Over 1 million tech questions and answers.

Red circle with white x in my system tray

Q: Red circle with white x in my system tray

I have gotten some kind of malware or virus on my PC. I've ran Spybot S&D, Adaware and they removed it temporarily but it has returned. I have a red circle with a white X in it in my system tray that every 15 sec or so shows a message saying something to the effect that my computer is affected with spyware and that windows will download the most up to date anti spyware for me. Yesterday before I was able to remove it temporarily it managed to block out my ability to press CTL+ALT=DEL to get too my task manager, removed my desktop background and replaced it with a blue picture with a black box displaying the same message the red circle with the white x displays, and disabled my web browsers. Please help me remove this for good before it does something permanent!
Here is my most current HijackThis Log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:46:29 AM, on 8/27/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Zune\ZuneLauncher.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\Todd Marler\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\winupdate.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\myhjt.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=7.0unattached&bm=ho_central
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157" target="_blank" class="wLink">http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank" class="wLink">http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: FCToolbarURLSearchHook Class - {96b985b7-3cf9-456a-9db6-791710e60f5f} - C:\Program Files\MyPoints Toolbar 2.0\Helper.dll
R3 - URLSearchHook: {1A03F196-9617-4CA0-842B-A83CEECB022B} - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: FCTBPos00Pos - {614BDA1F-9BEF-4CD1-BDE4-FA4804929B4A} - C:\Program Files\MyPoints Toolbar 2.0\Toolbar.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: MyPoints Toolbar 2.0 - {89A2510A-B4B6-4683-BEC9-1B96700BC7F1} - C:\Program Files\MyPoints Toolbar 2.0\Toolbar.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Verizon_McciTrayApp] "C:\Program Files\Verizon\McciTrayApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\RunOnce: [SpybotDeletingA8955] command.com /c del "C:\WINDOWS\system32\drivers\kbiwkmukckayjj.sys_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1864] cmd.exe /c del "C:\WINDOWS\system32\drivers\kbiwkmukckayjj.sys_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3917] command.com /c del "C:\WINDOWS\system32\drivers\kbiwkmukckayjj.sys"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3279] cmd.exe /c del "C:\WINDOWS\system32\drivers\kbiwkmukckayjj.sys"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6940] command.com /c del "C:\WINDOWS\system32\kbiwkmvlivvbvk.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3879] cmd.exe /c del "C:\WINDOWS\system32\kbiwkmvlivvbvk.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6732] command.com /c del "C:\WINDOWS\system32\kbiwkmvlivvbvk.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6954] cmd.exe /c del "C:\WINDOWS\system32\kbiwkmvlivvbvk.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6707] command.com /c del "C:\WINDOWS\system32\kbiwkmyfuxqtcv.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5309] cmd.exe /c del "C:\WINDOWS\system32\kbiwkmyfuxqtcv.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA58] command.com /c del "C:\WINDOWS\system32\kbiwkmyfuxqtcv.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4132] cmd.exe /c del "C:\WINDOWS\system32\kbiwkmyfuxqtcv.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7664] command.com /c del "C:\WINDOWS\system32\kbiwkmcclwyumy.dat_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1202] cmd.exe /c del "C:\WINDOWS\system32\kbiwkmcclwyumy.dat_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5756] command.com /c del "C:\WINDOWS\system32\kbiwkmcclwyumy.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5898] cmd.exe /c del "C:\WINDOWS\system32\kbiwkmcclwyumy.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8839] command.com /c del "C:\WINDOWS\system32\kbiwkmynxvchnp.dat_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9758] cmd.exe /c del "C:\WINDOWS\system32\kbiwkmynxvchnp.dat_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1130] command.com /c del "C:\WINDOWS\system32\kbiwkmynxvchnp.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1225] cmd.exe /c del "C:\WINDOWS\system32\kbiwkmynxvchnp.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8605] command.com /c del "C:\WINDOWS\system32\drivers\kbiwkmukckayjj.sys_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9095] cmd.exe /c del "C:\WINDOWS\system32\drivers\kbiwkmukckayjj.sys_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5636] command.com /c del "C:\WINDOWS\system32\drivers\kbiwkmukckayjj.sys"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4483] cmd.exe /c del "C:\WINDOWS\system32\drivers\kbiwkmukckayjj.sys"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6894] command.com /c del "C:\WINDOWS\system32\kbiwkmvlivvbvk.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC702] cmd.exe /c del "C:\WINDOWS\system32\kbiwkmvlivvbvk.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9901] command.com /c del "C:\WINDOWS\system32\kbiwkmvlivvbvk.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1527] cmd.exe /c del "C:\WINDOWS\system32\kbiwkmvlivvbvk.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8519] command.com /c del "C:\WINDOWS\system32\kbiwkmyfuxqtcv.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4343] cmd.exe /c del "C:\WINDOWS\system32\kbiwkmyfuxqtcv.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6549] command.com /c del "C:\WINDOWS\system32\kbiwkmyfuxqtcv.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9984] cmd.exe /c del "C:\WINDOWS\system32\kbiwkmyfuxqtcv.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3513] command.com /c del "C:\WINDOWS\system32\kbiwkmcclwyumy.dat_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3712] cmd.exe /c del "C:\WINDOWS\system32\kbiwkmcclwyumy.dat_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3626] command.com /c del "C:\WINDOWS\system32\kbiwkmcclwyumy.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1707] cmd.exe /c del "C:\WINDOWS\system32\kbiwkmcclwyumy.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7856] command.com /c del "C:\WINDOWS\system32\kbiwkmynxvchnp.dat_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9704] cmd.exe /c del "C:\WINDOWS\system32\kbiwkmynxvchnp.dat_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8112] command.com /c del "C:\WINDOWS\system32\kbiwkmynxvchnp.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2223] cmd.exe /c del "C:\WINDOWS\system32\kbiwkmynxvchnp.dat"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Todd Marler\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB5930] command.com /c del "C:\WINDOWS\system32\drivers\kbiwkmukckayjj.sys_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1265] cmd.exe /c del "C:\WINDOWS\system32\drivers\kbiwkmukckayjj.sys_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3320] command.com /c del "C:\WINDOWS\system32\drivers\kbiwkmukckayjj.sys"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6672] cmd.exe /c del "C:\WINDOWS\system32\drivers\kbiwkmukckayjj.sys"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8708] command.com /c del "C:\WINDOWS\system32\kbiwkmvlivvbvk.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8121] cmd.exe /c del "C:\WINDOWS\system32\kbiwkmvlivvbvk.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6213] command.com /c del "C:\WINDOWS\system32\kbiwkmvlivvbvk.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5967] cmd.exe /c del "C:\WINDOWS\system32\kbiwkmvlivvbvk.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1576] command.com /c del "C:\WINDOWS\system32\kbiwkmyfuxqtcv.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5684] cmd.exe /c del "C:\WINDOWS\system32\kbiwkmyfuxqtcv.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5688] command.com /c del "C:\WINDOWS\system32\kbiwkmyfuxqtcv.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD736] cmd.exe /c del "C:\WINDOWS\system32\kbiwkmyfuxqtcv.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8354] command.com /c del "C:\WINDOWS\system32\kbiwkmcclwyumy.dat_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2154] cmd.exe /c del "C:\WINDOWS\system32\kbiwkmcclwyumy.dat_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4039] command.com /c del "C:\WINDOWS\system32\kbiwkmcclwyumy.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9848] cmd.exe /c del "C:\WINDOWS\system32\kbiwkmcclwyumy.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1267] command.com /c del "C:\WINDOWS\system32\kbiwkmynxvchnp.dat_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6453] cmd.exe /c del "C:\WINDOWS\system32\kbiwkmynxvchnp.dat_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2649] command.com /c del "C:\WINDOWS\system32\kbiwkmynxvchnp.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2692] cmd.exe /c del "C:\WINDOWS\system32\kbiwkmynxvchnp.dat"
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)
--
End of file - 14922 bytes

RELEVANCY SCORE 200
Preferred Solution: Red circle with white x in my system tray

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Red circle with white x in my system tray

Quick update of something I hadn't noticed before. Now it appears that something is redirecting my searches on google as well. When I click on a link on google it will go through a series of sites and take me to a site that says I have viruses and need to download a program. Just wanted to let you know in case that helps.

Read other 1 answers
RELEVANCY SCORE 102.4

Hello, yesterday I got a White X in a Red Circle in my system tray that began posting a buble stating I had spyware. After numerous viras scans and deleting of viruses, the bubble is still there. Here is my hijackthislog:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:49:19 PM, on 5/13/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16640)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exeC:\WINDOWS\System32\CTsvcCDA.exeC:\Program Files\Viewpoint\Common\ViewpointService.exeC:\WINDOWS\System32\MsPMSPSv.exeC:\Program Files\iTunes\iTunesHelper.exeC:\WINDOWS\system32\braviax.ex... Read more

A:White X In A Red Circle In My System Tray

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Please go to this page and scroll down to step 6.http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/Follow the directions there to run DSS and then post those logs back here in your next reply.

Read other 3 answers
RELEVANCY SCORE 102.4

Hello,

I just picked up something that puts a red circle with a white X in the system tray. Now I can't bring up taskmanager or change my backgrounds. I am running Ad-Aware right now, but it hasn't found anything. I downloaded HJT and ran the log, but didn't see anything that sticks out.

I google'd for ideas on what to do, but wasn't having much luck in getting a good response. I thought I would try these forums.

I am about to head off to bed since I start work early in the morning, but I thought I would post quickly to see if anyone might respond by the time I can check in the morning.

Thanks!!
 

A:Red Circle with White X in System Tray

I think that I got it figured out. A friend of mine emailed me something to try out. I download Malwarebytes and booted over into Safe Mode. Once there, I ran the scan and found several objects. I removed the objects and it seems to have cleaned up the issue.

If anyone would like me to look at anything else, please let me know and I will do so when I get home from work tomorrow. I will check the thread during the day to see if anyone posted anything.

Thanks!
 

Read other 1 answers
RELEVANCY SCORE 101.2

Hello.
I have just got a virus or something. It appears as a white x in a red circle in the system tray/taskbar and a popup going on about a virus. I have tried getting rid of it with avg anti virus but that didn't work. Also, i cant open anything like task manager or registry edit without getting a box saying "Warning. Application cannot be executed. The file is infected. Please activate your antivirus software." Because of this i literally cant do anything. Also i keep getting bluescreens. I have dealt with viruses before but with this one i am at a loss.
Your help would greatly appreciated.
Thank you.
Kester

Sorry, should have said its vista home premium.
I have added a HJT log file. Im not sure if it matters that i did it in safe mode?
Thanks

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:51:24, on 31/07/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode

Running processes:
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\smss32.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\Kester\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.mic... Read more

A:White x in a red circle in system tray malware. Help please.

Right I've managed to get rid of the white x in the red circle. I think it was a trojan called smss32.exe
I used this guide from "My anti spyware".
I'm sure the pc is still infected with other spyware because things are not right. I cant use windows update or update windows defender without an error (80072EFE and 0x80072efe respectively) and i keep being redirected in firefox and IE8.
Could you please have a look at this hijackthis log file and let me know if there is anything.
Thank you.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 02:33:08, on 01/08/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Razer\DeathAdder\razerhid.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Razer\DeathAdder\razerofa.exe
C:\Windows\system32\WTablet\Wacom_TabletUser.exe
C:\Windows\system32\taskeng.exe
C:\Program Fi... Read more

Read other 1 answers
RELEVANCY SCORE 96.8

After inadvertently clicking to install an Active X from an unknown website, a new icon appeared on my taskbar. Stupid, I know, but was truly an accident. Said icon sometimes flashes and alerts me of possible security threats on my pc. If icon is clicked, a new page loads and prompts user to complete a "Full Scan."
I did not download from this page, but had some issues/concerns w the removing the icon/program associated w the icon.
This is what I did...
First of all, Norton did not catch this and Ad-Aware caught the svchost but it returned after reboot. So, I isolated the files that I thought to be the root of the problem,
C:\WINDOWS\system32\drvcux.dll and C:\Program Files\Common Files\svchost.exe. I disabled System Restore, and while in Safe mode, deleted the offending files. Using Regedit, I deleted all registry values associated w the files (including HKLM\Software\Microsoft\Windows\Current Version\Run\CTDrive) Value: drvcux.dll, run Startup or something, don't remember. Ran CCleaner and cleared out everything, recent stuff, cookies temp files, etc. Rebooted in Normal mode and did another scan w Norton and Ad-aware, nothing. Ran another CCleaner and nothing unexpected.
Is my pc okay now, or am I just enjoying a false sense of security at the moment?
Please respond, thanks in advance for your support.
** To my knowledge, all products (Norton, Ad-Aware, HijackThis, etc) are up to date.**
Hijack This Log
Logfile of HijackThis v1.99.1
Scan saved at 5:49:24 PM,... Read more

A:Solved: Unknown Icon in System Tray, White Exclamation Point within Red Circle

Read other 16 answers
RELEVANCY SCORE 96

Hello!
I have Trend Micro PC-Cillin 14 and it detects TROJAN FAKEAV but I am unable to delete it. It is hosted by svchost.exe. I also have a red circle with a white x in my system tray and it keeps alerting me that my computer is infected and that there is spyware. I have run spybot and adaware but nothing has worked. My system restore is turned off. Please see my HJT log below. I would really like to nip this in the bud. I appreciate your help and expertise!

Thanks!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:21:29 PM, on 10/20/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe... Read more

Read other answers
RELEVANCY SCORE 87.2

The red circle with white X in my tray pops up with warnings about infections and says that my computer "might be at risk."I've tried many of the previous postings surrounding this malware. I used SmitFraudFix in safe mode, installed and ran latest Ad-Aware, ran Spybot...nothing seems to work. I'm not all that computer saavy, so I'm asking for help! I have posted my Hijack This Log. Thank you in advance for your assistance.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:24:19 PM, on 9/27/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exeC:\PROGRA~1\McAfee... Read more

A:Malware - Red Circle With White X In Tray

Welcome to the BleepingComputer HijackThis Logs and Analysis forum aaj My name is Richie and i'll be helping you to fix your problems.Download SDFix.exe and save it to your desktop:http://downloads.andymanchesta.com/RemovalTools/SDFix.exe* Double click on SDFix on your desktop,and install the fix to C:\ Please then reboot your computer into Safe Mode by doing the following:* Restart your computer* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;* Instead of Windows loading as normal, a menu with options should appear;* Select the first option, to run Windows in Safe Mode, then press "Enter".* Choose your usual account.* In Safe Mode,go to and open the C:\SDFix folder,then double click on RunThis.bat to start the script.* Type Y to begin the script.* It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.* Press any Key and it will restart the PC.* Your system will take longer that normal to restart as the fixtool will be running and removing files.* When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.* Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt into your next reply.Note:If you have previously downloaded ComboFix,please delete that version and download it again from ... Read more

Read other 7 answers
RELEVANCY SCORE 76.8

Their is a Red Circle in my systems tray in the right hand bottom corner and every 10 seconds is pops up saying "Your computer is infected!". Very annoying. Can anyone help, I have ewido, hijack this, ad-aware, norton, singer, CleanUp!
here is my log.
Logfile of HijackThis v1.99.1
Scan saved at 09:20:43, on 30/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:... Read more

A:"Your computer is infected!" Keeps poping up in systems tray? Red Circle with white X

Read other 9 answers
RELEVANCY SCORE 73.6

Well, I've tried to remove this nasty by running the following in Safe Mode with Networking
ComboFix.exe
VundoFix
smitRem
Ran Firefox
Disabled the System Restore
Deleted these files if present
* bravesentry0.dll
* bravesentry1.dll
* bravesentry2.dll
* bravesentry3.dll
* comdlg64.dll
* msupdate32.dll
* tio[X1].dll
* winbixnkq32.dll
* zlbw.dll
* bravesentry.exe
* vxgamet[X2].exe
* vxh8jkdq[X2].exe
* win32.exe
* xpupdate.exe
* comdlg64.dll
* alg.exe
* kerneles8.exe
* maxd64.exe
* services.exe
* taskdir.exe
* voi[X1].exe
* vxgame[X2].exe
* desktop.html
Ran AVG Spyware and Adaware 2007 then deleted any of the items that were discovered
When I restart in Safe Mode with Networking the
C:\DOCUME~1\DRBOB~1\LOCALS~1\Temp\services.exe
[KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
c:\windows\system32\epknatsr.dll
C:\DOCUME~1\DRBOB~1\LOCALS~1\Temp\tllttlltppd
All return

Here is the Hijack this log
Logfile of HijackThis v1.99.1
Scan saved at 16:01, on 2008-03-12
Dell Dimension 2400
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.ex... Read more

Read other answers
RELEVANCY SCORE 69.6

hi, I just got something like this yesterday, worked on it awhile no progress, finally just did a system restore, now all good!

A:white x in my system tray

Hi,welcome. I split your topic to it's own as it is easier to work one on one.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and ... Read more

Read other 1 answers
RELEVANCY SCORE 68

Need help in getting rid of the icon. Everytime i click on it, it will direct me to http://www.spylocked.com/?aff=334. If I'm in full-screen mode it will automatically bring me back to window onces in awhile.
Thank for helping in advance.
 

A:System Tray with White Question Mark.

* Click here to download HJTsetup.exe.
Save HJTsetup.exe to your desktop.

Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
 

Read other 3 answers
RELEVANCY SCORE 67.2

Have an issue on Windows XP.

The DDS.txt file is attached below.

Upon system startup there was a popup referencing worm.win32.netsky. (I don't want to start the system up again until hearing back.) I ran the Symantec removal tool here:

http://www.symantec.com/security_res...021816-1759-99

and it said that it wasn't found on the system.

Task Manager has been disabled somehow. We did not disable it manually.

The background wallpaper picture we had was replaced with a black box with red lettering saying

"YOUR SYSTEM IS INFECTED!"

In white text there is

"System has been stopped due to a serious malfunction. Spyware activity has been detected. It is recommeded [sic] to use spyware removal tool to prevent data loss. Do not use the computer before all spyware removed [sic]"

(I've inserted [sic] to indicate spelling/grammar are entered verbatim.)

There is a tray icon that is a red circle with a white "X" in it. Every few minutes there is a balloon that pops up and says:

"Click here to protect your computer from apyware. Your computer is infected! Windows has detected an infection of spyware. It is recommended to use special antispyware tools to prevent data loss. Windows will now download and install the most up-to-date antispyware for you."

We have not clicked on this balloon to download anything.

ark.txt and attach.txt are uploaded and zipped as requested.

We do not have access to a Window... Read more

A:"YOUR SYSTEM IS INFECTED!" wallpaper + red circle X tray icon

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

One or more of the identified infections is a backdoor trojan.

This type of infection allows hackers to remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Please refer to Microsoft's Online Safety article for tips on creating a strong password.

Do not change passwords or do any transactions from the infected computer until it has been cleaned.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my ins... Read more

Read other 2 answers
RELEVANCY SCORE 60.8

Picked up some malware that is keeping IE from launching. Window keeps appearing offering to solve the problem, for a fee. The program installed a red circle with a white x in the dock. Running XP Home Edition on a Toahiba Satellite with a Pentium III.

Ran SmitFraudFix. Here is the log it provided--any help will be much appreciated:

SmitFraudFix v2.253

Scan done at 18:18:30.20, Wed 11/21/2007
Run from C:\Documents and Settings\John\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Network Monitor\netmon.exe
C:\Program Files\Linksys\Wireless Network PC Card\NICServ.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\msdtc.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program F... Read more

A:Red circle w/white x

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Next, please reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.

A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.

The report can also be found at ... Read more

Read other 1 answers
RELEVANCY SCORE 60.8

I've been infected. it keeps appearing in my tray in the right hand corner of computer, a red circle with a white x, then things slow down and pop ups happen. I have ran adaware, registry cure, registry fix, 1 click maintenance. and it's still there. I can follow instructions well if someone can lead me in the right direction as to what to do. I can log in on safe mode without any problems. other error receiving is a windows error that says potential problem occurred, windows has shutdown buggy to prevent damage. wxyz.sys.....kernel debugger.
 

A:red circle with white x

is there anymore information I can post for someone to help me? please. I notice most people post their hijack this log, is that what I need to do? The reason why I went to this forum, was because I saw where someone else had helped someone with this same problem. I followed their steps, searching certain files, but I didn't have those files so not sure what to do next.
 

Read other 2 answers
RELEVANCY SCORE 60.8

My friends computer got the white X in a red circle. The infection that does a popup every few seconds saying "You have been infected".I ran ComboFix and it seemed to get rid of it but I want to be sure its gone.Deckard's System Scanner v20071014.68Run by Irvine on 2008-07-26 00:05:33Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 4 Restore Point(s) --4: 2008-07-26 06:05:38 UTC - RP4 - Deckard's System Scanner Restore Point3: 2008-07-26 05:54:36 UTC - RP3 - ComboFix created restore point2: 2008-07-26 05:50:26 UTC - RP2 - ComboFix created restore point1: 2008-07-26 05:35:33 UTC - RP1 - System CheckpointBacked up registry hives.Performed disk cleanup.Total Physical Memory: 511 MiB (512 MiB recommended).-- HijackThis Clone ------------------------------------------------------------Emulating logfile of Trend Micro HijackThis v2.0.2Scan saved at 2008-07-26 00:06:33Platform: Windows XP Service Pack 2 (5.01.2600)MSIE: Internet Explorer (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\system32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Intel\Wireless\Bin ... Read more

A:White X In Red Circle

Hello PopSmithWelcome to BleepingComputer ========================The first thing I will need you to do is to Download ONE of these anti-virus programs and install it.These are free. AVG free 8.0Note this is free antispyware protection and Antivirus protection.or Antivir=================Please download the OTMoveIt2 by OldTimer. Save it to your desktop. Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

C:\WINDOWS\upezybap.sys
C:\WINDOWS\ufih.exe
C:\WINDOWS\ucunosog.scr
C:\Program Files\Common Files\quwubojyb.vbs
C:\Documents and Settings\Irvine\Application Data\udoheb.dll
C:\WINDOWS\system32\jutabazoju.bat
C:\WINDOWS\qetulicut.exe
C:\Program Files\Common Files\eguxebymym.dat
C:\WINDOWS\ylufuryqo.bin
C:\WINDOWS\ycixuhahy.bat
C:\WINDOWS\unahoqezaj.com
C:\WINDOWS\ruwenofew.scr
C:\WINDOWS\ibawihaz.bin
C:\WINDOWS\dozug.vbs
C:\Program Files\Common Files\uzatiwyqy.dll
C:\Program Files\Common Files\mase.reg
C:\Program Files\Common Files\ecin.pif
C:\Documents and Se... Read more

Read other 6 answers
RELEVANCY SCORE 60.8

I searched for topics to see how to get rid of it, but I wasn't very successful at copying all of the steps I've seen, so hopefully you guys can help me out here. I've downloaded SmitFraudFix, but I couldn't run it even if I changed the extension from .exe to .bat. I've even tried it in safe mode.Here's my logfile: Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16981)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exeC:\Program Files\Common Files\mcafee\mna\mcnasvc.exeC:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exeC:\Program Files\McAfee\MPF\MPFSrv.exeC:\Program Files\McAfee\MSK\MskSrver.exeC:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exeC:\Program Files\Dell Support Center\bin\sprtsvc.exeC:\WI... Read more

A:Red circle and white x again.

-edit-

Read other 2 answers
RELEVANCY SCORE 60.8

Hello,

I am a college student and today when I woke up I logged onto my computer and it turns out I cannot use google. When I search and click on a result I am redircted to another search site with the URL go.google. My room mate was online last night and must of picked this virus up somewhere.

I've run AVG and Spybot and neither show any infections. I googled this on my laptop (which I am on now) and read about software call Malwarebytes. I download this, put it on a USB drive and went to put it on my desktop and I come to find that the computer has froze up. Now I cannot log on in normal mode so I have to boot in safe mode. When I do this and instal the new software I find that I cannot update the program because the computer cannot connect to the internet.

I do not know what to do. There is so much important stuff on my computer that has not been backed up to the chaos involving my move to college. I have never used HJT and do not have it on my desktop nor can I get it because I cannot connect to the internet.

Please... any help would be amazing.

EDIT: At the moment I am running avg in safe mode and Malwarebytes without the update in safe mode.
 

A:Red Circle with White X

Hi, Welcome to TSG!!
Click here to download HJTInstall.exe

Save HJTInstall.exe to your desktop.
Doubleclick on the HJTInstall.exe icon on your desktop.
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed, it will launch Hijackthis.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

 

Read other 3 answers
RELEVANCY SCORE 60.8

i keep getting a white x on a red circle in my system tray saysing your computer is infected, and i cant get rid of it.

here is my log

Logfile of HijackThis v1.99.1
Scan saved at 11:10:46 PM, on 1/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\T3duZXI\command.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\inet20010\services.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\winupdates\winupdates.exe
C:\WINDOWS\system32\paytime.exe
C:\winstall.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\LSASS.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\dllcache\IExplore.exe
C:\WINDOWS\system32\dllcache\IExplore.exe
C:\WINDOWS\system32\dllcache\IExplore.exe
C:\WINDOWS\system32\dllcache\IExplore.exe
C:\WINDOWS\system32\dllcache\IExplore.exe
C:\WINDOWS\system32\dllcache\IExplore.exe
C:\WINDOWS\system32\dllcache\IExplore.exe
C:\WINDOWS\system32\dllcache\IExplor... Read more

A:Red circle white X

* Click here to download smitRem.exe.
Save the file to your desktop.
It is a self extracting file.
Doubleclick the smitRem.exe and it will extract the files to a smitRem folder on your desktop.
Do not do anything with it yet. You will run the RunThis.bat file later in safe mode.

* Download the trial version of Ewido Security Suite here.
Install ewido.
During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
Launch ewido
It will prompt you to update click the OK button and it will go to the main screen
On the left side of the main screen click update
Click on Start and let it update.
DO NOT run a scan yet. You will do that later in safe mode.
* Click here for info on how to boot to safe mode if you don't already know how.
* Now copy these instructions to notepad and save them to your desktop. You will need them to refer to in safe mode.
* Restart your computer into safe mode now. Perform the following steps in safe mode:
* Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.
* Run Ewido:
Click on scanner
Click Complete System Scan and the scan will begin.
During the scan it will prompt you to clean files, click OK
When the scan is finished, look at the bottom of the screen and click the Save report button.
Save the report to your desktop
* Go to... Read more

Read other 1 answers
RELEVANCY SCORE 60.8

Got home from work tonight and the wife said the computer was acting funny. So I took a look and found the red circle/white x in my system tray. I ran spybot and it gave me Wild Tangent and Virtumonde. Ran Norton AV and Spybot but still seem to have the red circle/white x. I will post my HJthis, I am just wondering if there is anything I need to worry about. So far there are no obvious problems with the computer running, mostly get an annoying bubble pop sound every five minutes as if my wireless network is connecting.

System Specs:
Dell Inspiron E1505
CPU T2050 @1.60ghz
RAM 2gb 667mhz
GPU Nvidia GeForce 7300
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:25:46 AM, on 10/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\... Read more

Read other answers
RELEVANCY SCORE 60.8

I now have a white x in a red circle in my system tray. I ran a hijack this log. Can someone please help me! I now have no control over my volume nor can I change the brightness of my screen. Also macafree is giving me these popups of blocked trojens all the time. Please Help Me!

A:White X in Red Circle

Hello please run MBAM (MalwareBytes):NOTE: Before saving MBAM please rename it to zztoy.exe....now save it to your desktop.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take... Read more

Read other 3 answers
RELEVANCY SCORE 60.8

Looks like I caught this Virus two nights ago and it is driving me crazy.

I keep getting the balloon in my task bar stating that my computer is infected.

Please help.

Here is my hijack this notepad.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:12:07 AM, on 11/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\j2re1.4.2_06... Read more

Read other answers
RELEVANCY SCORE 60.8

in my tool bar at the bottom of the screen there is a little red circle with a ahite x. It is constantly reminding me that my computer is infected and I need to use antivirus software.

Is this spyware???

i've installed antivirus software and cleaned up all known spy ware.

anybody encountered this???
 

A:little white x in a red circle

Read other 9 answers
RELEVANCY SCORE 60.8

I have the red circle with the white x on my task bar. How do I get rid of it? I have install Ad-Aware Plus 2008 and it doesn't seem to be picking it up? I have Windows XP. What steps do I need to take?
 

Read other answers
RELEVANCY SCORE 60.8

hey all once again i got a virus.......some how the little guy slip by avast(which i do not recommend) anyway what happens is that it popes up saying

DANGER!
harmful viruses detected on your computer. click on the message to scan your computer for security threats for free.
well thats now...before it was showing a yellow triangle with ! in it....it said something bout uninstalling hitman pro 3.5 (which i installed like a year ago to help out every now and then) and i click the bubble by accident(trying to hit the x) and i quess it uninstalled it....then it tried installing another program i ended the process then it turned to the x it closed out taskman and now i cant open it saying taskman has been diabled by your admin...which im the only user on this computer with admin....but i have process explorer open and nothing other than the normal windows stuff just like taskman showed...o ya and i cant update any anti virus programs.....o and when i put my mouse over the icon it says windows security alert

if anyone got any suggestion please let me know.....

A:red circle with white x

Please download Malwarebytes Anti-Malware (v1.46) and save it to your desktop.Download Link 1Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.
For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress&qu... Read more

Read other 1 answers
RELEVANCY SCORE 60

Here is my Hijack log, any help would be appreciated, this is driving me crazy. Been working on it off and on for days.

Logfile of HijackThis v1.99.1
Scan saved at 10:38:37 AM, on 9/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Microsoft AntiS... Read more

A:rde circle white x trouble

Read other 7 answers
RELEVANCY SCORE 60

I'm running a Dell XPS with Windows XP (Media Center)

Over the last couple months, I had a couple viruses that I've taken care of (can't remember what they were), but my system is now acting oddly, and in some ways similar to how it was when it was infected before.

Some of the symptoms:
1) Red circle with a white X in the taskbar. Before, this would warn me that my computer is infected, but now just makes the "pop" sound without showing anything.
2) Random restarts, sometimes without warning, sometimes displaying a window that puts a 1 min. countdown until the computer shuts down (the window that can be halted with running the "shutdown -A" command)
3) Blank web pages popping up in a separate window when using the brower (Firefox)
4) Locked, blank desktop and (sometimes) locked task manager.

So far, I've run scans on the computer several times each with Ad-Aware (Free), AVG (Free) and Spybot Search & Destroy. Each time, even though a run was just completed, there are at least a dozen different infected files, security hazards or trojans. The one that seems to come up the most (and never gets deleted, even in Safe Mode) is something called Virtumonde.

I've run a Hijack This scan, with these results:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:00:49 PM, on 2/12/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.e... Read more

A:Red Circle & White X, Odd Behavior

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for p... Read more

Read other 2 answers
RELEVANCY SCORE 60

Hi,this seems to be a fairly prevalent problem. ive got a red circle with a white x in it on my toolbar. heres my hijackthis logRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\PROGRA~1\Grisoft\AVG7\avgemc.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exeC:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYSC:\Program Files\Intel\Wireless\Bin\RegSrvc.exeC:\WINDOWS\ehome\ehtray.exeC:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\Program Files\Synaptics\SynTP\... Read more

A:Red Circle With White X In Toolbar

Welcome to the BleepingComputer HijackThis Logs and Analysis forum mrabid First please find and delete:C:\DOCUME~1\OWNER~1.YOU\LOCALS~1\Temp\Rar$EX25.2485\HijackThis.exeNow download and install Hijackthis.This is a self-extracting version which will automatically install HJT to C:\Program Files\Hijackthis by default.A desktop shortcut can be created during install under 'Select Additional Tasks'.**********************************Please download DrWeb-CureIt & save it to your desktop. DO NOT perform a scan yet.You should copy/print the following because you need to be in Safe Mode from here on.Reboot your computer into SAFE MODE" using the F8 method. To do this,restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys on your keyboard to navigate and select the option to run Windows in "Safe Mode".Scan with DrWeb-CureIt as follows:* Double-click on drweb-cureit.exe to start the program. An "Express Scan of your PC" notice will appear.* Under "Start the Express Scan Now", Click "OK" to start. This is a short scan that will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it.* Once the short scan has finished, Click Options > Change settings* Choose the &quo... Read more

Read other 4 answers
RELEVANCY SCORE 60

HERE IS MY LOG FROM HIJACKTHISLogfile of Trend Micro HijackThis v2.0.2Scan saved at 1:02:52 PM, on 1/21/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16473)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\brsvc01a.exeC:\WINDOWS\system32\brss01a.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\PROGRA~1\Grisoft\AVG7\avgrssvc.exeC:\PROGRA~1\Grisoft\AVG7\avgrssvc.exeC:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exeC:\PROGRA~1\Iomega\System32\AppServices.exeC:\WINDOWS\system32\PRISMSVC.EXEC:\PROGRA~1\Grisoft\AVG7\avgrssvc.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WIN... Read more

A:RED CIRCLE WHITE X IN TOOLBAR

Hello sledneck8,Welcome to Bleeping Computer.My name mas_pogi and I will be helping you with your Malware problem.As I am still in training I will be helping you under supervision of our expert teachers, so there may be a delay between posts.Attention!Please do not run any other tool untill instructed to do so.Please tell me about any problems that have occurred during the fix.Please tell me of any other symptoms you may be having as these can help also.Please try as much as possible not to run anything while executing a fix.Please reply to this thread, do not start another.You might want to save this page on your bookmark, so you can find it again when you return.Firefox: Then click on Done.IExplorer: Then click on Add.Stay calm and everything will be just alright. I will be analyzing your log. I will get back to you with instructions after it is approved.With Regards,mas_pogi

Read other 15 answers
RELEVANCY SCORE 60

I posted this in the wrong place to begin with. So here goes. I think I got this down loading an active x plugin. Anyway here is what I have so far. Security alert pop ups, link redirects to spyworld.com or something and cuponmoutain.com sometimes opening windows on their own and this annoying poping sound and the my task bar comes up( usally have it on autohide).
DDS (Ver_09-02-01.01) - NTFSx86
Run by Compaq_Owner at 13:18:12.28 on Fri 02/06/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1279.734 [GMT -5:00]

AV: Trend Micro AntiVirus *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\userinit.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorSer... Read more

A:Evil red circle w/ white x

Hi,

Sorry for delayed response. Forums have been really busy. If you still need help with this post a fresh dds log, please.

Read other 2 answers
RELEVANCY SCORE 60

Two days ago i was searching through the internet..
Suddenly my computer(windows xp sp2) was rebooting..
next time it loaded up popped the red circle with white 'x'
saying im infected and its downloading a program..
Then something installed, i didn't know what it was but there was a progress bar.. i coudn't cancell this or what so ever..
Then again my PC restarted. The red circle with with 'x' is now gone..
But after about 1 minute my whole pc just freezes..
Now everyone i log on to my account it freezes after 1 minute or so..

It runs fine on safemode so it can't be hardware right?

Please help me, I would really appriciate it

thanks in advance.
 

A:PC Freezing After Log on | Red Circle White 'X'

Please please please help

This is the hyjack log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:19:32, on 17/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SDFix] C:\SDFix\RunThis.bat /second
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Download with &DAP - C:\Prog... Read more

Read other 1 answers
RELEVANCY SCORE 60

i got a malware i think. theres this program in my taskbar with a red circle and white x in the middle and constantly pops up balloons saying ur computer is infected windows has detected a spyware, it is recommended to use special antispyware tool .... blah blah.
Here is my hijackthis log:
Platform: Windows XP SP3, v.5755 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Roxio Creator 2009\5.0\CPMonitor.exe
C:\WINDOWS\system32\winupdate.exe
C:\Wallpaper Changer\EvJOWall.exe
C:\Progr... Read more

Read other answers
RELEVANCY SCORE 60

Got blinking white x in red circle in taskbar while surfing internet. Have run spybot and ad aware. AVG keeps popping up with "Virus Detected! While opening file: C:\WINDOWS\SYSTEM32\riqmc.dll Trojan horse Startpage. 19.AO". AVG gives me the option of deleting it, which I do, but then AVG keeps popping that up every time I open my home page which apparently keeps being changed to "about: blank". Keep getting popups that are advertising whatever I search for on the internet. Logfile of HijackThis v1.99.1Scan saved at 2:13:19 PM, on 11/3/2005Platform: Windows XP SP1MSIE: Internet Explorer v6.00 SP1Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Nhksrv.exeC:\WINDOWS\sysii32.exeC:\WINDOWS\System32\Ati2evxx.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\MsPMSPSv.exeC:\WINDOWS\MMKeybd.exeC:\Program Files\Common Files\Real\Update_OB\rea... Read more

A:White X In Red Circle In Taskbar.

Hello and Batman500 welcome to BleepingComputer.You have HijackThis running from a temporary or zip folder. Any backup files HJT creates during the repair process will not be secure if left in this folder. Before we use HJT to get rid of some entries, we need to get it into a permanent location. Create a folder on the C: drive called "C:\HJT". You can do this by opening My Computer then double click on Local Disk (C:). In a clear area right click and select New then Folder and name it "HJT". Unzip HijackThis into this folder. Please delete any other copies of HijackThis and run HJT only from this new folder. If required a tutorial is here.Please read through the instructions before you start (you may want to print this out or copy it into a word program).Download and install the trial version of Ewido Security Suite.When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".- Launch Ewido, there should be an icon on your desktop double-click it.- The program will now go to the main screen.- On the left hand side of the main screen click update.- Click on Start.The update will start and a progress bar will show the updates being installed.Once the updates are installed, close Ewido. Tutorial if neededDownload AboutBuster.zip.- Unzip the contents of AboutBuster.zip to it's own folder.- Navigate to the AboutBuster folder and double-click on AboutBuster.exe.- Clic... Read more

Read other 6 answers
RELEVANCY SCORE 60

Hi I'm new to the forum so I'll try to follow the guide lines as described in posts above. I have the red circle with the white x in my systems tray, I also get a popping sound coming from my speakers every so often. I've looked over other forums with same topics most ask for a hjt log so I've posted one in this thread.**Also I must note that I had to rename the hjt.exe before it would run, OS:windows Xp pro. sp2 80gbHD Intel pentium 3 on a compaq desktop pro. the following is my HJT log.

---------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:03, on 2008-11-01
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRAM FILES\A-SQUARED FREE\a2service.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\Program Files\DAP\DAP.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\c4\Desktop\dot.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\... Read more

Read other answers
RELEVANCY SCORE 60

My work computer seems to be infected. I've got the red circle with a white "X" in the system tray. It randomly says I have a virus and that I'm downloading antivirus software to take care of it. Task manager has been disabled. Sometimes when I'm browsing the web I'm redirected to random sites.

I've run several antivirus programs, (McAfee is loaded, but was no help) including SuperAntiSpyware and HouseCall. I've downloaded AVG, but when I try to run it, it says it can't connect to the internet (though I am connected).

I've searched the forums for a fix, and there seem to be various avenues for tackling this, so I'm not sure what to do.

Please help!

A:Red circle with white X virus; help!

Hello and welcome.. First I must say that I hope you're allowed to run tools on tis (office) PC without the bosss or IT dept coming down on you. If that's OK then run these.RKill.... then Super again ( post the scan log)Please download Rkill by Grinler and save it to your desktop.Link 2Link 3Link 4Double-click on the Rkill desktop icon to run the tool.If using Vista, right-click on it and Run As Administrator.A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.If not, delete the file, then download and use the one provided in Link 2.If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.If the tool does not run from any of the links provided, please let me know.You will need to run the application again if rebooting the computer occurs along the way as the malware programs will start again.Next run MBAM (MalwareBytes):Please download Malwarebytes Anti-Malware (v1.44) and save it to your desktop.Download Link 1Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.
For instructions with screenshots, please refer to the How to use Malwarebytes' An... Read more

Read other 1 answers
RELEVANCY SCORE 60

I have an intermitant issue with a red cirle and a red x in the center. I also get several pop ups that tell me I have malware and or spyware and want me to click ok to run scans or install software when I am on the internet. I have attached the extra.txt and active.txt

nDeckard's System Scanner v20071014.68
Run by Compaq_Owner on 2008-04-08 15:21:36
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-04-08 22:21:43 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-08 15:24:59
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:... Read more

A:Red circle with white x in task bar

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

If you still require assistance with this issue, please do this:

Please download HijackThis to your desktop

Alternate link

Double-click on the file you just downloaded.
Click on the "Unzip" button to install. It will by default install to the directory - C:\Program Files\Trend Micro\HijackThis

Upon install, HijackThis should open for you.

Should it not open, navigate to C:\Program Files\Trend Micro\HijackThis and double click on HijackThis.exe

1. If it gives you an intro screen, just choose 'Do a system scan and save a logfile'.
2. If you don't get the intro screen, just hit Scan and then click on Save log.
3. Post the hijackthis.log file here.... Read more

Read other 1 answers
RELEVANCY SCORE 60

Hey I have a red circle with a white x in it in my taskbar. I have no idea how it got there or how to get rid of it. I know that I cannot do a system restore and that I cannot access my task manager either. It tells me "Task manager has been disabled by your administrator. This problem is on a Dell Dimension 2400 running Windows XP Home SP3. I need this fixed as soon as possible. Any help is greatly appreciated.I created a HJT log and it reads as follows:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:15:20 PM, on 12/30/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\Program Files\Nero\Nero 7\InCD\InCDsrv.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\McAfee\SiteAdvisor\McSACore.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exec:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeC:\PROGRA~1\McAfe... Read more

A:Red Circle with White X REmoval

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand corner ... Read more

Read other 2 answers
RELEVANCY SCORE 60

I am infected with a red cirlce witha white x in the center. there is an icon on my toolbar that keep popping up a security message: Warning! you have a security problem. Please help. thanks.

A:infected with red circle with white x

Hi and welcome to BleepingComputer The process of cleaning your computer may require temporarily disabliling some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Result... Read more

Read other 1 answers
RELEVANCY SCORE 60

Hi, I've tried myself to get rid of the virus using the programs that have been suggested. I used McAfee (which sucks, but it's my mom's computer and she doesn't trust it unless it costs money.)

I also ran, CC Cleaner, Malwarebytes, and SuperAnti Spyware. It's gone, but I just want to make sure it's REALLY gone.

The problem was a White X in a Red Circle saying I had to update spyware, and it kept opening up POP-UP ads every 10 seconds. I just turned the internet back on, and I re-downloaded HJT and this is my log.

Thank you guys so much in advance for all your help!!! This computer isn't used much so I'm astonished it has a virus at all, but let's see what the nasties are! lol.

Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:33:24 AM, on 9/18/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\AGI\common\win32\PythonService.exe
C:\Program Files\Common Files\Apple\Mo... Read more

A:HJT Log: White X in Red Circle Problem (Pop-ups, etc...)

I'm including this Malwarebytes file as well:

Thanks!!
Malwarebytes' Anti-Malware 1.41
Database version: 2823
Windows 5.1.2600 Service Pack 3

9/19/2009 2:54:53 AM
mbam-log-2009-09-19 (02-54-53).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 166241
Time elapsed: 1 hour(s), 0 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ZCLZ5EM4\exe[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rdl59F.tmp.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
 

Read other 1 answers
RELEVANCY SCORE 60

I so got slammed by "Ultimate Defender". I'm at my wits end, this thing has done a number on me. First off, I've got the dreaded red circle with the white X in my system tray telling me "Your computer is infected!" blah blah blahI CAN NOT open HJT. I've saved it in different folders. I've renamed it. I've done everything and the program will not start. Neither will Kapersky. Also, when I click on any link on google, I get redirected to a sales screen. I have to hit "back" and then re-click on the link to get to where I want to go. This is for everything I hit on google. I'm a McAfee subscriber and I've got Ad-Aware, but neither of these programs have done jack crap for me. I've tried about every fix I've seen on the internet, and I've got nothing. I manually cleared the Ultimate Defender listings from the registry, but still nothing helps! McAfee also says I'm not protected -- when I click the "fix" button, it says "an error occured" and it kicks me back to the main screen. Lovely -- SuperAntiSpyware won't open either. HELP!

A:Red Circle / White X -- But Disabled Hjt!

Welcome and please try these instructionsHow to remove Ultimate Defender (Removal Instructions)After try running SUPER again from Safe Mode

Read other 6 answers
RELEVANCY SCORE 60

OK -- my old computer hit the skids, but before it did, I had the dreaded red circle/white X problem.You guys fixed it. Here's the link. http://www.bleepingcomputer.com/forums/t/129285/red-circle-white-x-ultimate-defender/My wife and I were looking for cars online, her computer shut down and rebooted. I thought "uh oh". Sure enough, now she's got the red circle / white X. Let's do this again..... (sigh)Log created by WinPatrol version 15.5.2008.0:15.5.2008.0
Scan saved at 10:49:16 PM, on 7/18/2008
Platform: Windows XP SP2 Home Edition Service Pack 2 (Build 2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\SYSTEM32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\SYSTEM32\services.exe
C:\WINDOWS\SYSTEM32\lsass.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\spoolsv.exe
C:\WINDOWS\SYSTEM32\aspimgr.exe
C:\WINDOWS\SYSTEM32\cisvc.exe
C:\PROGRAM FILES\NORTON ANTIVIRUS\IWP\NPFMntor.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\SYSTEM32\hkcmd.exe
C:\WINDOWS\SYSTEM32\carpserv.exe
C:\PROGRAM FILES\SYNAPTICS\SynTP\SynTPLpr.exe
C:\PROGRAM FILES\SYNAPTICS\SynTP\SynTPEnh.exe
C:\PROGRAM FILES\ORiNOCO\COMBOCARD 11AG\Utility\orinoco.exe
C:\PROGRAM FILES\Java\JRE1.5.0_06\bin\jusched.exe
C:\PROGRAM FILES\QUICKTIME\qttask.exe
C:\PROGRAM FILES\iTunes\ITUNESHELPER.EXE
C:\PROGRAM FILES\COMMON FILES\Real\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\NETGEAR\WG511SCU\Utility\Gear511.exe
C:\PROGRAM FILES\HP\HP SOFTWARE UPDATE\HPWUSCHD2.EXE
C:\WINDO... Read more

A:The Red Circle White X Returns

Hello Holy Moses and welcome to BC. Let's see what we can find. Follow the steps below in order:Before running a new scan let's clean out the temporary folders. Download ATF Cleaner to your Desktop.Double-click ATF-Cleaner.exe to run the program.Click Select All found at the bottom of the list.Click the Empty Selected button.If you use Firefox browser, do this also:Click Firefox at the top and choose Select All from the list.Click the Empty Selected button.NOTE : If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser, do this also:Click Opera at the top and choose Select All from the list.NOTE : If you would like to keep your saved passwords, please click No at the prompt.Close ALL Internet browsers (very important).Click the Empty Selected button.Click Exit on the Main menu to close the program.Now download OTScanIt from here or here to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.Note: You must be logged on to the system with an account that has Administrator privileges to run this program.Close ALL OTHER PROGRAMS.Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
In the Drivers section click on Non-Microsoft.Under Additional Scans click the checkboxes in front of the following items to select them:Reg - BotCheck
File - Additional Fo... Read more

Read other 9 answers
RELEVANCY SCORE 60

I need some help. I can't figure out how to get this off my computer. Here is my HJT log....

I am doing this on a secondary laptop since i can't get to any of these websites on the infected computer...
DDS (Ver_09-02-01.01) - NTFSx86
Run by User at 21:41:37.92 on Sat 03/14/2009
Internet Explorer: 6.0.2900.5512

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.toshiba.com
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = hxxp://www.toshiba.com/
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton antivirus\NavShExt.dll
TB: {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: ShopperReports: {a7cddcdc-beeb-4685-a062-978f5e07ceee} - c:\program files\shoppingreport\bin\2.5.0\ShoppingReport.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
uRun: [MSMSGS] "c:&#... Read more

A:red circle w/white x in taskbar

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructio... Read more

Read other 2 answers
RELEVANCY SCORE 60

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:11:30 PM, on 3/27/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16791)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exeC:\WINDOWS\system32\spoolsv.exec:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\System32\digtizer.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\system32\o2flash.exeC:\Program Files\Softex\OmniPass\Omniserv.exeC:\WINDOWS\system32\PnkBstrA.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exeC:\WINDOWS\system32\svchost.exec:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exeC:\Pro... Read more

A:Red circle with white x causing pop-ups

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.We need to create an OTListIt2 ReportPlease download OTListIt2 from hereSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the "Run Scan" button.The scan should take just a few minutes.Copy the log that opens up and paste it back here in your next reply.=============The next log will show us any hidden files that are present.Download GMER from here:Unzip it to the desktop.Open the program and click on the Rootkit tab.Make sure all the boxes on the right of the screen are checked, EXCEPT for ?Show All?.Click on Scan.When the scan has run click Copy and paste the results (if any) into this thread.

Read other 12 answers
RELEVANCY SCORE 60

As I was reading a site, I blindly accepted something without reading it fully and my pc shutdown and restart and now I am getting a Red Circle with the White X telling me the following:

You computer is infected!

Windows has detected spyware infection!

It is recommended to use special antispyware tools to prevent data loss. Windows will not download and install the most up-to-date antispyware for you.

Click here to protect your computer from spyware!

I have downloaded and ran AdAware (the free version) and it found nothing. I have not been able to get SpyBot to run at all. I finally got HijackThis! to run after renaming the executable to something else. I have also read about ComboFix. It shows a little status bar, then nothing. I also cannot get my Symantec Anti-Virus to disable. It will automatically renable itsself. Also my Windows Personal Firewall will be disabled every time I start up.

The following is my HijackThis.log file. Thank you for your help!

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 2:10:02 PM, on 2/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Novell\XTAgent.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\htt... Read more

Read other answers
RELEVANCY SCORE 60

Hello,

Yes, I know this problem has been addressed, and sometimes solved for some, numerous times, but I have tried all the solutions that other people found to work and nothing has worked for me personally. All I can tell you that kinda makes me different than those other people is that I have a Dell Dimension E310 and a Dell Inspiron 1501 Notebook that both have the same anti-virus software installed in them. The reason I say this is because most people say that the problem is because there is more than one anti-virus software installed. Both have AVG Free Edition 7.5. On the laptop, though, there is no red circle on the icon in the tray, but for my desktop, there is. How should I troubleshoot this? Thanks.

Read other answers
RELEVANCY SCORE 60

Hello,

Yes, I know this problem has been addressed, and sometimes solved for some, numerous times, but I have tried all the solutions that other people found to work and nothing has worked for me personally. All I can tell you that kinda makes me different than those other people is that I have a Dell Dimension E310 and a Dell Inspiron 1501 Notebook that both have the same anti-virus software installed in them. The reason I say this is because most people say that the problem is because there is more than one anti-virus software installed. Both have AVG Free Edition 7.5. On the laptop, though, there is no red circle on the icon in the tray, but for my desktop, there is. How should I troubleshoot this? Thanks.
 

A:Red Circle in Avast! Anti-virus Icon in Tray

Read other 11 answers
RELEVANCY SCORE 59.6

Atlas I've some how been infected with the red circle white x . It gives me the white pop up balloon stating that my computer is infected about every 3 seconds or so. I have scanned with Norton and Stop Zilla. Any help offered is very appreciated. I'm not the most computer savy person at all although I'm trying really hard. I ask for your patience in advance and thank you. I'm at my wits end! HJT log to follow:le of HijackThis v1.99.1Scan saved at 9:13:32 AM, on 10/9/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18241)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\brsvc01a.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\brss01a.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\WINDOWS\ATKKBService.exeC:\Program Files\Symantec\Liv... Read more

A:Red Circle White X infection help wanted.....

Hi Comm,Welcome to BC HijackThis forum. I am farbar. I am going to assist you with your problem.Note 1. Please refrain from making any changes to your system from now on as it might prolong handling your log and make the job for both of us more difficult.To get an idea about the current condition of you computer download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Note 1:The logs will be created in this folder: C:\rsit

Note 2:The tool takes not more than one minute to scan the system.Tell me if you have run any other tool.

Tell me about the current condition of your computer.

Read other 3 answers