suddenly a strange icon has appeared in this folder. (can send screenshot but don;t know how in this forum). Normally the Startup Items are listed as names, but instead of a name there is an unusal icon which looks like a small rectangular box with 2 solid vertical lines in it. help please.

Have you used the task manager to determine what program it is associated with?

Please post a Hijack This log so that the files associated with the virus/spyware/hijacker can be identified. You can download Hijack This at this link http://www.tomcoyote.org/hjt/ then place it into a folder of it's on, such as C:\HJT, so that back up copies can be made and not clutter your desktop or other folders and the backup copies of deleted items can be easily located if needed. Once saved double click HijackThis.exe, and press "Scan". When the scan is finished, the "Scan" button will change into a "Save Log" button. Press that, save the log, Ctrl-A to Select All, and copy its contents into the text editor at this forum. Do not fix anything yet unless you know what you are doing. This is a powerful tool that can crash the computer if used improperly.

To Response No 1. With all the processes running there, it's not possible to determine what the icon refers to and the ICON does NOT display there . All processes 'seem' to be bonafide. In the Startup tab in msconfig/Startup, under 'STARTUP ITEM it only has the Icon. Under COMMAND it only has the Icon. Under LOCATION it reads; SOFTWARE\Microsoft\Windows\Currentversion\Run but that could easily be false. To Response No.2 Will do as you suggest and get back here ASAP. Thanks to both Responders. xxxyyy

To Response No. 2 Here is the log Logfile of HijackThis v1.99.1 Scan saved at 2:58:19 PM, on 3/12/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\S24EvMon.exe C:\WINDOWS\system32\ACS.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\Program Files\Eset\nod32krn.exe C:\Program Files\Agnitum\Outpost Firewall\outpost.exe C:\WINDOWS\system32\RegSrvc.exe C:\WINDOWS\system32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\bluee\Desktop\HijackThis\HijackThis 1.99.0.1\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.emule-project.net/home/perl/general.cgi?l=1 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O4 - HKLM\..\Run: [Outpost Firewall] C:\Program Files\Agnitum\Outpost Firewall\outpost.exe /waitservice O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Firewall\Plugins\BrowserBar\ie_bar.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{FAA0D3A3-848D-4E94-A5A9-E0A08BECF22D}: NameServer = 192.168.2.1 O20 - AppInit_DLLs: C:\PROGRA~1\Agnitum\OUTPOS~1\wl_hook.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: Sebring - C:\WINDOWS\system32\LgNotify.dll O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe O23 - Service: DVD-RAM_Service - Matsus---a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\Program Files\Agnitum\Outpost Firewall\outpost.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe

Not much showing up. If you have msconfig running in selective startup go back and change it to normal startup and repost your HT log. To look for lop.com post a startup list log with Hijack This and post it. Run HT,click the "open misc. tools section" button>check the two boxes to the right of "generate startup list log ">then click generate startup list log and post it. Do a search for rootkits by running BlackLight and post it's results. You can download from this link http://www.f-secure.com/blacklight/try.shtml Save it to your desktop and double click on the file. Have it scan your computer but do not try to fix or delete anything identified by the tool, it may list legitimate programs If the scan does find anything then copy and paste the log back to this thread. The log should be on your desktop or root directory (C:\). This is the format for the log file name: fsbl-<date-and-time>.log If you have any trouble finding it do a search for fsbl*.log. Run this free online scan from Panda When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to the desktop, then copy/paste into the text editor and post it. This scan will look help find spyware.Download Ewido Security Suite then set it up this way Ewido Setup Instructions reboot into Safe Mode and run Ewido When the scan has completed, Ewido will create a report.txt file. Click the "Save Report" button on the bottom of the screen and save the log to your desktop. Please reboot into normal mode and post the ewido log.