Some kind of icon on my task bar!!

Goleon

Journeyman
FOr about 2 weeks i have been noticing an icon on my task bar on startup...It looks like the shape of a binocular and dissappears as soon as i hover my mouse over it....ANd recently wen i opened my XP ...after showing me the desktop it came 2 the BSOD and then it restarted and opened xp and shweb me a message.. Ur system has been repaired from a serious error...Wat should i do...is it sum kind of a vius..I use the quick heal 2 months complimentery edition tht digit gave me...
 

Aashrey99

The Prophet
Re: SOmekInd of icON on my task bar!!

dude, the icon is the result of a virus. and its gonna keep showing you this. some screen shots would help us understand your problem better.
 

Neuron

Electronic.
Re: SOmekInd of icON on my task bar!!

FOr about 2 weeks i have been noticing an icon on my task bar on startup...It looks like the shape of a binocular and dissappears as soon as i hover my mouse over it....ANd recently wen i opened my XP ...after showing me the desktop it came 2 the BSOD and then it restarted and opened xp and shweb me a message.. Ur system has been repaired from a serious error...Wat should i do...is it sum kind of a vius..I use the quick heal 2 months complimentery edition tht digit gave me...

Post a screenshot of that icon.
 

Neuron

Electronic.
^^Install CCleaner.
Goto tools-->startup.You will see a list of start up items.Determine which one among them has the mentioned icon.Disable or delete it.
I still recommend you install an anti virus and perform a system scan to make sure that there are no threats on your PC.
 
OP
G

Goleon

Journeyman
Yes HKCU:Run Extraram C:\Program Files\Extra RAM\ExtraRAM.exe
Yes HKCU:Run Google Update "C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
Yes HKCU:Run NVIDIA nTune D:\NVIDIA system tools\nTune\nTuneCmd.exe resetprofile
Yes HKCU:Run fsm
Yes HKCU:Run WallpaperChanger D:\Wallpaper Master\Wallpaper.exe
Yes HKCU:Run AdobeBridge
Yes HKCU:Run Aston2 "D:\aston menu\Aston2.exe"
Yes HKCU:Run ctfmon.exe C:\WINDOWS\system32\ctfmon.exe
Yes HKCU:Run Kryptel Shredder "D:\kryptel\Shredder.exe" startup
Yes HKCU:Run UIWatcher D:\Ashampoo UnInstaller 2010\UIWatcher.exe
Yes HKCU:Run uTorrent "C:\Documents and Settings\User\My Documents\Downloads\utorrent.exe"
Yes HKLM:Run NeroFilterCheck C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
Yes HKLM:Run wcmdmgr C:\WINDOWS\wt\wcmdmgrl.exe -launch
Yes HKLM:Run USB Antivirus F:\USB Disk Security\USBGuard.exe
Yes HKLM:Run RTHDCPL RTHDCPL.EXE
Yes HKLM:Run Alcmtr ALCMTR.EXE
Yes HKLM:Run MotiveReportAgent "C:\Program Files\Common Files\Motive\McciBootStrapper.exe" /url="-APPKEY=Motive -WindowContext=ReportAgent -url=file://C:\Program Files\Common Files\Motive\ReportAgent.html" /browsertype=CustomMSIE /browserpath="C:\Program Files\Common Files\Motive\MotiveBrowser.exe" /hidden
Yes HKLM:Run BootNaMir D:\Time Freeze\BootSP.exe
Yes HKLM:Run AdobeAAMUpdater-1.0 "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
Yes HKLM:Run SwitchBoard C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
Yes HKLM:Run BootSkin Startup Jobs "D:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
Yes HKLM:Run My Web Search Bar Search Scope Monitor "C:\PROGRA~1\MYWEBS~1\bar\3.bin\m3SrchMn.exe" /m=2 /w /h
Yes HKLM:Run Adobe Reader Speed Launcher "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
Yes HKLM:Run Adobe ARM "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Yes HKLM:Run Quick Heal Core UI "C:\Program Files\Quick Heal\Quick Heal Internet Security\strtupap.exe"
Yes HKLM:Run Standby "C:\Program Files\Common Files\Corel\Standby\Standby.exe" -START
Yes HKLM:Run SearchSettings "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe"
Yes HKLM:Run SunJavaUpdateSched "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
Yes HKLM:Run googletalk C:\Program Files\Google\Google Talk\googletalk.exe /autostart
Yes HKLM:Run NvMediaCenter RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
Yes HKLM:Run NvCplDaemon RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
Yes HKLM:Run nwiz C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
Yes Startup Common WinZip Quick Pick.lnk C:\Program Files\WinZip\WZQKPICK.EXE



These are the strtups...WHich of them is the virus?
 

paroh

Padawan
Go to run->regedit->edit->find wtwatch.exe and wstw.exe and delete any key related to them and after this process restart ur pc and delete these two files wtwatch.exe and wstw.exe from this location c:\windows\system32\
 

Vyom

The Power of x480
Staff member
Admin
Here, I have tried to narrow the list down for you, of the suspected programs.
If you know, Extraram, fsm, Aston, MotiveBrowser, Time Freeze and My Web Search Bar Search Scope Monitor, then you can remove the entries for them too.


Yes HKCU:Run Extraram C:\Program Files\Extra RAM\ExtraRAM.exe
Yes HKCU:Run fsm
Yes HKCU:Run Aston2 "D:\aston menu\Aston2.exe"
Yes HKLM:Run wcmdmgr C:\WINDOWS\wt\wcmdmgrl.exe -launch
Yes HKLM:Run RTHDCPL RTHDCPL.EXE
Yes HKLM:Run Alcmtr ALCMTR.EXE
Yes HKLM:Run MotiveReportAgent "C:\Program Files\Common Files\Motive\McciBootStrapper.exe" /url="-APPKEY=Motive -WindowContext=ReportAgent -url=file://C:\Program Files\Common Files\Motive\ReportAgent.html" /browsertype=CustomMSIE /browserpath="C:\Program Files\Common Files\Motive\MotiveBrowser.exe" /hidden
Yes HKLM:Run BootNaMir D:\Time Freeze\BootSP.exe
Yes HKLM:Run My Web Search Bar Search Scope Monitor "C:\PROGRA~1\MYWEBS~1\bar\3.bin\m3SrchMn.exe" /m=2 /w /h
Yes HKLM:Run SearchSettings "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe"
 
OP
G

Goleon

Journeyman
@paroh I had already deleted those files
And i know all the programs such as Extraram,Aston, MotiveBrowser, Time Freeze and My Web Search Bar
But the rest are unknown
 

sakumar79

Technomancer
RTHDCPL.EXE and ALCMTR.EXE are both startup programs initiated by drivers installed by Realtek audio chipset in your motherboard... Both probably not essential but not harmful either...

Added:
Yes HKCU:Run fsm - Not sure, may be that FSM is "fast search marks" - part of how FBackup software indexes files - do you have this software? One website mentions that it could also be related to Secunia PSI...
Yes HKLM:Run wcmdmgr C:\WINDOWS\wt\wcmdmgrl.exe -launch - A program of "Wild Tangent" for online gaming -might have been on preinstalled laptop, etc.
Yes HKLM:Run MotiveReportAgent "C:\Program Files\Common Files\Motive\McciBootStrapper.exe" /url="-APPKEY=Motive -WindowContext=ReportAgent -url=file://C:\Program Files\Common Files\Motive\ReportAgent.html" /browsertype=CustomMSIE /browserpath="C:\Program Files\Common Files\Motive\MotiveBrowser.exe" /hidden - Both programs can possibly be removed and also probably not spyware/virus

Yes HKLM:Run SearchSettings "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe" - This appears to be malware, but not sure... You can remove it from startup...
Arun
 
Last edited:

Vyom

The Power of x480
Staff member
Admin
But trust me dude, even after you remove the startups of suspected program, you still can't be sure that it would solve the problem. In fact, its not a comprehensive list of the programs which starts after a computer boot.
The complete list can be found by using Sysinternal's Autoruns tool.

But that would just be too tedious to analyze. The best bet would be to scan using any Updated Antivirus, or re-install the OS.
All de best.
 
OP
G

Goleon

Journeyman
it was the UI watcher that was the trouble...i removed it from the autorun manager in revo uninstalller and also removed wtwatch problem thanks to kill box.
 

Vyom

The Power of x480
Staff member
Admin
"UI Watcher"! Why would any app would want to "watch" your UI, w/o any malicious intent! :confused:
But, congo for solving the prob :)
 
Top Bottom