DaniWeb IT Discussion Community
1 2
Show 40 post(s) from this thread on one page

DaniWeb IT Discussion Community (http://www.daniweb.com/forums/index.php)
-   Viruses, Spyware and other Nasties (http://www.daniweb.com/forums/forum64.html)
-   -   Virus alert! icon in sytem try maybe spyfalcon (http://www.daniweb.com/forums/thread45834.html)

shrimpygirl May 18th, 2006 9:18 pm
Virus alert! icon in sytem try maybe spyfalcon
 
I am also getting a disable icon in the bottom right coner of my systray next to the clock. It flashes and popsup a box saying somthing about a virus alert get a animalware scanner program.
I click on it I go to spyfalcon.
Used it nothing happened. I did all the other things I read about in the other posts.
Does this virus files the same on all computers or does it effect different files?
here is my hijckthis file log for you:
Logfile of HijackThis v1.99.1
Scan saved at 9:51:01 AM, on 19/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\devldr32.exe
D:\Program Files\DigitalPersona\Bin\DpHost.exe
D:\WINDOWS\system32\MotorolaDAP.exe
D:\Program Files\Microsoft SQL Server\MSSQL$SHIPWORKS\Binn\sqlservr.exe
D:\Program Files\Microsoft SQL Server\MSSQL$STOM\Binn\sqlservr.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\ZoneLabs\vsmon.exe
D:\Program Files\Registry Mechanic\RegMech.exe
D:\WINDOWS\system32\ZoneLabs\isafe.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\Program Files\Safe OffSite\SOS Online Backup v1.2\sosuploadagent.exe
D:\WINDOWS\system32\taskmgr.exe
D:\Program Files\ewido anti-malware\SecuritySuite.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Application Installers\KillBox.exe
D:\Program Files\TTMessenger 2.1\ttmessenger2.exe
D:\Application Installers\HijackThis.exe
O2 - BHO: Nothing - {f79fd28e-36ee-4989-aa61-9dd8e30a82fa} - D:\WINDOWS\system32\hpBE27.tmp
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [ISUSScheduler] "D:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [FJTWAIN Setup] D:\WINDOWS\Twain_32\fjscan32\FjtwSetup.exe /Station
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Daemon14] D:\PROGRA~1\MICROS~2\GAMECO~1\STRATE~1\daemon14.exe
O4 - HKLM\..\Run: [IntelliPoint] "D:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [type32] "D:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [Jet Detection] "D:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "D:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [pdfFactory Dispatcher v2] "D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" /source=HKLM
O4 - HKLM\..\Run: [FtLnSOP_setup] D:\WINDOWS\Twain_32\Fjscan32\SOP\FtLnSOP.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "D:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [DPAgnt] D:\Program Files\DigitalPersona\Bin\DPAgnt.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "D:\Program Files\LogMeIn\LogMeInSystray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [StartMeSGS] D:\Program Files\Safe OffSite\SOS Online Backup v1.2\sosuploadagent.exe
O4 - HKLM\..\Run: [UpdReg] D:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [c750348f.exe] D:\WINDOWS\system32\c750348f.exe
O4 - HKLM\..\Run: [Zone Labs Client] D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [ISUSPM Startup] D:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [Yahoo! Pager] "D:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "D:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [c750348f.exe] D:\Documents and Settings\Home\Local Settings\Application Data\c750348f.exe
O4 - HKCU\..\Run: [TTMessenger] "D:\Program Files\TTMessenger 2.1\ttmessenger2.exe"
O4 - HKCU\..\Run: [MessengerPlus3] "D:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [TTMessengerPDF] "D:\Program Files\TTMessenger 2.1\spool\PDFSaver.exe"
O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Audible Download Manager.lnk = D:\Program Files\Audible\Bin\adhelper.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Delivery Agent.lnk = D:\Program Files\Intuit\QuickBooks\Components\QBAgent\QBDAgent.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = ?
O4 - Global Startup: Service Manager.lnk = D:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~3\msgrapp.dll" (file missing)
O20 - Winlogon Notify: DPWLN - D:\WINDOWS\system32\DPWLEvHd.dll
O20 - Winlogon Notify: LMIinit - D:\WINDOWS\SYSTEM32\LMIinit.dll
O20 - Winlogon Notify: winhld32 - D:\WINDOWS\SYSTEM32\winhld32.dll
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - D:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: Windows XP FUS Manager (DPFUSMgr) - DigitalPersona, Inc. - D:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - D:\Program Files\DigitalPersona\Bin\DpHost.exe
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Motorola Digital Audio Player Manager (MotorolaDAP) - Motorola Inc. - D:\WINDOWS\system32\MotorolaDAP.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\system32\ZoneLabs\vsmon.exe

I hope that helps to get rid off it. I wanted to retore to earlyer point. Though my computer could only restore to when the day it came on.

Kn10 May 18th, 2006 11:13 pm
Re: Virus alert! icon in sytem try maybe spyfalcon
 
Remove these lines:

D:\WINDOWS\system32\devldr32.exe
O2 - BHO: Nothing - {f79fd28e-36ee-4989-aa61-9dd8e30a82fa} - D:\WINDOWS\system32\hpBE27.tmp
O4 - HKLM\..\Run: [c750348f.exe] D:\WINDOWS\system32\c750348f.exe
O4 - HKCU\..\Run: [c750348f.exe] D:\Documents and Settings\Home\Local Settings\Application Data\c750348f.exe
O20 - Winlogon Notify: winhld32 - D:\WINDOWS\SYSTEM32\winhld32.dll
O20 - Winlogon Notify: DPWLN - D:\WINDOWS\system32\DPWLEvHd.dll
O20 - Winlogon Notify: LMIinit - D:\WINDOWS\SYSTEM32\LMIinit.dll

It looks like there are multiple infections, are you running a virus scanner and up to date with windows updates?

Run a virus scanner (such as AVG: http://free.grisoft.com) after doing this.

If you believe it is Spyfalcon, here is some spyfalcon removal instructions:
http://www.technibble.com/how-to-remove-spyfalcon/

tayspen May 18th, 2006 11:29 pm
Re: Virus alert! icon in sytem try maybe spyfalcon
 
Uh,

Quote:
O20 - Winlogon Notify: DPWLN - D:\WINDOWS\system32\DPWLEvHd.dll
O20 - Winlogon Notify: LMIinit - D:\WINDOWS\SYSTEM32\LMIinit.dll
These to are legit, belonging to the LogmeIn servce. Do not fix these...

More detailed instructions :).

Please run HJT again, select Do ysstem scan only. Then check these items.


O2 - BHO: Nothing - {f79fd28e-36ee-4989-aa61-9dd8e30a82fa} - D:\WINDOWS\system32\hpBE27.tmp

O4 - HKLM\..\Run: [c750348f.exe] D:\WINDOWS\system32\c750348f.exe

O4 - HKLM\..\Run: [c750348f.exe] D:\WINDOWS\system32\c750348f.exe

O4 - HKCU\..\Run: [c750348f.exe] D:\Documents and Settings\Home\Local Settings\Application Data\c750348f.exe


Click Fix Checked.

_________________________________________________

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm




You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Next, please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

______________________________________________________

Please download ewido anti-malware it is a free version of the program.
  1. Install ewido anti-malware
  2. When installing, under "Additional Options" uncheck..
    • Install background guard
    • Install scan via context menu
  3. Launch ewido, there should be an icon on your desktop, double-click it.
  4. The program will now open to the main screen.
  5. When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  6. You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click update.
    • Then click on Start Update.
  7. The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display ("Update successful" )
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

Once the updates are installed do the following:
  • Open up Ewido
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • You will be prompted to clean the first infection.
  • Select "Perform action on all infections", then proceed.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily.
  • Close ewido anti-malware.

Reboot.

___________________________________________________

Post a new HJT log, and teh ewido log, and teh smitfraudfix log - And we will continue the fix...

shrimpygirl May 18th, 2006 11:58 pm
Re: Virus alert! icon in sytem try maybe spyfalcon
 
I have done as said for hijackthis. I did the other suff before. It still is there. Also is in safemode.

What should I do next?

shrimpygirl May 19th, 2006 12:02 am
Re: Virus alert! icon in sytem try maybe spyfalcon
 
Here you go as asked

SmitFraudFix v2.44
Scan done at 13:00:13.20, 19/05/2006
Run from D:\Application Installers\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600]
»»»»»»»»»»»»»»»»»»»»»»»» D:\

»»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS
D:\WINDOWS\.protected FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\system32
D:\WINDOWS\system32\hp????.tmp FOUND !
D:\WINDOWS\system32\stdole3.tlb FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» D:\Documents and Settings\Home\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
D:\DOCUME~1\Home\STARTM~1\Programs\Startup\.protected FOUND !
D:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\.protected FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» D:\DOCUME~1\Home\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» D:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{e04408db-4812-4478-8d4d-e46edcffd3b6}"="AutoDisc Ware"
[HKEY_CLASSES_ROOT\CLSID\{e04408db-4812-4478-8d4d-e46edcffd3b6}\InProcServer32]
@="D:\WINDOWS\system32\fyhhxw.dll"
[HKEY_CURRENT_USER\Software\Classes\CLSID\{e04408db-4812-4478-8d4d-e46edcffd3b6}\InProcServer32]
@="D:\WINDOWS\system32\fyhhxw.dll"

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

shrimpygirl May 19th, 2006 1:35 am
Re: Virus alert! icon in sytem try maybe spyfalcon
 
I still have the icon in the sytem try next to clock. I don't think it is spyfalcon though links to it. I not got it installed.
What should I do? I restore my computer to early date.
Should I reinstall the system? I just want to know where to go from here? it is in safe mode.

shrimpygirl May 19th, 2006 1:40 am
Re: Virus alert! icon in sytem try maybe spyfalcon
 
Here you do as asked:
SmitFraudFix v2.44
Scan done at 13:15:15.32, 19/05/2006
Run from D:\Application Installers\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600]
»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» End


What next?

tayspen May 19th, 2006 1:47 pm
Re: Virus alert! icon in sytem try maybe spyfalcon
 
Post another HJT log. so we can see what remains.

shrimpygirl May 19th, 2006 8:02 pm
Re: Virus alert! icon in sytem try maybe spyfalcon
 
I have got rid off it. I deleted a file from my hard drive not in windows or the system32 folder. I also got rid of all my private data in firefox and Internet explorer my temporary iinternet files and cookies.
I forgot I reinstalled some programs that I didn't need or use. This all helped. So far. After that should do a reinstall and after each deletion of the Internet temp files
This has helped. So far.
Also I recommend any one who gets this problem please do as I did above. We all for get that we need to remove/delete the all the Internet temporary files and cookies some time off our computer.


Logfile of HijackThis v1.99.1
Scan saved at 8:58:32 AM, on 20/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Microsoft IntelliPoint\point32.exe
D:\Program Files\Microsoft IntelliType Pro\type32.exe
D:\Program Files\Messenger Plus! 3\MsgPlus.exe
D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
D:\WINDOWS\Twain_32\Fjscan32\SOP\FtLnSOP.exe
D:\Program Files\DigitalPersona\Bin\DPAgnt.exe
D:\Program Files\LogMeIn\LogMeInSystray.exe
D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
D:\WINDOWS\system32\CTHELPER.EXE
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\TTMessenger 2.1\spool\PDFSaver.exe
D:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
D:\Program Files\Audible\Bin\adhelper.exe
D:\Program Files\Intuit\QuickBooks\Components\QBAgent\QBDAgent.exe
D:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
D:\WINDOWS\system32\mrtMngr.EXE
D:\Program Files\DigitalPersona\Bin\DpHost.exe
D:\Program Files\ewido anti-malware\ewidoctrl.exe
D:\Program Files\ewido anti-malware\ewidoguard.exe
D:\WINDOWS\system32\MotorolaDAP.exe
D:\Program Files\Microsoft SQL Server\MSSQL$SHIPWORKS\Binn\sqlservr.exe
D:\Program Files\Microsoft SQL Server\MSSQL$STOM\Binn\sqlservr.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\ZoneLabs\vsmon.exe
D:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
D:\WINDOWS\system32\ZoneLabs\isafe.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Data Deposit Box\Data Deposit Box\startup.exe
D:\Program Files\Data Deposit Box\Data Deposit Box\backup.exe
D:\Program Files\Windows Media Player\wmplayer.exe
D:\Program Files\Quicken1\qw.exe
D:\Program Files\TTMessenger 2.1\ttmessenger2.exe
D:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
D:\Program Files\Mozilla Thunderbird\thunderbird.exe
D:\Program Files\Microsoft Office\Office10\MSPUB.EXE
D:\Program Files\ShipWorks\ShipWorks.exe
D:\Program Files\Crazy Browser\Crazy Browser.exe
D:\PROGRA~1\SMARTD~1\SMARTD~1.EXE
D:\Application Installers\HijackThis.exe
O4 - HKLM\..\Run: [IntelliPoint] "D:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [type32] "D:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [Jet Detection] "D:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "D:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [pdfFactory Dispatcher v2] "D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" /source=HKLM
O4 - HKLM\..\Run: [FtLnSOP_setup] D:\WINDOWS\Twain_32\Fjscan32\SOP\FtLnSOP.exe
O4 - HKLM\..\Run: [DPAgnt] D:\Program Files\DigitalPersona\Bin\DPAgnt.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "D:\Program Files\LogMeIn\LogMeInSystray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [StartMeSGS] D:\Program Files\Safe OffSite\SOS Online Backup v1.2\sosuploadagent.exe
O4 - HKLM\..\Run: [UpdReg] D:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Zone Labs Client] D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [ISUSPM Startup] D:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "D:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "D:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [TTMessenger] "D:\Program Files\TTMessenger 2.1\ttmessenger2.exe"
O4 - HKCU\..\Run: [MessengerPlus3] "D:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [TTMessengerPDF] "D:\Program Files\TTMessenger 2.1\spool\PDFSaver.exe"
O4 - HKCU\..\Run: [c750348f.exe] D:\Documents and Settings\Home\Local Settings\Application Data\c750348f.exe
O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Audible Download Manager.lnk = D:\Program Files\Audible\Bin\adhelper.exe
O4 - Global Startup: Data Deposit Box.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Delivery Agent.lnk = D:\Program Files\Intuit\QuickBooks\Components\QBAgent\QBDAgent.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = ?
O4 - Global Startup: Service Manager.lnk = D:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O12 - Plugin for .pdf: D:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~3\msgrapp.dll" (file missing)
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - D:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: Windows XP FUS Manager (DPFUSMgr) - DigitalPersona, Inc. - D:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - D:\Program Files\DigitalPersona\Bin\DpHost.exe
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - D:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Motorola Digital Audio Player Manager (MotorolaDAP) - Motorola Inc. - D:\WINDOWS\system32\MotorolaDAP.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Online Backup Service - Unknown owner - D:\Program Files\Data Deposit Box\Data Deposit Box\nts.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\system32\ZoneLabs\vsmon.exe

Kn10 May 19th, 2006 11:07 pm
Re: Virus alert! icon in sytem try maybe spyfalcon
 
I am pretty sure this is Spyfalcon, does the popup look like this:
http://www.technibble.com/articlecon...rus/virus2.gif



If so, this is where you can find Spyfalcon removal instructions


All times are GMT -4. The time now is 5:14 am.
1 2
Show 40 post(s) from this thread on one page

Forum system based on vBulletin Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
©2003 - 2009 DaniWeb® LLC