Unable to start my anti-virus

[Texaus]

Hello again,

I am unable to run malware removal steps. Everything seems to be running normally on pc; however, I am unable to run any of the anti-virus software on my computer. Avira, Malwarebytes, and hijackthis, do not open when I call on them. I can see a brief flash of the software gui when i try to start, then it disappears and nothing. Any ideas please?

 

[Bobbye]

See if you can run them in Safe Mode:

Boot into Safe Mode

• Restart your computer and start pressing the F8 key on your keyboard.
• Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.

 

[Texaus]

Thank you, unfortunately, it did not work. Exact same result in safe mode. I tried to uninstall malwarebytes hoping that a fresh download of the program might work. Same result, nothing seems to happen when i select 'uninstall'.

 

[Texaus]

I wanted to add a bit of new information...

I am pretty sure I'm infected with something now. Like I said before, computer appears to be operating normally with no slowdowns, browsing internet and google searches were going as usual. However, I just tried to google search for "avira diappears" and my IE window immediatly closed. Went back to IE and googled, "anti-virus disabled" and IE closed down again. When i try to google search for something unrelated to a computer problem it works as it should.

 

[snowchick7669]

If you believe you are infected then please run through this guide here. Make sure you follow the instructions step by step and post ALL 3 logs

 

[Texaus]

Believe me, Id love to. That's why I am here, I know that process works. Please read my post above if you think you may be able to assist.

 

[snowchick7669]

Sorry! I must have skim read through your posts and missed that. Am just trying to take some workload off Bobbye as he is incredibly busy.

I'll leave you in his capable hands

 

[kimsland]

Thank you, unfortunately, it did not work. Exact same result in safe mode.

I think its time to backup any user data whilst you still can

You may have to pull the drive out and scan it in another working computer (setting it as a slave or secondary drive.

Basically "Safe Mode" if not running either, is basically Windows system files issue (likely corrupted by Malware)
It might be time for clean install

 

[Bobbye]

Texaus, give this a try: boot into Safe Mode bu choose Safe Mode with Networking.

Don't try the other programs- do this instead:

• Make sure to use Internet Explorer for this
• Please go to VirSCAN.org FREE on-line scan service
• Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:
  • c:\windows\system32\userinit.exe
• Click on the Upload button
• If a pop-up appears saying the file has been scanned already, please select the ReScan button.
• Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
• Paste the contents of the Clipboard in your next reply.

Also scan these,

C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe


If this runs, paste the log in- nothing else at this time.

 

[Texaus]

Kimsland: I have taken your advice and backed up everything I could think of on an external drive. Hope I didn't copy any nasties too!

Bobbye,
Thanks for not giving up on this. I did as you requested and logs ar3e pasted below. All of this was done under normal start-up. For some reason my keyboard stops working while in safemode - I couldn't get url typed in to IE in safe mode. Also, whilst in safe mode I was able to run Super anti spyware once, I cannot reopen SAS to provide you with the log. It did find and remove a few things - obviously not enough though because I am experiencing same symptoms as before. Also, while in normal mode, I went to msconfig to uncheck all startups on boot - I noticed a suspicious entry, "dumprep 0 -k", no idea what that is. I unchecked everything and restarted, still the same. Also, copy/paste seems to be having a mind of its own, so I was forced to browse for files oyu wanted scanned - while browsing for explorer.exe I noticed a file named "explorer.exe.z-missing", no idea if that means anything to you, but thought I should mention it. UGH!


Note: 2nd reply has logs, was too many characters

 

[Texaus]

************************************************************************************************
VirSCAN.org Scanned Report :
Scanned time : 2009/12/11 00:01:44 (CST)
Scanner results: Scanners did not find malware!
File Name : userinit.exe
File Size : 26112 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : a93aee1928a9d7ce3e16d24ec7380f89
SHA1 : 513f8bdf67a5a9e09803cfb61f590b39f2683853
Online report : http://virscan.org/report/4f2b3a06f01b3a2e09a9e2477374ebcc.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20091210180155 2009-12-10 4.20 -
AhnLab V3 2009.12.10.01 2009.12.10 2009-12-10 1.38 -
AntiVir 8.2.1.108 7.10.1.211 2009-12-10 0.25 -
Antiy 2.0.18 20091204.3347676 2009-12-04 0.02 -
Arcavir 2009 200912101225 2009-12-10 0.03 -
Authentium 5.1.1 200912101115 2009-12-10 1.22 -
AVAST! 4.7.4 091210-0 2009-12-10 0.01 -
AVG 8.5.288 270.14.102/2556 2009-12-10 0.31 -
BitDefender 7.81008.4706914 7.29388 2009-12-10 4.03 -
CA (VET) 35.1.0 7167 2009-12-09 7.78 -
ClamAV 0.95.2 10144 2009-12-10 0.01 -
Comodo 3.13 3195 2009-12-10 0.91 -
CP Secure 1.3.0.5 2009.12.10 2009-12-10 0.04 -
Dr.Web 4.44.0.9170 2009.12.10 2009-12-10 8.17 -
F-Prot 4.4.4.56 20091210 2009-12-10 1.20 -
F-Secure 7.02.73807 2009.12.10.11 2009-12-10 9.52 -
Fortinet 11.252- 11.252 2009-12-10 0.20 -
GData 19.9236/19.616 20091210 2009-12-10 5.96 -
ViRobot 20091210 2009.12.10 2009-12-10 0.46 -
Ikarus T3.1.01.74 2009.12.10.74734 2009-12-10 4.23 -
JiangMin 13.0.900 2009.12.10 2009-12-10 6.91 -
Kaspersky 5.5.10 2009.12.10 2009-12-10 0.11 -
KingSoft 2009.2.5.15 2009.12.10.22 2009-12-10 1.02 -
McAfee 5.3.00 5827 2009-12-09 3.31 -
Microsoft 1.5302 2009.12.10 2009-12-10 7.40 -
Norman 6.01.09 6.01.00 2009-12-09 4.01 -
Panda 9.05.01 2009.12.07 2009-12-07 40.13 -
Trend Micro 9.000-1003 6.684.02 2009-12-10 0.00 -
Quick Heal 10.00 2009.12.09 2009-12-09 1.42 -
Rising 20.0 22.25.03.09 2009-12-10 1.29 -
Sophos 3.02.0 4.48 2009-12-10 2.85 -
Sunbelt 3.9.2386.2 5553 2009-12-09 5.71 -
Symantec 1.3.0.24 20091209.002 2009-12-09 0.06 -
nProtect 20091210.02 6552587 2009-12-10 8.79 -
The Hacker 6.5.0.2 v00089 2009-12-10 1.55 -
VBA32 3.12.12.0 20091209.1703 2009-12-09 4.59 -
VirusBuster 4.5.11.10 10.115.5/2018316 2009-12-10 2.39 -

************************************************************************
VirSCAN.org Scanned Report :
Scanned time : 2009/12/11 00:08:54 (CST)
Scanner results: Scanners did not find malware!
File Name : explorer.exe
File Size : 1033728 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 12896823fb95bfb3dc9b46bcaedc9923
SHA1 : 9d2bf84874abc5b6e9a2744b7865c193c08d362f
Online report : http://virscan.org/report/6d155ce77b7c689e3ac18f5a38ae500e.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20091210180155 2009-12-10 4.37 -
AhnLab V3 2009.12.10.01 2009.12.10 2009-12-10 1.00 -
AntiVir 8.2.1.108 7.10.1.211 2009-12-10 0.13 -
Antiy 2.0.18 20091204.3347676 2009-12-04 0.02 -
Arcavir 2009 200912101225 2009-12-10 0.08 -
Authentium 5.1.1 200912101115 2009-12-10 2.33 -
AVAST! 4.7.4 091210-0 2009-12-10 0.05 -
AVG 8.5.288 270.14.102/2556 2009-12-10 0.32 -
BitDefender 7.81008.4706914 7.29388 2009-12-10 4.11 -
CA (VET) 35.1.0 7167 2009-12-09 7.79 -
ClamAV 0.95.2 10144 2009-12-10 0.18 -
Comodo 3.13 3195 2009-12-10 0.94 -
CP Secure 1.3.0.5 2009.12.10 2009-12-10 0.11 -
Dr.Web 4.44.0.9170 2009.12.10 2009-12-10 7.80 -
F-Prot 4.4.4.56 20091210 2009-12-10 2.15 -
F-Secure 7.02.73807 2009.12.10.11 2009-12-10 9.40 -
Fortinet 11.252- 11.252 2009-12-10 0.25 -
GData 19.9236/19.616 20091210 2009-12-10 5.87 -
ViRobot 20091210 2009.12.10 2009-12-10 0.42 -
Ikarus T3.1.01.74 2009.12.10.74734 2009-12-10 4.24 -
JiangMin 13.0.900 2009.12.10 2009-12-10 4.28 -
Kaspersky 5.5.10 2009.12.10 2009-12-10 0.07 -
KingSoft 2009.2.5.15 2009.12.10.22 2009-12-10 0.56 -
McAfee 5.3.00 5827 2009-12-09 3.37 -
Microsoft 1.5302 2009.12.10 2009-12-10 6.37 -
Norman 6.01.09 6.01.00 2009-12-09 4.01 -
Panda 9.05.01 2009.12.10 2009-12-10 2.18 -
Trend Micro 9.000-1003 6.684.02 2009-12-10 0.00 -
Quick Heal 10.00 2009.12.09 2009-12-09 1.59 -
Rising 20.0 22.25.03.09 2009-12-10 1.05 -
Sophos 3.02.0 4.48 2009-12-10 2.79 -
Sunbelt 3.9.2386.2 5553 2009-12-09 1.91 -
Symantec 1.3.0.24 20091209.002 2009-12-09 0.08 -
nProtect 20091210.02 6552587 2009-12-10 3.91 -
The Hacker 6.5.0.2 v00089 2009-12-10 0.70 -
VBA32 3.12.12.0 20091209.1703 2009-12-09 2.37 -
VirusBuster 4.5.11.10 10.115.5/2018316 2009-12-10 2.65 -
******************************************************************************
VirSCAN.org Scanned Report :
Scanned time : 2009/12/11 00:17:16 (CST)
Scanner results: Scanners did not find malware!
File Name : svchost.exe
File Size : 14336 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 27c6d03bcdb8cfeb96b716f3d8be3e18
SHA1 : 49083ae3725a0488e0a8fbbe1335c745f70c4667
Online report : http://virscan.org/report/b5eb4510f592272382441c95636d3466.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20091210180155 2009-12-10 4.38 -
AhnLab V3 2009.12.10.01 2009.12.10 2009-12-10 1.10 -
AntiVir 8.2.1.108 7.10.1.211 2009-12-10 0.34 -
Antiy 2.0.18 20091204.3347676 2009-12-04 0.02 -
Arcavir 2009 200912101225 2009-12-10 0.03 -
Authentium 5.1.1 200912101115 2009-12-10 1.29 -
AVAST! 4.7.4 091210-0 2009-12-10 0.01 -
AVG 8.5.288 270.14.102/2556 2009-12-10 0.32 -
BitDefender 7.81008.4706914 7.29388 2009-12-10 4.02 -
CA (VET) 35.1.0 7167 2009-12-09 15.40 -
ClamAV 0.95.2 10144 2009-12-10 0.01 -
Comodo 3.13 3195 2009-12-10 1.75 -
CP Secure 1.3.0.5 2009.12.10 2009-12-10 0.04 -
Dr.Web 4.44.0.9170 2009.12.10 2009-12-10 7.53 -
F-Prot 4.4.4.56 20091210 2009-12-10 1.21 -
F-Secure 7.02.73807 2009.12.10.11 2009-12-10 0.10 -
Fortinet 11.252- 11.252 2009-12-10 0.22 -
GData 19.9236/19.616 20091210 2009-12-10 8.05 -
ViRobot 20091210 2009.12.10 2009-12-10 0.46 -
Ikarus T3.1.01.74 2009.12.10.74734 2009-12-10 4.18 -
JiangMin 13.0.900 2009.12.10 2009-12-10 11.67 -
Kaspersky 5.5.10 2009.12.10 2009-12-10 0.07 -
KingSoft 2009.2.5.15 2009.12.10.22 2009-12-10 0.77 -
McAfee 5.3.00 5827 2009-12-09 3.31 -
Microsoft 1.5302 2009.12.10 2009-12-10 7.06 -
Norman 6.01.09 6.01.00 2009-12-09 4.01 -
Panda 9.05.01 2009.12.10 2009-12-10 1.93 -
Trend Micro 9.000-1003 6.684.02 2009-12-10 0.00 -
Quick Heal 10.00 2009.12.09 2009-12-09 1.25 -
Rising 20.0 22.25.03.09 2009-12-10 0.99 -
Sophos 3.02.0 4.48 2009-12-10 2.73 -
Sunbelt 3.9.2386.2 5553 2009-12-09 1.98 -
Symantec 1.3.0.24 20091209.002 2009-12-09 0.05 -
nProtect 20091210.02 6552587 2009-12-10 4.21 -
The Hacker 6.5.0.2 v00089 2009-12-10 0.77 -
VBA32 3.12.12.0 20091209.1703 2009-12-09 2.22 -
VirusBuster 4.5.11.10 10.115.5/2018316 2009-12-10 2.38 -
*****************************************************************************

 

[Bobbye]

I noticed a suspicious entry, "dumprep 0 -k", no idea what that is.

Name: dumprep 0 -k
Filename: dumprep.exe
Command: %sysemroot%\syystem32\dumrep 0 --k
Description: Used in connection with memory dumps - you can disable these by - right clicking on My Computer, selecting Properties and then the Advanced tab. Click on the Settings button in 'Starup and Recovery'. In the bottom pane - under 'Write debugging information' - click on the down arrow and then select 'None' - OK your way out. More information can also be found> http://support.microsoft.com/kb/899870

http://www.bleepingcomputer.com/startups/dumprep.exe-1449.html

Something might be unknown but that doess not necessarily make it bad. Always try and identify a process or entry before adding or removing it.

I went to msconfig to uncheckk all startups on boot

Okay, you went overboard here If you're on a laptop, there is a process on the Startup menu that must start on boot for the keyboard and mouse to work!

You can't uncheck "everything" on Startup to fix one problem and not expect it to start another.

while browsing for explorer.exe

Why/Where were you browsing for Windows Explorer? If you wat to access Windows Explorer either use Win key plus E combination-or right click on Start> Explore.

I noticed a file named "explorer.exe.z-missing"

Many files with file name of 'explorer.exe' are due to Worms. It is possible a HijackThis log would show this entry::C:\WINDOWS\Explorer.EXE.Z
This is: (Heuristics.Reserved.Word.Exploit)

I would have had you remove it.

I was having you check for Virut. You don't have that ad that's a good thing

(Sorry- updated browser and it has caused the Google spell check t o repeat letters and garble most of the words. I hope I found them all)

 

[Texaus]

I meant to say I was browsing for the file explorer.exe in the directory path you gave me to upload to antivir.org. I was just trying to make the point that I couldn't use my keyboard to simply type the file path into the space provided.

I am not on a laptop. There were only two items in msconfig->startup w/ a check mark: 1)avira 2)dumprep 0 -k.

Is it time for me to nuke this install of XP and start over, or is there something else I can try to get one of these programs to scan for me?

 

[Bobbye]

I'd like to try one more thing if you're able. Keyboard is probably USB connection which doesn't work in Safe Mode.

Run Eset NOD32 Online AntiVirus Scanner HERE

Note: You will need to use Internet Explorer for this scan.

• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the Active X control to install
• Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
• Click Start
• Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
• Click Scan
• Wait for the scan to finish
• Re-enable your Antivirus software.
• A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

Attach log to next reply. There might be something I can have you remove which will allow you to run the programs.

 

[Texaus]

Bobbye,

Yesterday, before your last reply, I had a breakthrough. I was able to get SuperAntispyware to load! I just kept calling on it over and over again, probablyy on the 100th try it came up. I selected full scan and it started to scan through registry and memory items, I noticed it found a few things. Then my pc gave up and gave me a BSOD. I rebooted and did same thing with SAS and selected custom scan, once it made initial detections in memory and registry I stopped scan early, before I got another BSOD, and proceded with removal of what it had found so far. That was enought to open gates for rest of software. I will number what I did next below and attach all logs...

1)SAS - Custom scan within Registry and Memory only
2)MBAM - Quick Scan
3)Avira - Full Scan
4)MBAM - Full Scan
5)SAS - Full Scan (Note: While this scan was running, Avira made two detections and sent them to quarantine, I am pasting these below. This was weird because I did not have avira running and there was no indication of it running in my system tray.)
6)HIJACKTHIS


*******************************************************************************************************
Avira Detections while running SAS:
Virus or unwanted program 'RKIT/Agent.39936 [trojan]'
detected in file 'C:\WINDOWS\system32\4a8904570f8da67ff8d832c24fdca9b5.sys.
Action performed: Move file to quarantine

Virus or unwanted program 'RKIT/Agent.39936 [trojan]'
detected in file 'C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP797\A0063050.sys.
Action performed: Move file to quarantine

 

[Bobbye]

Files Infected: C:\System Volume Information

Not to worry on this- it's in a system restore point. We'll remove all of those when you're clean. Please do not use the system Restore feature while we're cleaning. You still have bit of what looks like Vundo and I do need to get the AV scan since you can't run yours.

Please download ComboFix HERE:

• With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.
  
• Please disable all security programs, such as antiviruses, antispywares, and firewalls. Also disable your internet connection.
  
• Run Combo-Fix.exe and follow the prompts.
  (Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.)
• Wait for the scan to be completed.
• If it requires a reboot, please do it.

• After the scan has completed entirely, please post the log here. The log will be located at C:\ComboFix(.txt)

Notes:

• 
  1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
  2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
  3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
  4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Follow with Eset scan requested in my reply #14.

Then rescan with HijackThus.

Logs to attach in next reply:
Combofix report
Eset log
New HJT log

 

[Texaus]

Bobbye,
Should i wait until ComboFix is back up, or is there another tool that can be used?



Note: I WAS able to eventually scan with my antivirus. Attaching log

 

[Bobbye]

Very nice clean log!

Combofix is temporarily down- run this instead:

Download SDFix HERE and save it to your Desktop.

• Double click SDFix.exe and it will extract the files to %systemdrive%
  (Drive that contains the Windows Directory, typically C:\SDFix)
  
  Boot into Safe Mode
• Restart your computer and start pressing the F8 key on your keyboard.
• Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.
  
  Run SDFix
• Open the extracted SDFix folder and double click RunThis.bat to start the script.
• Type Y to begin the cleanup process.
• It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
• Attach Report.txt back here

Follow with new HijackThis scan. Attach both to next reply.

 

[Texaus]

Here are the logs...

BTW, Avira does not like SDfix, should I uninstall it?

 

[Bobbye]

SDFix removed an entry that Avira failed to do:

Trojan Files Found:
C:\Temp\1cb\syscheck.log - Deleted

It also removed temp files.

Please reopen HijackThis to 'do system scan only.' Check the following if present: (Note: Optional removals are in green)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html?p=DS See Optional 1
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O20 - Winlogon Notify: acfebefccccacf - C:\WINDOWS\system32\acfebefccccacf.dll (file missing)
O23 - Service: Qlapidaimde - QLogic Corporation - (no file)>>> http://www.qlogic.com/Products/Pages/products_landingpage.aspx See Optional 2

Read before checking:
Optional 1: Foistware.
Looks like you have the MYWay Search Speedbar on the system: This is usually preloaded by Dell- but it does not appears that you are on a Dell. Chances are that it downloaded without your ermission or knowledge. It's not a viris or malware, but called Foistware.This is optional, but I recommend that you uninstall it.

Optional 2: Unknown Service:
I located the site QLogic, but I cannot identify the Service Qlapidaimde. If you know what this is and use it, leave it. If not check to remove and I'll have you remove the Servie itself next round.

Close all open Windows except HijackThis and click on "Fix Checked."

There is one 'left-over entry. I has ask you to run this earlier, but you had some change and did not. Please do the following:
Run Eset NOD32 Online AntiVirus Scanner HERE

Note: You will need to use Internet Explorer for this scan.

• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the Active X control to install
• Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
• Click Start
• Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
• Click Scan
• Wait for the scan to finish
• Re-enable your Antivirus software.
• A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

Follow with new scan foe HijackThis. Attach new log and Eset log to next reply.

 

[Texaus]

Thanks Bobbye,

The new logs requested are attached. I do not use/recognize either of the "optionals" you listed. I selected both for removal - looks like one is still there though.

 

[Bobbye]

One more check on this please:

O23 - Service: Qlapidaimde - QLogic Corporation - (no file)

Home site: http://www.qlogic.com/Products/Pages/products_landingpage.aspx

Their products are all related to storage networking and converging data. It describes itself as the "fastest Fibre Channel Network."

I'm pushing you on this since you removed the entry and it reappeared (it would do that if the Service was either on Automatic startup or if a related process that started up needed the Service). There is a closely related in name Trojan. and I can't identify the name Qlapidaimde

The Eset log is clean.

While you're doing that, I'm going to copy the entry to another malware helper for a 'consult.'

 

[Texaus]

I'm pushing you on this since you removed the entry and it reappeared (it would do that if the Service was either on Automatic startup or if a related process that started up needed the Service). There is a closely related in name Trojan. and I can't identify the name Qlapidaimde

I appreciate you pushing me on this, it is a little concerning given your statement above. As I did not start it specifically and the only other programs that Ive started since removing it with Hijackthis are Firefox, Outlook, Word, Quickbooks and Adobe - Would any of those require that service?

 

[Bobbye]

Consensus is that the Service appears to be a legitimate one. You can open Services and check it out:I

Start> Run> type in services.msc> double click on Qlapidaimde if present> Change Startup type to Disabled> Stop the Service. While you're in there, click on the Dependency tab> note any Dependencies.

You might see more info with the Service open. IF you find a Dependency, just set Startup type to Manual.

If you get error message about it being in use, boot in to Safe Mode first, then do the above.

I don't mean to worry you- it's just a burr in my side when I can't identify something.