1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Adware Removal Virtumonde

Discussion in 'Virus & Other Malware Removal' started by coz99349, Feb 11, 2008.

Thread Status:
Not open for further replies.
  1. coz99349

    coz99349 Thread Starter

    Joined:
    Feb 11, 2008
    Messages:
    1
    I started my computer: Dell Dimension 4550, Windows XP2 Home Edition SP2, Internet Explorer 7 and got this F-virus msg:Spyware Detected Type: Adware Name: Adware.Win32.Virtumonde Object: C:\Documents and Settings\Terry\Local Settings\Temporary Internet Files\Content.IE5\WLYRIR\ptch[1] and I keep getting pop-ups every few seconds that say Spyware detected Type: Adware, Name: Adware.Win32.Virtumonde Object: C:\WINDOWS\SYSTEM32\vtutqro.dll and ssqrs.dll and pxijjws.dll I can't do anything I am
    logged on in safe mode just to get this to you I also got a Content.IE5\OLYB0PQ\ptch[1] and hctp[1] Can you please help me. This has been going on for a few days and seems to be spreading. It just started with the adware msg Virtumonde in WINDOWS\SYSTEM32\vtutqro.dll and the ssqrs.dll and now the others. I have added my HJT Log hope it helps someone help me please............


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 5:41:57 PM, on 2/12/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Safe mode with network support

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.hometab.com/ie_search.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myembarq.com/index.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.hometab.com/ie_search.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R3 - Default URLSearchHook is missing
    O3 - Toolbar: hometab.com Bar - {13E29D3B-7BE4-4FAE-8EDB-18F97F782F94} - (no file)
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: Embarq Toolbar - {4E7BD74F-2B8D-469E-92BE-BF2DFE9AAE2C} - C:\PROGRA~1\EMBARQ~2\EMBARQ~1.DLL
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [SprintModemUpdate] javaw.exe -cp "C:\Program Files\Motive\FirmwareUpdater\lib\SprintModemUpdate.jar" com.motive.firmwareUpdater.client.SprintModemUpdate
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VIRTUA~1\SMARTB~1\SprintDSLAlert.exe
    O4 - HKLM\..\Run: [a8374f77] rundll32.exe "C:\WINDOWS\system32\uingfpbc.dll",b
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe"
    O4 - HKCU\..\Run: [QdrPack12] "C:\Program Files\QdrPack\QdrPack12.exe"
    O4 - HKCU\..\Run: [QdrModule12] "C:\Program Files\QdrModule\QdrModule12.exe"
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\EMBARQ Online Security\FSPC\fspcmsie.dll
    O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\EMBARQ Online Security\FSPC\fspcmsie.dll
    O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\EMBARQ Online Security\FSPC\fspcmsie.dll
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (file missing) (HKCU)
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/v/8.1.5.27/applet/aces/aces-en_US.cab
    O16 - DPF: All Star Football by pogo - http://game1.pogo.com/applet-6.8.4.51/allstarfb/allstarfb-en_US.cab
    O16 - DPF: All-Star Football Challenge by pogo - http://game1.pogo.com/applet-8.0.2.32/allstarfb2/allstarfb2-en_US.cab
    O16 - DPF: Armored Attack by pogo - http://game1.pogo.com/applet-8.0.4.41/cctank/cctank-en_US.cab
    O16 - DPF: Backgammon by pogo - http://game1.pogo.com/applet-8.0.9.41/backgammon/backgammon-en_US.cab
    O16 - DPF: Battle Phlinx by pogo - http://game1.pogo.com/applet-6.8.4.51/battlephlinx/battlephlinx-en_US.cab
    O16 - DPF: Bingo Luau by pogo - http://game1.pogo.com/v/8.1.1.16/applet/freebingo/freebingo-en_US.cab
    O16 - DPF: Blackjack by pogo - http://game1.pogo.com/applet-8.0.4.32/blackjack/blackjack-en_US.cab
    O16 - DPF: Blackjack Carnival by pogo - http://game1.pogo.com/v/8.1.5.27/applet/vbjack2/vbjack2-en_US.cab
    O16 - DPF: Blooop by pogo - http://game1.pogo.com/v/8.1.5.27/applet/cascade/cascade-en_US.cab
    O16 - DPF: Bowling by pogo - http://game1.pogo.com/v/8.1.2.14/applet/bowling/bowling-en_US.cab
    O16 - DPF: Canasta by pogo - http://game1.pogo.com/applet-8.0.5.48/canasta/canasta-en_US.cab
    O16 - DPF: Command and Conquer Comanche by pogo - http://game1.pogo.com/applet-6.8.4.51/ccstrike/ccstrike-en_US.cab
    O16 - DPF: Cribbage by pogo - http://game1.pogo.com/applet-8.0.7.27/cribbage/cribbage-en_US.cab
    O16 - DPF: Dice City Roller by pogo - http://game1.pogo.com/v/8.1.4.1/applet/ytz/ytz-en_US.cab
    O16 - DPF: Dice Derby by pogo - http://game1.pogo.com/v/8.1.6.3/applet/checkeredflag/checkeredflag-en_US.cab
    O16 - DPF: Double Deuce Poker by pogo - http://game1.pogo.com/v/8.1.1.1/applet/videopoker2/doubledeuce-en_US.cab
    O16 - DPF: EA Sports Web Soccer by pogo - http://game1.pogo.com/applet-8.0.4.32/soccer/soccer-en_US.cab
    O16 - DPF: Euchre by pogo - http://game1.pogo.com/applet-8.0.3.20/euchre/euchre-en_US.cab
    O16 - DPF: First Class Solitaire by pogo - http://game1.pogo.com/v/8.1.5.27/applet/firstclass2/firstclass2-en_US.cab
    O16 - DPF: Fortune Bingo by pogo - http://game1.pogo.com/v/8.1.1.1/applet/superbingo/superbingo-en_US.cab
    O16 - DPF: Greenback Bayou by pogo - http://game1.pogo.com/applet-8.0.3.20/greenback/greenback-en_US.cab
    O16 - DPF: Hangman Hijinks by pogo - http://game1.pogo.com/v/8.1.1.1/applet/hangman/hangman-en_US.cab
    O16 - DPF: Harvest Mania by pogo - http://game1.pogo.com/applet-6.8.2.23/harvest/harvest-en_US.cab
    O16 - DPF: Hearts by pogo - http://game1.pogo.com/v/8.1.1.13/applet/hearts/hearts-en_US.cab
    O16 - DPF: High Stakes Poker by pogo - http://game1.pogo.com/applet-8.0.2.40/drawpoker/drawpoker-en_US.cab
    O16 - DPF: High Stakes Pool by pogo - http://game1.pogo.com/applet-8.0.5.48/pool2/pool-en_US.cab
    O16 - DPF: Hog Heaven Slots by pogo - http://game1.pogo.com/v/8.1.5.27/applet/fancy/fancy-en_US.cab
    O16 - DPF: Its Outta Here 2 by pogo - http://game1.pogo.com/applet-8.0.2.32/itsoutofhere/itsoutofhere-en_US.cab
    O16 - DPF: Jungle Gin by pogo - http://game1.pogo.com/v/8.1.7.44/applet/gin2/gin2-en_US.cab
    O16 - DPF: Lost Temple Poker by pogo - http://game1.pogo.com/applet-8.0.6.59/mhpoker/mhpoker-en_US.cab
    O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-8.0.6.49/lottso/lottso-en_US.cab
    O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/v/8.1.6.21/applet/mahjong2/mahjong2-en_US.cab
    O16 - DPF: Makeover Madness by pogo - http://game1.pogo.com/v/8.1.7.44/applet/shoes/shoes-en_US.cab
    O16 - DPF: Multiline Slots by pogo - http://game1.pogo.com/applet-6.8.4.51/mlslots/mlslots-en_US.cab
    O16 - DPF: NASCAR Web Racing by pogo - http://game1.pogo.com/applet-8.0.4.32/nascar/nascar-en_US.cab
    O16 - DPF: No-Limit Texas Hold'em by pogo - http://game1.pogo.com/v/8.1.0.25/applet/allin/allin-en_US.cab
    O16 - DPF: Pai Gow by pogo - http://game1.pogo.com/v/8.1.1.1/applet/paigow/paigow-en_US.cab
    O16 - DPF: Payday FreeCell by pogo - http://game1.pogo.com/applet-6.9.0.43/freecell/freecell-en_US.cab
    O16 - DPF: Payday Freecell Solitaire by pogo - http://game1.pogo.com/v/8.1.0.23/applet/freecell2/freecell2-en_US.cab
    O16 - DPF: Penguin Blocks by pogo - http://game1.pogo.com/applet-8.0.5.30/penguins/penguins-en_US.cab
    O16 - DPF: Perfect Pair Solitaire by pogo - http://game1.pogo.com/applet-8.0.9.33/waterwheel/waterwheel-en_US.cab
    O16 - DPF: Perfect Passer by pogo - http://game1.pogo.com/applet-6.8.4.51/perfectpasser/perfectpasser-en_US.cab
    O16 - DPF: Phlinx by pogo - http://game1.pogo.com/v/8.1.1.1/applet/flinger/flinger-en_US.cab
    O16 - DPF: Pinochle by pogo - http://game1.pogo.com/v/8.1.7.44/applet/pinochle/pinochle-en_US.cab
    O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/v/8.1.5.27/applet/popfu/popfu-en_US.cab
    O16 - DPF: PoppaZoppa by pogo - http://game1.pogo.com/applet-6.8.4.51/poppazoppa/poppazoppa-en_US.cab
    O16 - DPF: Poppit by pogo - http://game1.pogo.com/v/8.1.2.12/applet/poppit2/poppit2-en_US.cab
    O16 - DPF: Quick Quack by pogo - http://game1.pogo.com/applet-8.0.7.27/hotstreak/hotstreak-en_US.cab
    O16 - DPF: Quick Shot by pogo - http://game1.pogo.com/applet-8.0.3.36/quickshot/quickshot-en_US.cab
    O16 - DPF: QWERTY by pogo - http://game1.pogo.com/applet-8.0.5.48/squares/squares-en_US.cab
    O16 - DPF: Ride The Tide by pogo - http://game1.pogo.com/v/8.1.0.23/applet/ride/ride-en_US.cab
    O16 - DPF: SciFi Slots by pogo - http://game1.pogo.com/applet-8.0.1.32/slots/scifi-en_US.cab
    O16 - DPF: Shuffle Bump by pogo - http://game1.pogo.com/applet-8.0.0.20/puck/puck-en_US.cab
    O16 - DPF: Spades 2 by pogo - http://game1.pogo.com/applet-8.0.2.32/spades2/spades2-en_US.cab
    O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.com/applet-6.9.0.43/spider/spider-en_US.cab
    O16 - DPF: Spooky Slots - http://game1.pogo.com/v/8.1.2.12/applet/spooky/spooky-en_US.cab
    O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-8.0.6.49/squelchies/squelchies-en_US.cab
    O16 - DPF: Stax by pogo - http://game1.pogo.com/applet-8.0.7.27/stax/stax-en_US.cab
    O16 - DPF: Stellar Sweeper by pogo - http://game1.pogo.com/v/8.1.5.27/applet/sweeper/sweeper-en_US.cab
    O16 - DPF: Sweet Tooth 2 by Pogo - http://game1.pogo.com/v/8.1.6.21/applet/sweettooth2/sweettooth2-en_US.cab
    O16 - DPF: Sweet Tooth TM by pogo - http://game1.pogo.com/v/8.1.1.13/applet/sweettooth/sweettooth-en_US.cab
    O16 - DPF: Tank Hunter by pogo - http://www.pogo.com/applet-8.0.4.41/tank/tank-en_US.cab
    O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-6.8.4.51/holdem/holdem-en_US.cab
    O16 - DPF: Thousand Island Solitaire by pogo - http://game1.pogo.com/v/8.1.4.2/applet/millbrae/millbrae-en_US.cab
    O16 - DPF: Top Down Baseball Challenge by pogo - http://game1.pogo.com/applet-8.0.2.32/topdown2/topdown2-en_US.cab
    O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.com/v/8.1.6.21/applet/peaks/peaks-en_US.cab
    O16 - DPF: Tumble Bees by pogo - http://game1.pogo.com/v/8.1.7.44/applet/tumbee2/tumbee2-en_US.cab
    O16 - DPF: Turbo 21 v2 by pogo - http://game1.pogo.com/v/8.1.5.27/applet/turbo22/turbo22-en_US.cab
    O16 - DPF: Vaults of Atlantis Slots by pogo - http://game1.pogo.com/v/8.1.1.1/applet/mlslots/mlslots-en_US.cab
    O16 - DPF: Vert Skater by pogo - http://game1.pogo.com/applet-8.0.4.41/vertskater/vertskater-en_US.cab
    O16 - DPF: Wonderland Memories by pogo - http://game1.pogo.com/v/8.1.5.27/applet/memories/memories-en_US.cab
    O16 - DPF: Word Craft by pogo - http://game1.pogo.com/applet-6.9.4.34/babble/babble-en_US.cab
    O16 - DPF: Word Search Daily by pogo - http://game1.pogo.com/applet-8.0.7.27/wordsearch/wordsearch-en_US.cab
    O16 - DPF: Word Whomp by pogo - http://game1.pogo.com/v/8.1.5.27/applet/wordwhomp2/whomp2-en_US.cab
    O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.com/v/8.1.7.44/applet/whackdown/whackdown-en_US.cab
    O16 - DPF: WordJong by pogo - http://game1.pogo.com/applet-8.0.5.30/wordjong/wordjong-en_US.cab
    O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.com/v/8.1.6.21/applet/worldclass/worldclass-en_US.cab
    O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
    O16 - DPF: {226ACC34-3194-40E2-9AE8-834FCFE9E80D} (CPlayFirstmsiControl Object) - http://cdn.ll.neoedge.com/webgames/MysteryOfSharkIsland/MysteryOfSharkIslandWeb.1.0.0.8.cab
    O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://download.games.yahoo.com/games/web_games/playfirst/trijinx/TriJinx.1.0.0.55.cab
    O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
    O16 - DPF: {49E67060-2C0D-415E-94C7-52A49F73B2F1} (CPlayFirstPiratePoppersControl Object) - http://aolsvc.aol.com/onlinegames/trypiratepoppers/PiratePoppers.1.0.0.32.cab
    O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
    O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} (AtlAtomadersCtlAttrib Class) - http://zone.msn.com/bingame/amad/default/atomaders.cab
    O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab55579.cab
    O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://cdn2.zone.msn.com/binframework/v10/ZAxRcMgr.cab31267.cab
    O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/dd/install/guidedsolutions.cab
    O16 - DPF: {A9FD89D6-C839-11D3-B0FE-0050044B8FE9} (OBInstallRunner Control) - http://www.opinionbar.com/download/resources/OBInstallCabinet.CAB
    O16 - DPF: {B12213CD-4189-415D-A054-7999528459F7} (pixelStormLauncher Class) - http://aolsvc.aol.com/onlinegames/free-trial-word-travels/pixelstormlauncher.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
    O16 - DPF: {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} (BewitchedGameClass Control) - http://aolsvc.aol.com/onlinegames/sonybewitched/main.cab
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://aolsvc.aol.com/onlinegames/free-trial-lotus-deluxe/zylomplayer.cab
    O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://aolsvc.aol.com/onlinegames/pandacraze/gpcontrol.cab
    O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
    O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://zone.msn.com/bingame/dash/default/DinerDash.1.0.0.94.cab
    O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) - http://clubgames.pogo.com/online2/pogop/mahjong_escape_ancient/PTGameLauncher.cab
    O16 - DPF: {FC4CAF5F-91BD-4DD9-ADC1-F3C737E37BC4} (CPlayFirstSweetopiaControl Object) - http://aolsvc.aol.com/onlinegames/free-trial-sweetopia/Sweetopia.1.0.0.22.cab
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: EarthLinkSafeConnectAgent - Unknown owner - C:\Program Files\EarthLink\EarthLink Protection Control Center\Sana\Bin\SanaAgent.exe (file missing)
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\EMBARQ Online Security\Anti-Virus\fsgk32st.exe
    O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\EMBARQ Online Security\FSAUA\program\fsaua.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\EMBARQ Online Security\FWES\Program\fsdfwd.exe
    O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\EMBARQ Online Security\Common\FSMA32.EXE
    O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O24 - Desktop Component 1: Intelligent Desktop - intelligentdesktop.com - http://active.intelligentdesktop.com/active/?17852435

    --
    End of file - 17288 bytes
     

    Attached Files:

  2. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Hi, Welcome to TSG!!

    Please close/disable all anti-virus and anti-malware programs so they do not interfere with the running of SDFix and make sure you are disconnected from the Internet after downloading the program but before extracting the files.

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with SDFix and remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Remember to re-enable the protection again afterwards before connecting to the Internet.


    Download SDFix and save it to your Desktop.

    Double click SDFix.exe and it will extract the files to %systemdrive%
    (Drive that contains the Windows Directory, typically C:\SDFix)

    Please then reboot your computer in Safe Mode by doing the following :
    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually
    • Instead of Windows loading as normal, the Advanced Options Menu should appear
    • Select the first option, to run Windows in Safe Mode, then press Enter
    • Choose your usual account.
    • Open the extracted SDFix folder and double click RunThis.bat to start the script.
    • Type Y to begin the cleanup process.
    • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to reboot.
    • Press any Key and it will restart the PC.
    • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
    • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
      (Report.txt will also be copied to the clipboard ready for posting back on the forum).
    • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/682189

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice