Strange system tray icon

These are our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.

- Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

Make sure you check version numbers and get all updates.

After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:

Downloading, Installing, and Running HijackThis


When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too (these scans are covered in steps 6 & 7 of the READ & RUN ME sticky)

• Bitdefender
• Panda Scan
• HijackThis

 

Re: Malware Update

Were you running both Bitdefender and Panda at the same time?

Please run the below instead of the online scans and attach your Ewido log:

Running Ewido Anti-Malware


Then proceed to step 7 and attach a HijackThis log.

Also please desribe your malware problems.

[EDIT] Now I see you had already started a thread for your problem. Please remain in one thread to avoid confusion like this. All contact related to your current malware problems should occur in this thread. Continue with what I gave you above.

 

I still need to know (in a short direct answer) the answer to my question in message number 6. It is not clear to me what the answer is.

Continue with the rest of message number 6. Do not post again until you have complete those instructions.

 

You did not allow Ewido to fix anything! Why not??? Everything shows: No action taken. If you are not going to allow it to fix your malware problems there is no sense in running it.

You should uninstall SpamBlockerUtility if you have it installed! Do this before continuing.

Please run Ewido again and this time make sure you FIX what it finds. Attach a new Ewido log.

Also attach a new HJT log.

 

For what purpose?

Why is Spybot's Teatimer running? We specifically request that Teatimer not be used in the READ & RUN ME. It was not running in your previous log, so why is it running now. You need to follow only the directions we give you and nothing else.

Now Disable Spybot's TeaTimer

• Run Spybot and click Mode
• Select Advanced Mode.
• Then click Tools and select Resident.
• Now in the right window pane, uncheck TeaTimer.
• Also while this is open, in the left column now select IE Tweaks
• and then in the right pane make sure all the Miscellaneous locks are unchecked.
• Now quit Spybot!

Make sure viewing of hidden files is enabled (per the tutorial).

Please run HijackThis and click on the Open the Misc Tools Section button on the open page. Then select Open process manager on the left-hand side. Look for the following process (or processes) and one at a time kill them by selecting it and then click Kill process. Then click yes.
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe

After killing all the above processes, click Back.
Then please click Scan and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {0DED9096-CCC5-23DA-C84D-A0D9E703FD28} - (no file)
O2 - BHO: (no name) - {45FEDA4A-6ACA-3CD9-D9AB-2CDEA0244912} - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O2 - BHO: (no name) - {d9ae6ddd-5fea-4082-a558-e4d6e617548f} - C:\WINDOWS\system32\intrad.dll (file missing)
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/27058d9be8ab419b9306/netzip/RdxIE601.cab
O20 - Winlogon Notify: intrad - intrad.dll (file missing)
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34546} - C:\WINDOWS\System32\vbsys2.dll (file missing)

After clicking Fix, exit HJT.
Boot into safe mode and use Windows Explorer to delete ( they may already be gone ):
C:\WINDOWS\system32\intrad.dll
C:\WINDOWS\System32\vbsys2.dll
If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Other wise open Task Manager and kill the process if running then delete the file.

Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.
Now run Ccleaner (installed while running the READ ME FIRST).

Now we need to Reset Web Settings:

1. If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
2. Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
3. If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

Now reboot in normal mode and post a new HJT log.

Make sure you tell me how things are working now.

Reminder Note: Once we have determined you are malware free you will need to disable System Restore, reboot, and re-enable system restore per step 1 of the READ & RUN ME. This only applies to if using WinXP or WinMe.

 

Well EM_EXEC.EXE should be pretty self evident as being related to your Logitech mouse or trackball.

ALCXMNTR.EXE - is part of your Realtek AC97 Audio (your sound card). It not really hardcore malware but many people do considered it to be spyware since Realtek uses it to collect information about customers. You could have HijackThis fix the below line and it should not cause you any problems:

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

You could also go a step further and have HJT fix the below items which are not required to load at startup:

O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background

This will improve your startup time and overall PC performance too.

Your log is clean. If you are not having any other malware problems, it is time to go back to step 1 of the READ & RUN ME to Disable System Restore which will flush your Restore Points. Then reboot and enable System Restore to create a new clean Restore Point.

After that, you should work thru the below link:

How to Protect yourself from malware!

 

Read this http://support.microsoft.com/kb/875364/

See step 8 in particular but read all of it. But remember Microsoft is only backing up its own files not yours. None of your information is normally removed but backing up your files is always highly recommended.

 

Try this one.

http://cqcounter.com/whois/