| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 70766 | 2006-07-15 09:43:00 | spyguard.com | kaliyuga (6711) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 471120 | 2006-07-15 09:43:00 | I have a flashing yellow triangle exclamation mark icon in my sytem tray tha comes up with a balloon about finding viruses click here and takes me to webpage called thespyguard.com. how do I get rid of it? I have run adaware and antivirus several times today but it keeps coming up occaisionally. | kaliyuga (6711) | ||
| 471121 | 2006-07-15 09:59:00 | Post us a HJT (HijackThis log), please, then we may be able to solve it. Cheers :) |
Renmoo (66) | ||
| 471122 | 2006-07-15 10:05:00 | Hi, I am new to this forum (just wandered in ) so I do not know if they have expertise in handling spyware/malware problems. Typically we would ask you to run Hijack this and post a log, also maybe even run silent runners or post your registry run values, if you like have a look in registry for :- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run Look in the right payne for the value "svcmon" = "%CurrentFolder%\svcmon.exe" Let us know if it is there. :waughh: Maybe one of the mods can advise if you attempt these fixes here. |
jenae (254) | ||
| 471123 | 2006-07-15 10:08:00 | First thing I'd do is have a look for info about it through your preferred search engine. I know someone's got to be the first to get what looks like malware to me but chances are you're not. Have you tried scanning in Safe Mode? Also have a look at the excellent FAQs regarding malware. HTH m | mark c (247) | ||
| 471124 | 2006-07-15 10:19:00 | Yes, jenae, there are people here well-qualified to advise on HijackThis logs. P.S. No, not me. But Speedy Gonzalez comes first to mind. Plus there are several others. |
Laura (43) | ||
| 471125 | 2006-07-17 04:46:00 | I have got a hijack this log for your info.... Logfile of HijackThis v1.99.1 Scan saved at 2:45:24 p.m., on 17/07/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Executive Software\Diskeeper\DkService.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe C:\Program Files\Norton Utilities\NPROTECT.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe C:\Program Files\Speed Disk\nopdb.exe C:\WINDOWS\system32\Tablet.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\isnotify.exe C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\CTHELPER.EXE C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\System32\DeltTray.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\D-Tools\daemon.exe C:\Program Files\Windows Defender\MSASCui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\WTablet\TabUserW.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\HJT\HijackThis.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe" O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [M-Audio Delta Taskbar Icon] C:\WINDOWS\System32\DeltTray.exe O4 - HKLM\..\Run: [DeltTray] DeltTray.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [Gnetmous] C:\Program Files\KYE\Genius Wireless Optical Mouse\gnetmous.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - download.bitdefender.com O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - acs.pandasoftware.com O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - download.mcafee.com O21 - SSODL: cinnamomum - {93ac7c30-3878-4eaa-9420-7977285df5b1} - C:\WINDOWS\system32\pmnqguh.dll (file missing) O23 - Service: Aardvark Professional Audio Manager (aardvarkpm) - Aardvark Computer Systems, Inc. - C:\Program Files\Aardvark\aardvark.exe O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Utilities\NPROTECT.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Speed Disk\nopdb.exe O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe |
kaliyuga (6711) | ||
| 471126 | 2006-07-17 04:52:00 | there are 4 annoying things, the one described above, a casino popup, a window that pops up saying there is a critical error on the computer and i should go to such and such site to buy some sort of virus/trojan tool, and another unseemly popup ad, they just keep coming up regularly | kaliyuga (6711) | ||
| 471127 | 2006-07-17 05:05:00 | There is a removal tool here... www.spywareremove.com |
Nyuuji (5460) | ||
| 471128 | 2006-07-17 06:25:00 | thanks Nyuuji that located the 'zlob's and my son managed to delete C:\WINDOWS\system32\isnotify.exe and that seems to have banished it...so far so good! | kaliyuga (6711) | ||
| 471129 | 2006-07-22 09:04:00 | Yeah Kalyg, I got the blighter at last. Problem now is that I renamed Kernel32.dll (in safe mode) and restarted the pc again. ( the Zlob trojan controls it with some other bits and bobs like issearch and isshost too which I deleted) Now I'm in a constant restarting loop. I am unable to get into desktop, nor use safe mode either. When I insert xp disk, it does not function allowing me to reinstall. I have a boot up floppy, and this does not work either. I can open the F8 options, but non of the safe mode's run, and I cant get into dos either. Is there any way to get this pc back ? Really gratefull for any assistance with this caper, SSD |
SouthSaturnDelta (10734) | ||
| 1 2 | |||||