.exe"<BR> 155648 Jan 23 2005 "C:\WINDOWS\SYSTEM32\ReinstallBackups\0000\DriverFiles\igfxtray.exe"<BR> 290816 Apr 11 2004 "C:\Program Files\Dell\Media Experience\PCMService.exe"<BR> 290816 Apr 11 2004 "C:\Program Files\Dell\Media Experience\bak\PCMService.exe"<BR> 221184 Sep 3 2003 "C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe"<BR> 221184 Sep 3 2003 "C:\Program Files\Intel\Modem Event Monitor\bak\IntelMEM.exe"<BR> 26112 Aug 10 2004 "C:\Program Files\Real\RealPlayer\RealPlay.exe"<BR> 26112 Aug 10 2004 "C:\Program Files\Real\RealPlayer\bak\RealPlay.exe"<BR> 224248 Jun 8 2007 "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"<BR> 224248 Jun 8 2007 "C:\Program Files\Yahoo!\Search Protection\bak\SearchProtection.exe"<BR> 122933 Mar 15 2004 "C:\Program Files\Sonic\DLA\install\tfswctrl.exe"<BR> 122933 Mar 15 2004 "C:\WINDOWS\SYSTEM32\dla\bak\tfswctrl.exe"<BR> 39792 Jan 11 2008 "C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe"<BR> 39792 Oct 10 2007 "C:\Program Files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe"<BR> 81920 Jun 16 2004 "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe"<BR> 81920 Jun 16 2004 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\issch.exe"<BR> 221184 Jun 16 2004 "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe"<BR> 221184 Jun 16 2004 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe"<BR> 110592 Aug 19 2003 "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe"<BR> 110592 Aug 19 2003 "C:\Program Files\Common Files\Sonic\Update Manager\bak\sgtray.exe"<BR> 135264 Apr 3 2002 "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe"<BR> 135264 Apr 3 2002 "C:\Program Files\Creative\SBLive\Diagnostics\bak\diagent.exe"<BR> 32881 Nov 19 2003 "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe"<BR> 32881 Nov 19 2003 "C:\Program Files\Java\j2re1.4.2_03\bin\bak\jusched.exe"<BR> 135168 Nov 13 2007 "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe"<BR> 135168 Nov 13 2007 "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\bak\TransferAgent.exe"<BR> 327437 Jan 27 2008 "C:\Documents and Settings\Derek O'Connor\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u4\CIP\TransferAgentSetup.exe"<BR> 63712 Mar 9 2007 "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"<BR> 63712 Mar 9 2007 "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\bak\apdproxy.exe"<BR> 172032 Mar 4 2004 "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpztsb10.exe"<BR> 172032 Mar 4 2004 "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\bak\hpztsb10.exe"</P><P><BR> end of report<BR>Tue, 13 May 2008 17:31:23 GMTsundancekid726RE: White X in a Red Circle in my System Trayhttp://forum.tweaks.com/forum/Topic239390-29-1.aspxDouble-click [b]FindAWF.exe[/b] to start the tool. <br>Select option [b]#2[/b] - [b]Restore files from bak folders[/b] by typing [b]2[/b] and press 'Enter' <br>A text file will open up. <br>Please copy and paste [b]ALL[/b] the following text inside the code box below into the text file:<br><br>[quote]"C:\WINDOWS\bak\UpdReg.EXE"<br>"C:\Program Files\DellSupport\bak\DSAgnt.exe"<br>"C:\Program Files\QuickTime\bak\qttask.exe"<br>"C:\Program Files\REGSHAVE\bak\REGSHAVE.EXE"<br>"C:\WINDOWS\SYSTEM32\bak\igfxtray.exe"<br>"C:\Program Files\Dell\Media Experience\bak\PCMService.exe"<br>"C:\Program Files\Intel\Modem Event Monitor\bak\IntelMEM.exe"<br>"C:\Program Files\Real\RealPlayer\bak\RealPlay.exe"<br>"C:\Program Files\Yahoo!\Search Protection\bak\SearchProtection.exe"<br>"C:\Program Files\Common Files\InstallShield\UpdateService\bak\issch.exe"<br>"C:\Program Files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe"<br>"C:\Program Files\Common Files\Sonic\Update Manager\bak\sgtray.exe"<br>"C:\Program Files\Creative\SBLive\Diagnostics\bak\diagent.exe"<br>"C:\Program Files\Java\j2re1.4.2_03\bin\bak\jusched.exe"<br>"C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\bak\TransferAgent.exe"<br>"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\bak\apdproxy.exe"<br>"C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\bak\hpztsb10.exe"[/quote]<br>Close the files.txt and click Yes to save the changes. <br>FindAWF will now terminate the bad processes if running, delete the bad files and restore/replace them with the good files. <br>Then it will open a log. <br>[b]Copy and paste the contents of that log in your next reply.[/b]Tue, 13 May 2008 17:24:25 GMTRichieUKRE: White X in a Red Circle in my System Trayhttp://forum.tweaks.com/forum/Topic239390-29-1.aspx Find AWF report by noahdfear ©2006<BR> Version 1.40</P><P>The current date is: Tue 05/13/2008 <BR>The current time is: 18:07:57.17</P><P><BR> bak folders found<BR> ~~~~~~~~~~~</P><P><BR> Directory of C:\WINDOWS\BAK</P><P>05/11/2000 02:00 AM 90,112 UpdReg.EXE<BR> 1 File(s) 90,112 bytes</P><P> Directory of C:\PROGRA~1\AIM6\BAK</P><P>11/07/2006 11:29 AM 50,736 aim6.exe<BR> 1 File(s) 50,736 bytes</P><P> Directory of C:\PROGRA~1\DELLSU~1\BAK</P><P>03/15/2007 11:09 AM 460,784 DSAgnt.exe<BR> 1 File(s) 460,784 bytes</P><P> Directory of C:\PROGRA~1\ITUNES\BAK</P><P>11/02/2007 07:36 PM 267,048 iTunesHelper.exe<BR> 1 File(s) 267,048 bytes</P><P> Directory of C:\PROGRA~1\QUICKT~1\BAK</P><P>10/19/2007 09:16 PM 286,720 qttask.exe<BR> 1 File(s) 286,720 bytes</P><P> Directory of C:\PROGRA~1\REGSHAVE\BAK</P><P>02/04/2002 11:32 PM 53,248 REGSHAVE.EXE<BR> 1 File(s) 53,248 bytes</P><P> Directory of C:\WINDOWS\SYSTEM32\BAK</P><P>08/04/2004 03:56 AM 15,360 ctfmon.exe<BR>06/22/2005 12:44 AM 126,976 hkcmd.exe<BR>06/22/2005 12:48 AM 155,648 igfxtray.exe<BR> 3 File(s) 297,984 bytes</P><P> Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\BAK</P><P> 0 File(s) 0 bytes</P><P> Directory of C:\PROGRA~1\DELL\MEDIAE~1\BAK</P><P>04/11/2004 09:15 PM 290,816 PCMService.exe<BR> 1 File(s) 290,816 bytes</P><P> Directory of C:\PROGRA~1\INTEL\MODEME~1\BAK</P><P>09/03/2003 09:12 PM 221,184 IntelMEM.exe<BR> 1 File(s) 221,184 bytes</P><P> Directory of C:\PROGRA~1\REAL\REALPL~1\BAK</P><P>08/10/2004 10:01 AM 26,112 RealPlay.exe<BR> 1 File(s) 26,112 bytes</P><P> Directory of C:\PROGRA~1\YAHOO!\SEARCH~1\BAK</P><P>06/08/2007 10:59 AM 224,248 SearchProtection.exe<BR> 1 File(s) 224,248 bytes</P><P> Directory of C:\WINDOWS\SYSTEM32\DLA\BAK</P><P>03/15/2004 02:04 AM 122,933 tfswctrl.exe<BR> 1 File(s) 122,933 bytes</P><P> Directory of C:\PROGRA~1\ADOBE\READER~1.0\READER\BAK</P><P>10/10/2007 07:51 PM 39,792 Reader_sl.exe<BR> 1 File(s) 39,792 bytes</P><P> Directory of C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\BAK</P><P>06/16/2004 06:03 AM 81,920 issch.exe<BR>06/16/2004 07:03 AM 221,184 ISUSPM.exe<BR> 2 File(s) 303,104 bytes</P><P> Directory of C:\PROGRA~1\COMMON~1\SONIC\UPDATE~1\BAK</P><P>08/19/2003 02:01 AM 110,592 sgtray.exe<BR> 1 File(s) 110,592 bytes</P><P> Directory of C:\PROGRA~1\CREATIVE\SBLIVE\DIAGNO~1\BAK</P><P>04/03/2002 02:01 AM 135,264 diagent.exe<BR> 1 File(s) 135,264 bytes</P><P> Directory of C:\PROGRA~1\JAVA\J2RE14~1.2_0\BIN\BAK</P><P>11/19/2003 06:48 PM 32,881 jusched.exe<BR> 1 File(s) 32,881 bytes</P><P> Directory of C:\DOCUME~1\ALLUSE~1\APPLIC~1\DELL\TRANSF~1\BAK</P><P>11/13/2007 05:46 PM 135,168 TransferAgent.exe<BR> 1 File(s) 135,168 bytes</P><P> Directory of C:\PROGRA~1\ADOBE\PHOTOS~1\3.2\APPS\BAK</P><P>03/09/2007 11:09 AM 63,712 apdproxy.exe<BR> 1 File(s) 63,712 bytes</P><P> Directory of C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\BAK</P><P>03/04/2004 11:46 AM 172,032 hpztsb10.exe<BR> 1 File(s) 172,032 bytes</P><P><BR> Duplicate files of bak directory contents<BR> ~~~~~~~~~~~~~~~~~~~~~~~</P><P> 90112 May 11 2000 "C:\WINDOWS\bak\UpdReg.EXE"<BR> 50528 Jan 3 2008 "C:\Program Files\AIM6\aim6.exe"<BR> 50736 Nov 7 2006 "C:\Program Files\AIM6\bak\aim6.exe"<BR> 460784 Mar 15 2007 "C:\Program Files\DellSupport\bak\DSAgnt.exe"<BR> 267048 Nov 2 2007 "C:\Program Files\iTunes\iTunesHelper.exe"<BR> 267048 Nov 2 2007 "C:\Program Files\iTunes\bak\iTunesHelper.exe"<BR> 102400 Mar 6 2008 "C:\WINDOWS\Installer\{E3FEE4E7-4488-4A3F-A6BD-13745936EADB}\iTunesIco.exe"<BR> 116008 Nov 2 2007 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.5.0.20\iTunesSetupAdmin.exe"<BR> 286720 Oct 19 2007 "C:\Program Files\QuickTime\bak\qttask.exe"<BR> 53248 Feb 4 2002 "C:\Program Files\REGSHAVE\bak\REGSHAVE.EXE"<BR> 15360 Aug 4 2004 "C:\WINDOWS\SYSTEM32\ctfmon.exe"<BR> 15360 Aug 4 2004 "C:\WINDOWS\SYSTEM32\bak\ctfmon.exe"<BR> 118784 Feb 10 2004 "C:\DRIVERS\VIDEO\HKCMD.EXE"<BR> 126976 Jun 22 2005 "C:\DRIVERS\R106456\Win2000\hkcmd.exe"<BR> 126976 Jun 22 2005 "C:\WINDOWS\SYSTEM32\bak\hkcmd.exe"<BR> 126976 Jan 23 2005 "C:\WINDOWS\SYSTEM32\ReinstallBackups\0000\DriverFiles\hkcmd.exe"<BR> 155648 Feb 10 2004 "C:\DRIVERS\VIDEO\IGFXTRAY.EXE"<BR> 155648 Jun 22 2005 "C:\DRIVERS\R106456\Win2000\igfxtray.exe"<BR> 155648 Jun 22 2005 "C:\WINDOWS\SYSTEM32\bak\igfxtray.exe"<BR> 155648 Jan 23 2005 "C:\WINDOWS\SYSTEM32\ReinstallBackups\0000\DriverFiles\igfxtray.exe"<BR> 290816 Apr 11 2004 "C:\Program Files\Dell\Media Experience\bak\PCMService.exe"<BR> 221184 Sep 3 2003 "C:\Program Files\Intel\Modem Event Monitor\bak\IntelMEM.exe"<BR> 26112 Aug 10 2004 "C:\Program Files\Real\RealPlayer\bak\RealPlay.exe"<BR> 224248 Jun 8 2007 "C:\Program Files\Yahoo!\Search Protection\bak\SearchProtection.exe"<BR> 122933 Mar 15 2004 "C:\Program Files\Sonic\DLA\install\tfswctrl.exe"<BR> 122933 Mar 15 2004 "C:\WINDOWS\SYSTEM32\dla\bak\tfswctrl.exe"<BR> 39792 Jan 11 2008 "C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe"<BR> 39792 Oct 10 2007 "C:\Program Files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe"<BR> 81920 Jun 16 2004 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\issch.exe"<BR> 221184 Jun 16 2004 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe"<BR> 110592 Aug 19 2003 "C:\Program Files\Common Files\Sonic\Update Manager\bak\sgtray.exe"<BR> 135264 Apr 3 2002 "C:\Program Files\Creative\SBLive\Diagnostics\bak\diagent.exe"<BR> 32881 Nov 19 2003 "C:\Program Files\Java\j2re1.4.2_03\bin\bak\jusched.exe"<BR> 135168 Nov 13 2007 "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\bak\TransferAgent.exe"<BR> 327437 Jan 27 2008 "C:\Documents and Settings\Derek O'Connor\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u4\CIP\TransferAgentSetup.exe"<BR> 63712 Mar 9 2007 "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\bak\apdproxy.exe"<BR> 172032 Mar 4 2004 "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\bak\hpztsb10.exe"</P><P><BR> end of reportTue, 13 May 2008 17:13:09 GMTsundancekid726RE: White X in a Red Circle in my System Trayhttp://forum.tweaks.com/forum/Topic239390-29-1.aspxDownload [b]FindAWF.exe[/b] and save it to your desktop:<br>[url]http://noahdfear.geekstogo.com/FindAWF.exe[/url]<br>Double-click on the FindAWF.exe file to run it.<br>It will open a command prompt and ask you to "Press any key to continue".<br>Press any key and the FindAWF tool will begin scanning your computer for the infected AWF files and the backups the trojan created.<br>It may take a few minutes to complete so be patient.<br>When it is complete, it will open a text file in notepad called AWF.txt which will automatically be saved to your desktop or whatever location you ran the file from.<br>[b]Copy and paste the contents of the AWF.txt file in your next reply.[/b]Tue, 13 May 2008 16:54:40 GMTRichieUKRE: White X in a Red Circle in my System Trayhttp://forum.tweaks.com/forum/Topic239390-29-1.aspxHere is my latest hijack this log:<BR><BR>Logfile of Trend Micro HijackThis v2.0.2<BR>Scan saved at 5:37:59 PM, on 5/13/2008<BR>Platform: Windows XP SP2 (WinNT 5.01.2600)<BR>MSIE: Internet Explorer v7.00 (7.00.6000.16640)<BR>Boot mode: Normal</P><P>Running processes:<BR>C:\WINDOWS\System32\smss.exe<BR>C:\WINDOWS\system32\winlogon.exe<BR>C:\WINDOWS\system32\services.exe<BR>C:\WINDOWS\system32\lsass.exe<BR>C:\WINDOWS\system32\svchost.exe<BR>C:\WINDOWS\System32\svchost.exe<BR>C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe<BR>C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe<BR>C:\WINDOWS\system32\LEXBCES.EXE<BR>C:\WINDOWS\system32\spoolsv.exe<BR>C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe<BR>C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe<BR>C:\WINDOWS\System32\CTsvcCDA.exe<BR>C:\WINDOWS\System32\MsPMSPSv.exe<BR>C:\WINDOWS\System32\svchost.exe<BR>C:\Program Files\iPod\bin\iPodService.exe<BR>C:\WINDOWS\Explorer.EXE<BR>C:\Program Files\iTunes\iTunesHelper.exe<BR>C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe<BR>C:\WINDOWS\system32\lexpps.exe<BR>C:\WINDOWS\system32\ctfmon.exe<BR>C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe<BR>C:\Program Files\internet explorer\iexplore.exe<BR>C:\Program Files\Trend Micro\HijackThis\HijackThis.exe</P><P>R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = <A href="http://www.yahoo.com/">http://www.yahoo.com/</A><BR>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = <A href="http://go.microsoft.com/fwlink/?LinkId=69157">http://go.microsoft.com/fwlink/?LinkId=69157</A><BR>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = <A href="http://go.microsoft.com/fwlink/?LinkId=54896">http://go.microsoft.com/fwlink/?LinkId=54896</A><BR>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = <A href="http://go.microsoft.com/fwlink/?LinkId=54896">http://go.microsoft.com/fwlink/?LinkId=54896</A><BR>R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = <A href="http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com">http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com</A><BR>R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll<BR>O2 - BHO: &amp;Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll<BR>O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll<BR>O3 - Toolbar: &amp;Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll<BR>O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll<BR>O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe<BR>O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe<BR>O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe<BR>O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe<BR>O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup<BR>O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE<BR>O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"<BR>O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe<BR>O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r<BR>O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER<BR>O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup<BR>O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start<BR>O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN<BR>O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe<BR>O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"<BR>O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"<BR>O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime<BR>O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"<BR>O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"<BR>O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"<BR>O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"<BR>O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup<BR>O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe<BR>O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe<BR>O4 - HKCU\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe"<BR>O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE<BR>O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?<BR>O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)<BR>O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)<BR>O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe<BR>O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll<BR>O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - <A href="http://wwws.musicmatch.com/mmz/openWebRadio.html">http://wwws.musicmatch.com/mmz/openWebRadio.html</A> (file missing)<BR>O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe<BR>O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe<BR>O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe<BR>O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe<BR>O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - <A href="http://go.microsoft.com/fwlink/?linkid=39204">http://go.microsoft.com/fwlink/?linkid=39204</A><BR>O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - <A href="http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab">http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab</A><BR>O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - <A href="http://upload.facebook.com/controls/FacebookPhotoUploader3.cab">http://upload.facebook.com/controls/FacebookPhotoUploader3.cab</A><BR>O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - <A href="http://upload.facebook.com/controls/FacebookPhotoUploader.cab">http://upload.facebook.com/controls/FacebookPhotoUploader.cab</A><BR>O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - <A href="http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab">http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab</A><BR>O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - <A href="https://webdl.symantec.com/activex/symdlmgr.cab">https://webdl.symantec.com/activex/symdlmgr.cab</A><BR>O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - <A href="http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124836278656">http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124836278656</A><BR>O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - <A href="https://a248.e.akamai.net/f/248/5462/2h/www.symantecstore.com/v2.0-img/operations/symbizpr/xcontrol/SymDlBrg.cab">https://a248.e.akamai.net/f/248/5462/2h/www.symantecstore.com/v2.0-img/operations/symbizpr/xcontrol/SymDlBrg.cab</A><BR>O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - <A href="http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab">http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab</A><BR>O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - <A href="http://www.shockwave.com/content/bejeweled2/sis/popcaploader_v10.cab">http://www.shockwave.com/content/bejeweled2/sis/popcaploader_v10.cab</A><BR>O16 - DPF: {FCF289D4-0AC8-4ED8-BE31-E8AF09606AB5} (download_35mb_com.applet) - <A href="http://static.35mb.com/applet/applet_o.cab">http://static.35mb.com/applet/applet_o.cab</A><BR>O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe<BR>O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe<BR>O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe<BR>O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe<BR>O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe<BR>O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe<BR>O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe<BR>O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe<BR>O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe<BR>O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe<BR>O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe<BR>O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE<BR>O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE<BR>O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe<BR>O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe<BR>O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe</P><P>--<BR>End of file - 9663 bytes<BR><BR>Thanks for the help so farTue, 13 May 2008 16:38:36 GMTsundancekid726RE: White X in a Red Circle in my System Trayhttp://forum.tweaks.com/forum/Topic239390-29-1.aspxComboFix 08-05-12.1 - Derek O'Connor 2008-05-13 17:12:45.1 - NTFSx86<BR>Running from: C:\Documents and Settings\Derek O'Connor\Desktop\ComboFix.exe<BR> * Created a new restore point</P><P>[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]<BR>.</P><P>((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))<BR>.</P><P>C:\Program Files\WinBudget<BR>C:\WINDOWS\system32\drivers\fad.sys</P><P>.<BR>((((((((((((((((((((((((( Files Created from 2008-04-13 to 2008-05-13 )))))))))))))))))))))))))))))))<BR>.</P><P>2008-05-13 16:01 . 2008-05-13 16:02 &lt;DIR&gt; d-------- C:\WINDOWS\ERUNT<BR>2008-05-13 15:54 . 2008-05-13 02:57 &lt;DIR&gt; d-------- C:\SDFix<BR>2008-05-13 15:35 . 2008-05-13 15:35 &lt;DIR&gt; d-------- C:\Deckard<BR>2008-05-13 00:47 . 2008-05-13 00:47 &lt;DIR&gt; d-------- C:\Program Files\Trend Micro<BR>2008-05-12 21:01 . 2008-05-12 21:01 &lt;DIR&gt; d-------- C:\Program Files\Windows Sidebar<BR>2008-05-12 20:59 . 2008-05-12 21:02 &lt;DIR&gt; d-------- C:\Program Files\Norton Internet Security<BR>2008-05-12 20:57 . 2008-05-12 21:02 123,952 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SYMEVENT.SYS<BR>2008-05-12 20:57 . 2008-05-12 21:02 60,800 --a------ C:\WINDOWS\SYSTEM32\S32EVNT1.DLL<BR>2008-05-12 20:57 . 2008-05-12 21:02 10,563 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SYMEVENT.CAT<BR>2008-05-12 20:57 . 2008-05-12 21:02 805 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SYMEVENT.INF<BR>2008-05-12 19:55 . 2008-05-12 19:55 &lt;DIR&gt; d-------- C:\Documents and Settings\All Users\Symantec Temporary Files</P><P>.<BR>(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))<BR>.<BR>2008-05-13 21:19 --------- d-----w C:\Program Files\Common Files\Symantec Shared<BR>2008-05-13 19:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint<BR>2008-05-13 02:58 --------- d-----w C:\Program Files\DivX<BR>2008-05-13 01:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec<BR>2008-05-13 01:05 --------- d-----w C:\Documents and Settings\Derek O'Connor\Application Data\Symantec<BR>2008-05-13 01:02 --------- d-----w C:\Program Files\Symantec<BR>2008-04-11 16:55 --------- d-----w C:\Program Files\Common Files\Adobe<BR>2005-10-13 16:19 13,195 ----a-w C:\Documents and Settings\Derek O'Connor\ZGUICFGW.DAT<BR>2005-08-29 21:33 40 ----a-w C:\Documents and Settings\Derek O'Connor\language.dat<BR>.</P><P>((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))<BR>.<BR>----a-w 135,168 2007-11-13 21:46:00 C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\bak\TransferAgent.exe</P><P>----a-w 63,712 2007-03-09 15:09:58 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\bak\apdproxy.exe</P><P>----a-w 39,792 2007-10-10 23:51:55 C:\Program Files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe<BR>----a-w 39,792 2008-01-12 02:16:38 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe</P><P>----a-w 50,736 2006-11-07 15:29:02 C:\Program Files\AIM6\bak\aim6.exe<BR>----a-w 50,528 2008-01-03 16:15:06 C:\Program Files\AIM6\aim6.exe</P><P>----a-w 81,920 2004-06-16 10:03:04 C:\Program Files\Common Files\InstallShield\UpdateService\bak\issch.exe</P><P>----a-w 221,184 2004-06-16 11:03:26 C:\Program Files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe</P><P>----a-w 110,592 2003-08-19 06:01:00 C:\Program Files\Common Files\Sonic\Update Manager\bak\sgtray.exe</P><P>----a-w 135,264 2002-04-03 06:01:00 C:\Program Files\Creative\SBLive\Diagnostics\bak\diagent.exe</P><P>----a-w 290,816 2004-04-12 01:15:14 C:\Program Files\Dell\Media Experience\bak\PCMService.exe</P><P>----a-w 460,784 2007-03-15 15:09:36 C:\Program Files\DellSupport\bak\DSAgnt.exe</P><P>----a-w 221,184 2003-09-04 01:12:44 C:\Program Files\Intel\Modem Event Monitor\bak\IntelMEM.exe</P><P>----a-w 267,048 2007-11-02 23:36:42 C:\Program Files\iTunes\bak\iTunesHelper.exe<BR>----a-w 267,048 2007-11-02 23:36:42 C:\Program Files\iTunes\iTunesHelper.exe</P><P>----a-w 32,881 2003-11-19 22:48:14 C:\Program Files\Java\j2re1.4.2_03\bin\bak\jusched.exe</P><P>----a-w 286,720 2007-10-20 01:16:26 C:\Program Files\QuickTime\bak\qttask.exe</P><P>----a-w 26,112 2004-08-10 14:01:25 C:\Program Files\Real\RealPlayer\bak\RealPlay.exe</P><P>----a-w 53,248 2002-02-05 03:32:10 C:\Program Files\REGSHAVE\bak\REGSHAVE.EXE</P><P>----a-w 224,248 2007-06-08 14:59:38 C:\Program Files\Yahoo!\Search Protection\bak\SearchProtection.exe</P><P>----a-w 90,112 2000-05-11 06:00:00 C:\WINDOWS\bak\UpdReg.EXE</P><P>----a-w 15,360 2004-08-04 07:56:48 C:\WINDOWS\SYSTEM32\bak\ctfmon.exe<BR>----a-w 15,360 2004-08-04 07:56:48 C:\WINDOWS\SYSTEM32\ctfmon.exe</P><P>----a-w 126,976 2005-06-22 04:44:34 C:\WINDOWS\SYSTEM32\bak\hkcmd.exe</P><P>----a-w 155,648 2005-06-22 04:48:18 C:\WINDOWS\SYSTEM32\bak\igfxtray.exe</P><P>----a-w 122,933 2004-03-15 06:04:00 C:\WINDOWS\SYSTEM32\dla\bak\tfswctrl.exe</P><P>----a-w 172,032 2004-03-04 15:46:24 C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\bak\hpztsb10.exe</P><P>.<BR>((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))<BR>.<BR>.<BR>*Note* empty entries &amp; legit default entries are not shown <BR>REGEDIT4</P><P>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]<BR>"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= "C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll" [2008-02-07 00:05 349552]</P><P>[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]<BR>[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]<BR>[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]</P><P>[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]<BR>"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll [2008-02-07 00:05 349552]</P><P>[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]<BR>[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]<BR>[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]</P><P>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]<BR>"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [ ]<BR>"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]<BR>"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [ ]<BR>"Aim6"="" []<BR>"DellTransferAgent"="C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe" [ ]</P><P>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]<BR>"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [ ]<BR>"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [ ]<BR>"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [ ]<BR>"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [ ]<BR>"diagent"="C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" [ ]<BR>"UpdReg"="C:\WINDOWS\UpdReg.EXE" [ ]<BR>"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [ ]<BR>"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [ ]<BR>"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [ ]<BR>"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [ ]<BR>"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [ ]<BR>"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [ ]<BR>"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [ ]<BR>"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [ ]<BR>"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [ ]<BR>"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [ ]<BR>"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [ ]<BR>"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 19:36 267048]<BR>"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]<BR>"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-25 21:47 51048]<BR>"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2008-02-07 02:49 718704]</P><P>C:\Documents and Settings\All Users\Start Menu\Programs\Startup\<BR>Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-09-04 18:23:00 65588]<BR>Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [1999-09-04 18:23:00 53317]</P><P>[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]<BR>"msacm.ctmp3"= C:\WINDOWS\System32\ctmp3.acm</P><P>[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]<BR>"DisableMonitoring"=dword:00000001</P><P>[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]<BR>"DisableMonitoring"=dword:00000001</P><P>[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]<BR>"DisableMonitoring"=dword:00000001</P><P>[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]<BR>"EnableFirewall"= 0 (0x0)</P><P>[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]<BR>"%windir%\\system32\\sessmgr.exe"=<BR>"C:\\Program Files\\AIM\\aim.exe"=<BR>"%windir%\\Network Diagnostic\\xpnetdiag.exe"=<BR>"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=<BR>"C:\\Program Files\\iTunes\\iTunes.exe"=</P><P>R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []<BR>R3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-03-06 21:32]</P><P>*Newly Created Service* - COMHOST<BR>.<BR>Contents of the 'Scheduled Tasks' folder<BR>"2008-05-13 01:20:41 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Derek O'Connor.job"<BR>- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:<BR>.<BR>**************************************************************************</P><P>catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, <A href="http://www.gmer.net">http://www.gmer.net</A><BR>Rootkit scan 2008-05-13 17:20:54<BR>Windows 5.1.2600 Service Pack 2 NTFS</P><P>scanning hidden processes ... </P><P>scanning hidden autostart entries ...</P><P>scanning hidden files ... </P><P>scan completed successfully<BR>hidden files: 0</P><P>**************************************************************************<BR>.<BR>Completion time: 2008-05-13 17:28:56<BR>ComboFix-quarantined-files.txt 2008-05-13 21:28:51</P><P>Pre-Run: 4,402,397,184 bytes free<BR>Post-Run: 4,514,127,872 bytes free</P><P>151 --- E O F --- 2008-04-10 00:53:59Tue, 13 May 2008 16:37:12 GMTsundancekid726RE: White X in a Red Circle in my System Trayhttp://forum.tweaks.com/forum/Topic239390-29-1.aspxCould you follow the Combofix instructions please.Tue, 13 May 2008 15:52:09 GMTRichieUKRE: White X in a Red Circle in my System Trayhttp://forum.tweaks.com/forum/Topic239390-29-1.aspxAnd here is my new hijack this log:<BR><BR>Logfile of Trend Micro HijackThis v2.0.2<BR>Scan saved at 4:49:18 PM, on 5/13/2008<BR>Platform: Windows XP SP2 (WinNT 5.01.2600)<BR>MSIE: Internet Explorer v7.00 (7.00.6000.16640)<BR>Boot mode: Normal</P><P>Running processes:<BR>C:\WINDOWS\System32\smss.exe<BR>C:\WINDOWS\system32\winlogon.exe<BR>C:\WINDOWS\system32\services.exe<BR>C:\WINDOWS\system32\lsass.exe<BR>C:\WINDOWS\system32\svchost.exe<BR>C:\WINDOWS\System32\svchost.exe<BR>C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe<BR>C:\WINDOWS\Explorer.EXE<BR>C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe<BR>C:\WINDOWS\system32\LEXBCES.EXE<BR>C:\WINDOWS\system32\LEXPPS.EXE<BR>C:\WINDOWS\system32\spoolsv.exe<BR>C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe<BR>C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe<BR>C:\WINDOWS\System32\CTsvcCDA.exe<BR>C:\WINDOWS\System32\MsPMSPSv.exe<BR>C:\Program Files\iTunes\iTunesHelper.exe<BR>C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe<BR>C:\WINDOWS\System32\svchost.exe<BR>C:\WINDOWS\system32\ctfmon.exe<BR>C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe<BR>C:\Program Files\iPod\bin\iPodService.exe<BR>C:\Program Files\Internet Explorer\iexplore.exe<BR>C:\Program Files\Trend Micro\HijackThis\HijackThis.exe</P><P>R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = <A href="http://www.yahoo.com/">http://www.yahoo.com/</A><BR>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = <A href="http://go.microsoft.com/fwlink/?LinkId=69157">http://go.microsoft.com/fwlink/?LinkId=69157</A><BR>R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = <A href="http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com">http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com</A><BR>R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll<BR>O2 - BHO: &amp;Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll<BR>O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll<BR>O3 - Toolbar: &amp;Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll<BR>O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll<BR>O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe<BR>O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe<BR>O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe<BR>O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe<BR>O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup<BR>O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE<BR>O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"<BR>O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe<BR>O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r<BR>O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER<BR>O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup<BR>O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start<BR>O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN<BR>O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe<BR>O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"<BR>O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"<BR>O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime<BR>O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"<BR>O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"<BR>O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"<BR>O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"<BR>O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup<BR>O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe<BR>O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe<BR>O4 - HKCU\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe"<BR>O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE<BR>O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?<BR>O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)<BR>O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)<BR>O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe<BR>O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll<BR>O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - <A href="http://wwws.musicmatch.com/mmz/openWebRadio.html">http://wwws.musicmatch.com/mmz/openWebRadio.html</A> (file missing)<BR>O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe<BR>O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe<BR>O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe<BR>O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe<BR>O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - <A href="http://go.microsoft.com/fwlink/?linkid=39204">http://go.microsoft.com/fwlink/?linkid=39204</A><BR>O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - <A href="http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab">http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab</A><BR>O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - <A href="http://upload.facebook.com/controls/FacebookPhotoUploader3.cab">http://upload.facebook.com/controls/FacebookPhotoUploader3.cab</A><BR>O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - <A href="http://upload.facebook.com/controls/FacebookPhotoUploader.cab">http://upload.facebook.com/controls/FacebookPhotoUploader.cab</A><BR>O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - <A href="http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab">http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab</A><BR>O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - <A href="https://webdl.symantec.com/activex/symdlmgr.cab">https://webdl.symantec.com/activex/symdlmgr.cab</A><BR>O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - <A href="http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124836278656">http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124836278656</A><BR>O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - <A href="https://a248.e.akamai.net/f/248/5462/2h/www.symantecstore.com/v2.0-img/operations/symbizpr/xcontrol/SymDlBrg.cab">https://a248.e.akamai.net/f/248/5462/2h/www.symantecstore.com/v2.0-img/operations/symbizpr/xcontrol/SymDlBrg.cab</A><BR>O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - <A href="http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab">http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab</A><BR>O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - <A href="http://www.shockwave.com/content/bejeweled2/sis/popcaploader_v10.cab">http://www.shockwave.com/content/bejeweled2/sis/popcaploader_v10.cab</A><BR>O16 - DPF: {FCF289D4-0AC8-4ED8-BE31-E8AF09606AB5} (download_35mb_com.applet) - <A href="http://static.35mb.com/applet/applet_o.cab">http://static.35mb.com/applet/applet_o.cab</A><BR>O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe<BR>O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe<BR>O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe<BR>O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe<BR>O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe<BR>O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe<BR>O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe<BR>O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe<BR>O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe<BR>O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe<BR>O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe<BR>O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE<BR>O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE<BR>O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe<BR>O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe<BR>O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe</P><P>--<BR>End of file - 9432 bytes<BR>Tue, 13 May 2008 15:49:41 GMTsundancekid726