Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

SurfYa + more problems

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

SurfYa + more problems

Unread postby MikeSage » September 29th, 2005, 6:36 am

From this http://www.malwareremoval.com/forum/viewtop ... highlight= previous topic.

Did the BruteForce thing, here's the new HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 11:34:50, on 29/09/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\Common Files\Nokia\NCLTools\NclConf.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\System32\svchost.exe
C:\program files\BigFix\BigFix.exe
C:\program files\EPSON\EPSON CardMonitor\EPSON CardMonitor1.0.exe
C:\program files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
C:\program files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software

Updater.exe
C:\program files\MSN Messenger\msnmsgr.exe
C:\program files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe
C:\program files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Michael Colin Sage\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =

http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

http://www.heretofind.com/show.php?id=0&q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.stupiditykills.co.uk/homepage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

http://www.myexexex.com/search.php?said=spage
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet

Explorer provided by evesham.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =

localhost
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1

\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton

AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program

Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [Nokia Connection Monitor] "C:\Program Files\Common

Files\Nokia\NCLTools\NclConf.exe"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [Jet Detection] C:\Program

Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch

USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program

Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [explorer] C:\WINDOWS\System32\explorer.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [clfmon] C:\WINDOWS\clfmon.exe
O4 - HKLM\..\Run: [nvsvca32] C:\WINDOWS\nvsvca32.exe
O4 - HKLM\..\Run: [tfDPSclfmon.exe] C:\WINDOWS\tfDPSclfmon.exe
O4 - HKLM\..\Run: [rjcJdclfmon.exe] C:\WINDOWS\rjcJdclfmon.exe
O4 - HKLM\..\Run: [ZtqfUnvsvca32.exe] C:\WINDOWS\ZtqfUnvsvca32.exe
O4 - HKLM\..\Run: [npImdnvsvca32.exe] C:\WINDOWS\npImdnvsvca32.exe
O4 - HKLM\..\Run: [AHmGxclfmon.exe] C:\WINDOWS\AHmGxclfmon.exe
O4 - HKLM\..\Run: [xErGoclfmon.exe] C:\WINDOWS\xErGoclfmon.exe
O4 - HKLM\..\Run: [tOdYOnvsvca32.exe] C:\WINDOWS\tOdYOnvsvca32.exe
O4 - HKLM\..\Run: [VnqGFnvsvca32.exe] C:\WINDOWS\VnqGFnvsvca32.exe
O4 - HKLM\..\Run: [fclebnvsvca32.exe] C:\WINDOWS\fclebnvsvca32.exe
O4 - HKLM\..\Run: [VXBrcnvsvca32.exe] C:\WINDOWS\VXBrcnvsvca32.exe
O4 - HKLM\..\Run: [eehQSclfmon.exe] C:\WINDOWS\eehQSclfmon.exe
O4 - HKLM\..\Run: [aRXRgclfmon.exe] C:\WINDOWS\aRXRgclfmon.exe
O4 - HKLM\..\Run: [vAPBVnvsvca32.exe] C:\WINDOWS\vAPBVnvsvca32.exe
O4 - HKLM\..\Run: [edCTBnvsvca32.exe] C:\WINDOWS\edCTBnvsvca32.exe
O4 - HKLM\..\Run: [aaLodnvsvca32.exe] C:\WINDOWS\aaLodnvsvca32.exe
O4 - HKLM\..\Run: [cGCqjnvsvca32.exe] C:\WINDOWS\cGCqjnvsvca32.exe
O4 - HKLM\..\Run: [wDGQanvsvca32.exe] C:\WINDOWS\wDGQanvsvca32.exe
O4 - HKLM\..\Run: [blaDUnvsvca32.exe] C:\WINDOWS\blaDUnvsvca32.exe
O4 - HKLM\..\Run: [mQlEuclfmon.exe] C:\WINDOWS\mQlEuclfmon.exe
O4 - HKLM\..\Run: [YANgvclfmon.exe] C:\WINDOWS\YANgvclfmon.exe
O4 - HKLM\..\Run: [GfNbKnvsvca32.exe] C:\WINDOWS\GfNbKnvsvca32.exe
O4 - HKLM\..\Run: [IFiECclfmon.exe] C:\WINDOWS\IFiECclfmon.exe
O4 - HKLM\..\Run: [QsrUdnvsvca32.exe] C:\WINDOWS\QsrUdnvsvca32.exe
O4 - HKLM\..\Run: [OvWOhclfmon.exe] C:\WINDOWS\OvWOhclfmon.exe
O4 - HKLM\..\Run: [GHeAMclfmon.exe] C:\WINDOWS\GHeAMclfmon.exe
O4 - HKLM\..\Run: [tEYKVclfmon.exe] C:\WINDOWS\tEYKVclfmon.exe
O4 - HKLM\..\Run: [leDhInvsvca32.exe] C:\WINDOWS\leDhInvsvca32.exe
O4 - HKLM\..\Run: [NXvMhnvsvca32.exe] C:\WINDOWS\NXvMhnvsvca32.exe
O4 - HKLM\..\Run: [txvAFnvsvca32.exe] C:\WINDOWS\txvAFnvsvca32.exe
O4 - HKLM\..\Run: [TWdWMclfmon.exe] C:\WINDOWS\TWdWMclfmon.exe
O4 - HKLM\..\Run: [gUeFhclfmon.exe] C:\WINDOWS\gUeFhclfmon.exe
O4 - HKLM\..\Run: [rByLIclfmon.exe] C:\WINDOWS\rByLIclfmon.exe
O4 - HKLM\..\Run: [mxQofnvsvca32.exe] C:\WINDOWS\mxQofnvsvca32.exe
O4 - HKLM\..\Run: [cltaKnvsvca32.exe] C:\WINDOWS\cltaKnvsvca32.exe
O4 - HKLM\..\Run: [oaclMnvsvca32.exe] C:\WINDOWS\oaclMnvsvca32.exe
O4 - HKLM\..\Run: [DGTJUclfmon.exe] C:\WINDOWS\DGTJUclfmon.exe
O4 - HKLM\..\Run: [ZRPyOnvsvca32.exe] C:\WINDOWS\ZRPyOnvsvca32.exe
O4 - HKLM\..\Run: [YkxxQnvsvca32.exe] C:\WINDOWS\YkxxQnvsvca32.exe
O4 - HKLM\..\Run: [GgLewnvsvca32.exe] C:\WINDOWS\GgLewnvsvca32.exe
O4 - HKLM\..\Run: [ViODHnvsvca32.exe] C:\WINDOWS\ViODHnvsvca32.exe
O4 - HKLM\..\Run: [KtaIpnvsvca32.exe] C:\WINDOWS\KtaIpnvsvca32.exe
O4 - HKLM\..\Run: [MjOxBclfmon.exe] C:\WINDOWS\MjOxBclfmon.exe
O4 - HKLM\..\Run: [BuKJjclfmon.exe] C:\WINDOWS\BuKJjclfmon.exe
O4 - HKLM\..\Run: [UYrapclfmon.exe] C:\WINDOWS\UYrapclfmon.exe
O4 - HKLM\..\Run: [kIcxsnvsvca32.exe] C:\WINDOWS\kIcxsnvsvca32.exe
O4 - HKLM\..\Run: [FYNgQnvsvca32.exe] C:\WINDOWS\FYNgQnvsvca32.exe
O4 - HKLM\..\Run: [aVpeCnvsvca32.exe] C:\WINDOWS\aVpeCnvsvca32.exe
O4 - HKLM\..\Run: [pQJDSnvsvca32.exe] C:\WINDOWS\pQJDSnvsvca32.exe
O4 - HKLM\..\Run: [mNBnGclfmon.exe] C:\WINDOWS\mNBnGclfmon.exe
O4 - HKLM\..\Run: [Wfbibnvsvca32.exe] C:\WINDOWS\Wfbibnvsvca32.exe
O4 - HKLM\..\Run: [FcbLUnvsvca32.exe] C:\WINDOWS\FcbLUnvsvca32.exe
O4 - HKLM\..\Run: [ePcaCclfmon.exe] C:\WINDOWS\ePcaCclfmon.exe
O4 - HKLM\..\Run: [CjXiFclfmon.exe] C:\WINDOWS\CjXiFclfmon.exe
O4 - HKLM\..\Run: [xdGBQclfmon.exe] C:\WINDOWS\xdGBQclfmon.exe
O4 - HKLM\..\Run: [GDmkPclfmon.exe] C:\WINDOWS\GDmkPclfmon.exe
O4 - HKLM\..\Run: [bOCNSnvsvca32.exe] C:\WINDOWS\bOCNSnvsvca32.exe
O4 - HKLM\..\Run: [IfGowclfmon.exe] C:\WINDOWS\IfGowclfmon.exe
O4 - HKLM\..\Run: [YbMDbclfmon.exe] C:\WINDOWS\YbMDbclfmon.exe
O4 - HKLM\..\Run: [ooHsdclfmon.exe] C:\WINDOWS\ooHsdclfmon.exe
O4 - HKLM\..\Run: [XZYOhnvsvca32.exe] C:\WINDOWS\XZYOhnvsvca32.exe
O4 - HKLM\..\Run: [eCvdEclfmon.exe] C:\WINDOWS\eCvdEclfmon.exe
O4 - HKLM\..\Run: [apJaynvsvca32.exe] C:\WINDOWS\apJaynvsvca32.exe
O4 - HKLM\..\Run: [ZUhTYnvsvca32.exe] C:\WINDOWS\ZUhTYnvsvca32.exe
O4 - HKLM\..\Run: [GDRvRclfmon.exe] C:\WINDOWS\GDRvRclfmon.exe
O4 - HKLM\..\Run: [lcCHUclfmon.exe] C:\WINDOWS\lcCHUclfmon.exe
O4 - HKLM\..\Run: [nOtCbclfmon.exe] C:\WINDOWS\nOtCbclfmon.exe
O4 - HKLM\..\Run: [kWmSInvsvca32.exe] C:\WINDOWS\kWmSInvsvca32.exe
O4 - HKLM\..\Run: [jvEDUnvsvca32.exe] C:\WINDOWS\jvEDUnvsvca32.exe
O4 - HKLM\..\Run: [HSDPRclfmon.exe] C:\WINDOWS\HSDPRclfmon.exe
O4 - HKLM\..\Run: [iAxOXclfmon.exe] C:\WINDOWS\iAxOXclfmon.exe
O4 - HKLM\..\Run: [xQARaclfmon.exe] C:\WINDOWS\xQARaclfmon.exe
O4 - HKLM\..\Run: [ZsEjCclfmon.exe] C:\WINDOWS\ZsEjCclfmon.exe
O4 - HKLM\..\Run: [qSxfUnvsvca32.exe] C:\WINDOWS\qSxfUnvsvca32.exe
O4 - HKLM\..\Run: [ALfpbclfmon.exe] C:\WINDOWS\ALfpbclfmon.exe
O4 - HKLM\..\Run: [PdYCdclfmon.exe] C:\WINDOWS\PdYCdclfmon.exe
O4 - HKLM\..\Run: [lIaBaclfmon.exe] C:\WINDOWS\lIaBaclfmon.exe
O4 - HKLM\..\Run: [NwaaQclfmon.exe] C:\WINDOWS\NwaaQclfmon.exe
O4 - HKLM\..\Run: [wRTbBnvsvca32.exe] C:\WINDOWS\wRTbBnvsvca32.exe
O4 - HKLM\..\Run: [MkUfLnvsvca32.exe] C:\WINDOWS\MkUfLnvsvca32.exe
O4 - HKLM\..\Run: [GbfsLclfmon.exe] C:\WINDOWS\GbfsLclfmon.exe
O4 - HKLM\..\Run: [JKjoQclfmon.exe] C:\WINDOWS\JKjoQclfmon.exe
O4 - HKLM\..\Run: [aROqEnvsvca32.exe] C:\WINDOWS\aROqEnvsvca32.exe
O4 - HKLM\..\Run: [ajVoPnvsvca32.exe] C:\WINDOWS\ajVoPnvsvca32.exe
O4 - HKLM\..\Run: [XbRsinvsvca32.exe] C:\WINDOWS\XbRsinvsvca32.exe
O4 - HKLM\..\Run: [ifOLRclfmon.exe] C:\WINDOWS\ifOLRclfmon.exe
O4 - HKLM\..\Run: [eQIlanvsvca32.exe] C:\WINDOWS\eQIlanvsvca32.exe
O4 - HKLM\..\Run: [tiBhlclfmon.exe] C:\WINDOWS\tiBhlclfmon.exe
O4 - HKLM\..\Run: [biaNinvsvca32.exe] C:\WINDOWS\biaNinvsvca32.exe
O4 - HKLM\..\Run: [kCbXrnvsvca32.exe] C:\WINDOWS\kCbXrnvsvca32.exe
O4 - HKLM\..\Run: [rKMbknvsvca32.exe] C:\WINDOWS\rKMbknvsvca32.exe
O4 - HKLM\..\Run: [YTecYclfmon.exe] C:\WINDOWS\YTecYclfmon.exe
O4 - HKLM\..\Run: [WpZfynvsvca32.exe] C:\WINDOWS\WpZfynvsvca32.exe
O4 - HKLM\..\Run: [nPSkJclfmon.exe] C:\WINDOWS\nPSkJclfmon.exe
O4 - HKLM\..\Run: [cKHqnclfmon.exe] C:\WINDOWS\cKHqnclfmon.exe
O4 - HKLM\..\Run: [JLRjbnvsvca32.exe] C:\WINDOWS\JLRjbnvsvca32.exe
O4 - HKLM\..\Run: [RYdloclfmon.exe] C:\WINDOWS\RYdloclfmon.exe
O4 - HKLM\..\Run: [bcIGrnvsvca32.exe] C:\WINDOWS\bcIGrnvsvca32.exe
O4 - HKLM\..\Run: [lcJJFclfmon.exe] C:\WINDOWS\lcJJFclfmon.exe
O4 - HKLM\..\Run: [FgevQclfmon.exe] C:\WINDOWS\FgevQclfmon.exe
O4 - HKLM\..\Run: [TpAuWclfmon.exe] C:\WINDOWS\TpAuWclfmon.exe
O4 - HKLM\..\Run: [rGrqinvsvca32.exe] C:\WINDOWS\rGrqinvsvca32.exe
O4 - HKLM\..\Run: [iApwnnvsvca32.exe] C:\WINDOWS\iApwnnvsvca32.exe
O4 - HKLM\..\Run: [PAPpdnvsvca32.exe] C:\WINDOWS\PAPpdnvsvca32.exe
O4 - HKLM\..\Run: [KhVByclfmon.exe] C:\WINDOWS\KhVByclfmon.exe
O4 - HKLM\..\Run: [CaqiZnvsvca32.exe] C:\WINDOWS\CaqiZnvsvca32.exe
O4 - HKLM\..\Run: [VHAsUnvsvca32.exe] C:\WINDOWS\VHAsUnvsvca32.exe
O4 - HKLM\..\Run: [vQJtBclfmon.exe] C:\WINDOWS\vQJtBclfmon.exe
O4 - HKLM\..\Run: [RfabMclfmon.exe] C:\WINDOWS\RfabMclfmon.exe
O4 - HKLM\..\Run: [yaNDSclfmon.exe] C:\WINDOWS\yaNDSclfmon.exe
O4 - HKLM\..\Run: [RbUgAclfmon.exe] C:\WINDOWS\RbUgAclfmon.exe
O4 - HKLM\..\Run: [rddYvclfmon.exe] C:\WINDOWS\rddYvclfmon.exe
O4 - HKLM\..\Run: [dddeBclfmon.exe] C:\WINDOWS\dddeBclfmon.exe
O4 - HKLM\..\Run: [pbFIMclfmon.exe] C:\WINDOWS\pbFIMclfmon.exe
O4 - HKLM\..\Run: [GagRKnvsvca32.exe] C:\WINDOWS\GagRKnvsvca32.exe
O4 - HKLM\..\Run: [CBBbgnvsvca32.exe] C:\WINDOWS\CBBbgnvsvca32.exe
O4 - HKLM\..\Run: [VVAbdclfmon.exe] C:\WINDOWS\VVAbdclfmon.exe
O4 - HKLM\..\Run: [FfKbZnvsvca32.exe] C:\WINDOWS\FfKbZnvsvca32.exe
O4 - HKLM\..\Run: [qMDdmclfmon.exe] C:\WINDOWS\qMDdmclfmon.exe
O4 - HKLM\..\Run: [rqwhMclfmon.exe] C:\WINDOWS\rqwhMclfmon.exe
O4 - HKLM\..\Run: [GWPnGclfmon.exe] C:\WINDOWS\GWPnGclfmon.exe
O4 - HKLM\..\Run: [yegMGnvsvca32.exe] C:\WINDOWS\yegMGnvsvca32.exe
O4 - HKLM\..\Run: [nSbalnvsvca32.exe] C:\WINDOWS\nSbalnvsvca32.exe
O4 - HKLM\..\Run: [iUTApnvsvca32.exe] C:\WINDOWS\iUTApnvsvca32.exe
O4 - HKLM\..\Run: [QVlXmnvsvca32.exe] C:\WINDOWS\QVlXmnvsvca32.exe
O4 - HKLM\..\Run: [lJfBbclfmon.exe] C:\WINDOWS\lJfBbclfmon.exe
O4 - HKLM\..\Run: [eDIHKclfmon.exe] C:\WINDOWS\eDIHKclfmon.exe
O4 - HKLM\..\Run: [FESAHnvsvca32.exe] C:\WINDOWS\FESAHnvsvca32.exe
O4 - HKLM\..\Run: [biqQfnvsvca32.exe] C:\WINDOWS\biqQfnvsvca32.exe
O4 - HKLM\..\Run: [IdeAmnvsvca32.exe] C:\WINDOWS\IdeAmnvsvca32.exe
O4 - HKLM\..\Run: [KedvGclfmon.exe] C:\WINDOWS\KedvGclfmon.exe
O4 - HKLM\..\Run: [CRImanvsvca32.exe] C:\WINDOWS\CRImanvsvca32.exe
O4 - HKLM\..\Run: [vacJBclfmon.exe] C:\WINDOWS\vacJBclfmon.exe
O4 - HKLM\..\Run: [GeGuwnvsvca32.exe] C:\WINDOWS\GeGuwnvsvca32.exe
O4 - HKLM\..\Run: [HumQGclfmon.exe] C:\WINDOWS\HumQGclfmon.exe
O4 - HKLM\..\Run: [sSHiaclfmon.exe] C:\WINDOWS\sSHiaclfmon.exe
O4 - HKLM\..\Run: [eZBVUnvsvca32.exe] C:\WINDOWS\eZBVUnvsvca32.exe
O4 - HKLM\..\Run: [RAFdqclfmon.exe] C:\WINDOWS\RAFdqclfmon.exe
O4 - HKLM\..\Run: [wljffnvsvca32.exe] C:\WINDOWS\wljffnvsvca32.exe
O4 - HKLM\..\Run: [HfwaNnvsvca32.exe] C:\WINDOWS\HfwaNnvsvca32.exe
O4 - HKLM\..\Run: [BvrVHclfmon.exe] C:\WINDOWS\BvrVHclfmon.exe
O4 - HKLM\..\Run: [ZGtsWnvsvca32.exe] C:\WINDOWS\ZGtsWnvsvca32.exe
O4 - HKLM\..\Run: [dHZfSclfmon.exe] C:\WINDOWS\dHZfSclfmon.exe
O4 - HKLM\..\Run: [cgjddnvsvca32.exe] C:\WINDOWS\cgjddnvsvca32.exe
O4 - HKLM\..\Run: [eoxMvclfmon.exe] C:\WINDOWS\eoxMvclfmon.exe
O4 - HKLM\..\Run: [qdaYFnvsvca32.exe] C:\WINDOWS\qdaYFnvsvca32.exe
O4 - HKLM\..\Run: [KBPdbclfmon.exe] C:\WINDOWS\KBPdbclfmon.exe
O4 - HKLM\..\Run: [lQOTHclfmon.exe] C:\WINDOWS\lQOTHclfmon.exe
O4 - HKLM\..\Run: [bRCauclfmon.exe] C:\WINDOWS\bRCauclfmon.exe
O4 - HKLM\..\Run: [ZEcIVnvsvca32.exe] C:\WINDOWS\ZEcIVnvsvca32.exe
O4 - HKLM\..\Run: [Wcwfbclfmon.exe] C:\WINDOWS\Wcwfbclfmon.exe
O4 - HKLM\..\Run: [TeGuDnvsvca32.exe] C:\WINDOWS\TeGuDnvsvca32.exe
O4 - HKLM\..\Run: [BRyXinvsvca32.exe] C:\WINDOWS\BRyXinvsvca32.exe
O4 - HKLM\..\Run: [xYHhQclfmon.exe] C:\WINDOWS\xYHhQclfmon.exe
O4 - HKLM\..\Run: [JFIqRclfmon.exe] C:\WINDOWS\JFIqRclfmon.exe
O4 - HKLM\..\Run: [aeJmanvsvca32.exe] C:\WINDOWS\aeJmanvsvca32.exe
O4 - HKLM\..\Run: [NQQamclfmon.exe] C:\WINDOWS\NQQamclfmon.exe
O4 - HKLM\..\Run: [vRaSaclfmon.exe] C:\WINDOWS\vRaSaclfmon.exe
O4 - HKLM\..\Run: [hjfgNnvsvca32.exe] C:\WINDOWS\hjfgNnvsvca32.exe
O4 - HKLM\..\Run: [ecHOhclfmon.exe] C:\WINDOWS\ecHOhclfmon.exe
O4 - HKLM\..\Run: [PlxUsclfmon.exe] C:\WINDOWS\PlxUsclfmon.exe
O4 - HKLM\..\Run: [NeCBenvsvca32.exe] C:\WINDOWS\NeCBenvsvca32.exe
O4 - HKLM\..\Run: [cpPEFclfmon.exe] C:\WINDOWS\cpPEFclfmon.exe
O4 - HKLM\..\Run: [iOAsanvsvca32.exe] C:\WINDOWS\iOAsanvsvca32.exe
O4 - HKLM\..\Run: [aVdetclfmon.exe] C:\WINDOWS\aVdetclfmon.exe
O4 - HKLM\..\Run: [IQapNclfmon.exe] C:\WINDOWS\IQapNclfmon.exe
O4 - HKLM\..\Run: [DFTlZnvsvca32.exe] C:\WINDOWS\DFTlZnvsvca32.exe
O4 - HKLM\..\Run: [JbCkqnvsvca32.exe] C:\WINDOWS\JbCkqnvsvca32.exe
O4 - HKLM\..\Run: [vFSGUnvsvca32.exe] C:\WINDOWS\vFSGUnvsvca32.exe
O4 - HKLM\..\Run: [XtEYEnvsvca32.exe] C:\WINDOWS\XtEYEnvsvca32.exe
O4 - HKLM\..\Run: [Ymedcnvsvca32.exe] C:\WINDOWS\Ymedcnvsvca32.exe
O4 - HKLM\..\Run: [hEWfmnvsvca32.exe] C:\WINDOWS\hEWfmnvsvca32.exe
O4 - HKLM\..\Run: [daFdnclfmon.exe] C:\WINDOWS\daFdnclfmon.exe
O4 - HKLM\..\Run: [KcXeknvsvca32.exe] C:\WINDOWS\KcXeknvsvca32.exe
O4 - HKLM\..\Run: [Deakfnvsvca32.exe] C:\WINDOWS\Deakfnvsvca32.exe
O4 - HKLM\..\Run: [YESvonvsvca32.exe] C:\WINDOWS\YESvonvsvca32.exe
O4 - HKLM\..\Run: [VqfGanvsvca32.exe] C:\WINDOWS\VqfGanvsvca32.exe
O4 - HKLM\..\Run: [SyhWIclfmon.exe] C:\WINDOWS\SyhWIclfmon.exe
O4 - HKLM\..\Run: [btuIunvsvca32.exe] C:\WINDOWS\btuIunvsvca32.exe
O4 - HKLM\..\Run: [YCDYbnvsvca32.exe] C:\WINDOWS\YCDYbnvsvca32.exe
O4 - HKLM\..\Run: [doebnnvsvca32.exe] C:\WINDOWS\doebnnvsvca32.exe
O4 - HKLM\..\Run: [KAwcdnvsvca32.exe] C:\WINDOWS\KAwcdnvsvca32.exe
O4 - HKLM\..\Run: [Gtpewnvsvca32.exe] C:\WINDOWS\Gtpewnvsvca32.exe
O4 - HKLM\..\Run: [fvHPmclfmon.exe] C:\WINDOWS\fvHPmclfmon.exe
O4 - HKLM\..\Run: [cmrDBclfmon.exe] C:\WINDOWS\cmrDBclfmon.exe
O4 - HKLM\..\Run: [EbeVjnvsvca32.exe] C:\WINDOWS\EbeVjnvsvca32.exe
O4 - HKLM\..\Run: [okQuLclfmon.exe] C:\WINDOWS\okQuLclfmon.exe
O4 - HKLM\..\Run: [QWDFuclfmon.exe] C:\WINDOWS\QWDFuclfmon.exe
O4 - HKLM\..\Run: [TnNIUnvsvca32.exe] C:\WINDOWS\TnNIUnvsvca32.exe
O4 - HKLM\..\Run: [iFcJEnvsvca32.exe] C:\WINDOWS\iFcJEnvsvca32.exe
O4 - HKLM\..\Run: [UGoCHclfmon.exe] C:\WINDOWS\UGoCHclfmon.exe
O4 - HKLM\..\Run: [BHIDEclfmon.exe] C:\WINDOWS\BHIDEclfmon.exe
O4 - HKLM\..\Run: [FQMuinvsvca32.exe] C:\WINDOWS\FQMuinvsvca32.exe
O4 - HKLM\..\Run: [faWgfclfmon.exe] C:\WINDOWS\faWgfclfmon.exe
O4 - HKLM\..\Run: [hACBPclfmon.exe] C:\WINDOWS\hACBPclfmon.exe
O4 - HKLM\..\Run: [OBLuMclfmon.exe] C:\WINDOWS\OBLuMclfmon.exe
O4 - HKLM\..\Run: [cAftYnvsvca32.exe] C:\WINDOWS\cAftYnvsvca32.exe
O4 - HKLM\..\Run: [uwAPdnvsvca32.exe] C:\WINDOWS\uwAPdnvsvca32.exe
O4 - HKLM\..\Run: [RvlaEnvsvca32.exe] C:\WINDOWS\RvlaEnvsvca32.exe
O4 - HKLM\..\Run: [iVmcWclfmon.exe] C:\WINDOWS\iVmcWclfmon.exe
O4 - HKLM\..\Run: [dbsxHnvsvca32.exe] C:\WINDOWS\dbsxHnvsvca32.exe
O4 - HKLM\..\Run: [hfTaJclfmon.exe] C:\WINDOWS\hfTaJclfmon.exe
O4 - HKLM\..\Run: [uvgoHnvsvca32.exe] C:\WINDOWS\uvgoHnvsvca32.exe
O4 - HKLM\..\Run: [ZNfjYnvsvca32.exe] C:\WINDOWS\ZNfjYnvsvca32.exe
O4 - HKLM\..\Run: [ElpFvclfmon.exe] C:\WINDOWS\ElpFvclfmon.exe
O4 - HKLM\..\Run: [LHoalclfmon.exe] C:\WINDOWS\LHoalclfmon.exe
O4 - HKLM\..\Run: [PakgXnvsvca32.exe] C:\WINDOWS\PakgXnvsvca32.exe
O4 - HKLM\..\Run: [Misvynvsvca32.exe] C:\WINDOWS\Misvynvsvca32.exe
O4 - HKLM\..\Run: [bTYEdnvsvca32.exe] C:\WINDOWS\bTYEdnvsvca32.exe
O4 - HKLM\..\Run: [AlRPhnvsvca32.exe] C:\WINDOWS\AlRPhnvsvca32.exe
O4 - HKLM\..\Run: [DJbBgclfmon.exe] C:\WINDOWS\DJbBgclfmon.exe
O4 - HKLM\..\Run: [uEGcIclfmon.exe] C:\WINDOWS\uEGcIclfmon.exe
O4 - HKLM\..\Run: [XiFqFclfmon.exe] C:\WINDOWS\XiFqFclfmon.exe
O4 - HKLM\..\Run: [xkectclfmon.exe] C:\WINDOWS\xkectclfmon.exe
O4 - HKLM\..\Run: [HfUTxnvsvca32.exe] C:\WINDOWS\HfUTxnvsvca32.exe
O4 - HKLM\..\Run: [KgNUfnvsvca32.exe] C:\WINDOWS\KgNUfnvsvca32.exe
O4 - HKLM\..\Run: [acdRIclfmon.exe] C:\WINDOWS\acdRIclfmon.exe
O4 - HKLM\..\Run: [ZVirAclfmon.exe] C:\WINDOWS\ZVirAclfmon.exe
O4 - HKLM\..\Run: [fsvvIclfmon.exe] C:\WINDOWS\fsvvIclfmon.exe
O4 - HKLM\..\Run: [SvcH0st] C:\WINDOWS\shch.exe /i
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common

Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [TkBellExee] C:\WINDOWS\realschd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04

\bin\jusched.exe
O4 - HKLM\..\Run: [ASDPLUGIN] C:\WINDOWS\system32\temp532.exe -N
O4 - HKLM\..\Run: [IEACCESS] C:\WINDOWS\system32\temp532.exe -N
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe

/Consumer
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"

/WinStart
O4 - Startup: Microsoft Find Fast.lnk = C:\program files\Microsoft

Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\program files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Remedy Keys.lnk = C:\program files\Remedy Keys.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\program files\Common

Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BigFix.lnk = C:\program files\BigFix\BigFix.exe
O4 - Global Startup: EPSON CardMonitor.lnk = ?
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk =

C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Kodak EasyShare software.lnk = C:\program files\Kodak\Kodak

EasyShare Software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\program files\Kodak\KODAK Software

Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\program files\Logitech\Desktop

Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\program files\Microsoft Office\Office10

\OSA.EXE
O4 - Global Startup: Remedy Keys.lnk = C:\program files\Remedy Keys.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2

\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}

- C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} -

C:\WINDOWS\remove_me.dll (file missing)
O9 - Extra button: Microsoft® JavaScript® Console - {3D3809CB-C35F-4465-825B-

461B903BEB9F} - C:\WINDOWS\system32\COMDLG32.OCX
O9 - Extra 'Tools' menuitem: JavaScript Console - {3D3809CB-C35F-4465-825B-

461B903BEB9F} - C:\WINDOWS\system32\COMDLG32.OCX
O9 - Extra button: Microsoft® JavaScript® Console - {405BCD7B-F932-4841-8C22-

C1E99CB4A7F7} - C:\WINDOWS\system32\COMDLG32.OCX
O9 - Extra 'Tools' menuitem: JavaScript Console - {405BCD7B-F932-4841-8C22-

C1E99CB4A7F7} - C:\WINDOWS\system32\COMDLG32.OCX
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program

Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: Microsoft® JavaScript® Console - {A62943F4-B2DA-4366-A12B-

BDFCB6004B4D} - C:\WINDOWS\system32\COMDLG32.OCX
O9 - Extra 'Tools' menuitem: JavaScript Console - {A62943F4-B2DA-4366-A12B-

BDFCB6004B4D} - C:\WINDOWS\system32\COMDLG32.OCX
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\program

files\AIM\aim.exe
O9 - Extra button: Microsoft® JavaScript® Console - {B72A6D8C-8F6D-4C9F-90FF-

25D0A050B96F} - C:\WINDOWS\system32\COMDLG32.OCX
O9 - Extra 'Tools' menuitem: JavaScript Console - {B72A6D8C-8F6D-4C9F-90FF-

25D0A050B96F} - C:\WINDOWS\system32\COMDLG32.OCX
O9 - Extra button: Microsoft® JavaScript® Console - {EB6B5DA5-6946-4613-977A-

385D8F0FE1BF} - C:\WINDOWS\system32\COMDLG32.OCX
O9 - Extra 'Tools' menuitem: JavaScript Console - {EB6B5DA5-6946-4613-977A-

385D8F0FE1BF} - C:\WINDOWS\system32\COMDLG32.OCX
O9 - Extra button: Microsoft® JavaScript® Console - {ECCD6D25-C922-4186-ACC9-

8C1BA418D12B} - C:\WINDOWS\system32\COMDLG32.OCX
O9 - Extra 'Tools' menuitem: JavaScript Console - {ECCD6D25-C922-4186-ACC9-

8C1BA418D12B} - C:\WINDOWS\system32\COMDLG32.OCX
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}

- C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} -

C:\WINDOWS\remove_me.dll (file missing) (HKCU)
O9 - Extra button: (no name) - {3D3809CB-C35F-4465-825B-461B903BEB9F} - C:\Documents

and Settings\Hannah May Sage\Local Settings\Temporary Internet Files\Content.IE5

\KZ6J2TUD\cxmsx[1].exe (file missing) (HKCU)
O9 - Extra button: Microsoft® JavaScript® Console - {405BCD7B-F932-4841-8C22-

C1E99CB4A7F7} - C:\WINDOWS\system32\COMDLG32.OCX (HKCU)
O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - (no file)

(HKCU)
O9 - Extra button: Microsoft® JavaScript® Console - {EB6B5DA5-6946-4613-977A-

385D8F0FE1BF} - C:\WINDOWS\system32\COMDLG32.OCX (HKCU)
O9 - Extra 'Tools' menuitem: JavaScript Console - {EB6B5DA5-6946-4613-977A-

385D8F0FE1BF} - C:\WINDOWS\system32\COMDLG32.OCX (HKCU)
O9 - Extra button: Microsoft® JavaScript® Console - {ECCD6D25-C922-4186-ACC9-

8C1BA418D12B} - C:\WINDOWS\system32\COMDLG32.OCX (HKCU)
O9 - Extra 'Tools' menuitem: JavaScript Console - {ECCD6D25-C922-4186-ACC9-

8C1BA418D12B} - C:\WINDOWS\system32\COMDLG32.OCX (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.etel-internet.co.uk
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -

http://www.kaspersky.com/downloads/kws/ ... nicode.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -

http://messenger.zone.msn.com/binary/Me ... Client.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) -

http://www.telewest.co.uk/motive/files/ ... reQual.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) -

http://by8fd.bay8.hotmail.msn.com/activex/HMAtchmt.ocx
O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe

Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation -

C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd -

C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON

CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program

Files\ewido\security suite\ewidoctrl.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. -

C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company -

C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation

- C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec

Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton

AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1

\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation -

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common

Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common

Files\Symantec Shared\Security Center\SymWSC.exe
User avatar
MikeSage
Active Member
 
Posts: 13
Joined: June 23rd, 2005, 3:13 pm
Location: UK
Advertisement
Register to Remove

Unread postby Perculator » October 6th, 2005, 4:57 pm

Copy this text to a Notepad file and save it to your desktop! We will need the file later.


1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Do not switch it back on till i tell you so, and that might be a few posts later

***
Download CleanUp!.
If that doesn’t work, use this link.
Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
*Click "Options..."
*Move the arrow down to "Custom CleanUp!"
*Put a check next to the following:
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
  • Scan local drives for temporary files
  • Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.


Once it's done, press close you will now be asked to log off click no we’ll reboot into safe mode later instead.



***
Please download the Killbox.
Unzip it to the desktop but do NOT run it yet.


While your computer is restarting, tap the F8 key continually until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter.



Start hijackthis and put a check at the following lines

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.heretofind.com/show.php?id=0&q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.stupiditykills.co.uk/homepage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.myexexex.com/search.php?said=spage
O4 - HKLM\..\Run: [clfmon] C:\WINDOWS\clfmon.exe
O4 - HKLM\..\Run: [nvsvca32] C:\WINDOWS\nvsvca32.exe
O4 - HKLM\..\Run: [tfDPSclfmon.exe] C:\WINDOWS\tfDPSclfmon.exe
O4 - HKLM\..\Run: [rjcJdclfmon.exe] C:\WINDOWS\rjcJdclfmon.exe
O4 - HKLM\..\Run: [ZtqfUnvsvca32.exe] C:\WINDOWS\ZtqfUnvsvca32.exe
O4 - HKLM\..\Run: [npImdnvsvca32.exe] C:\WINDOWS\npImdnvsvca32.exe
O4 - HKLM\..\Run: [AHmGxclfmon.exe] C:\WINDOWS\AHmGxclfmon.exe
O4 - HKLM\..\Run: [xErGoclfmon.exe] C:\WINDOWS\xErGoclfmon.exe
O4 - HKLM\..\Run: [tOdYOnvsvca32.exe] C:\WINDOWS\tOdYOnvsvca32.exe
O4 - HKLM\..\Run: [VnqGFnvsvca32.exe] C:\WINDOWS\VnqGFnvsvca32.exe
O4 - HKLM\..\Run: [fclebnvsvca32.exe] C:\WINDOWS\fclebnvsvca32.exe
O4 - HKLM\..\Run: [VXBrcnvsvca32.exe] C:\WINDOWS\VXBrcnvsvca32.exe
O4 - HKLM\..\Run: [eehQSclfmon.exe] C:\WINDOWS\eehQSclfmon.exe
O4 - HKLM\..\Run: [aRXRgclfmon.exe] C:\WINDOWS\aRXRgclfmon.exe
O4 - HKLM\..\Run: [vAPBVnvsvca32.exe] C:\WINDOWS\vAPBVnvsvca32.exe
O4 - HKLM\..\Run: [edCTBnvsvca32.exe] C:\WINDOWS\edCTBnvsvca32.exe
O4 - HKLM\..\Run: [aaLodnvsvca32.exe] C:\WINDOWS\aaLodnvsvca32.exe
O4 - HKLM\..\Run: [cGCqjnvsvca32.exe] C:\WINDOWS\cGCqjnvsvca32.exe
O4 - HKLM\..\Run: [wDGQanvsvca32.exe] C:\WINDOWS\wDGQanvsvca32.exe
O4 - HKLM\..\Run: [blaDUnvsvca32.exe] C:\WINDOWS\blaDUnvsvca32.exe
O4 - HKLM\..\Run: [mQlEuclfmon.exe] C:\WINDOWS\mQlEuclfmon.exe
O4 - HKLM\..\Run: [YANgvclfmon.exe] C:\WINDOWS\YANgvclfmon.exe
O4 - HKLM\..\Run: [GfNbKnvsvca32.exe] C:\WINDOWS\GfNbKnvsvca32.exe
O4 - HKLM\..\Run: [IFiECclfmon.exe] C:\WINDOWS\IFiECclfmon.exe
O4 - HKLM\..\Run: [QsrUdnvsvca32.exe] C:\WINDOWS\QsrUdnvsvca32.exe
O4 - HKLM\..\Run: [OvWOhclfmon.exe] C:\WINDOWS\OvWOhclfmon.exe
O4 - HKLM\..\Run: [GHeAMclfmon.exe] C:\WINDOWS\GHeAMclfmon.exe
O4 - HKLM\..\Run: [tEYKVclfmon.exe] C:\WINDOWS\tEYKVclfmon.exe
O4 - HKLM\..\Run: [leDhInvsvca32.exe] C:\WINDOWS\leDhInvsvca32.exe
O4 - HKLM\..\Run: [NXvMhnvsvca32.exe] C:\WINDOWS\NXvMhnvsvca32.exe
O4 - HKLM\..\Run: [txvAFnvsvca32.exe] C:\WINDOWS\txvAFnvsvca32.exe
O4 - HKLM\..\Run: [TWdWMclfmon.exe] C:\WINDOWS\TWdWMclfmon.exe
O4 - HKLM\..\Run: [gUeFhclfmon.exe] C:\WINDOWS\gUeFhclfmon.exe
O4 - HKLM\..\Run: [rByLIclfmon.exe] C:\WINDOWS\rByLIclfmon.exe
O4 - HKLM\..\Run: [mxQofnvsvca32.exe] C:\WINDOWS\mxQofnvsvca32.exe
O4 - HKLM\..\Run: [cltaKnvsvca32.exe] C:\WINDOWS\cltaKnvsvca32.exe
O4 - HKLM\..\Run: [oaclMnvsvca32.exe] C:\WINDOWS\oaclMnvsvca32.exe
O4 - HKLM\..\Run: [DGTJUclfmon.exe] C:\WINDOWS\DGTJUclfmon.exe
O4 - HKLM\..\Run: [ZRPyOnvsvca32.exe] C:\WINDOWS\ZRPyOnvsvca32.exe
O4 - HKLM\..\Run: [YkxxQnvsvca32.exe] C:\WINDOWS\YkxxQnvsvca32.exe
O4 - HKLM\..\Run: [GgLewnvsvca32.exe] C:\WINDOWS\GgLewnvsvca32.exe
O4 - HKLM\..\Run: [ViODHnvsvca32.exe] C:\WINDOWS\ViODHnvsvca32.exe
O4 - HKLM\..\Run: [KtaIpnvsvca32.exe] C:\WINDOWS\KtaIpnvsvca32.exe
O4 - HKLM\..\Run: [MjOxBclfmon.exe] C:\WINDOWS\MjOxBclfmon.exe
O4 - HKLM\..\Run: [BuKJjclfmon.exe] C:\WINDOWS\BuKJjclfmon.exe
O4 - HKLM\..\Run: [UYrapclfmon.exe] C:\WINDOWS\UYrapclfmon.exe
O4 - HKLM\..\Run: [kIcxsnvsvca32.exe] C:\WINDOWS\kIcxsnvsvca32.exe
O4 - HKLM\..\Run: [FYNgQnvsvca32.exe] C:\WINDOWS\FYNgQnvsvca32.exe
O4 - HKLM\..\Run: [aVpeCnvsvca32.exe] C:\WINDOWS\aVpeCnvsvca32.exe
O4 - HKLM\..\Run: [pQJDSnvsvca32.exe] C:\WINDOWS\pQJDSnvsvca32.exe
O4 - HKLM\..\Run: [mNBnGclfmon.exe] C:\WINDOWS\mNBnGclfmon.exe
O4 - HKLM\..\Run: [Wfbibnvsvca32.exe] C:\WINDOWS\Wfbibnvsvca32.exe
O4 - HKLM\..\Run: [FcbLUnvsvca32.exe] C:\WINDOWS\FcbLUnvsvca32.exe
O4 - HKLM\..\Run: [ePcaCclfmon.exe] C:\WINDOWS\ePcaCclfmon.exe
O4 - HKLM\..\Run: [CjXiFclfmon.exe] C:\WINDOWS\CjXiFclfmon.exe
O4 - HKLM\..\Run: [xdGBQclfmon.exe] C:\WINDOWS\xdGBQclfmon.exe
O4 - HKLM\..\Run: [GDmkPclfmon.exe] C:\WINDOWS\GDmkPclfmon.exe
O4 - HKLM\..\Run: [bOCNSnvsvca32.exe] C:\WINDOWS\bOCNSnvsvca32.exe
O4 - HKLM\..\Run: [IfGowclfmon.exe] C:\WINDOWS\IfGowclfmon.exe
O4 - HKLM\..\Run: [YbMDbclfmon.exe] C:\WINDOWS\YbMDbclfmon.exe
O4 - HKLM\..\Run: [ooHsdclfmon.exe] C:\WINDOWS\ooHsdclfmon.exe
O4 - HKLM\..\Run: [XZYOhnvsvca32.exe] C:\WINDOWS\XZYOhnvsvca32.exe
O4 - HKLM\..\Run: [eCvdEclfmon.exe] C:\WINDOWS\eCvdEclfmon.exe
O4 - HKLM\..\Run: [apJaynvsvca32.exe] C:\WINDOWS\apJaynvsvca32.exe
O4 - HKLM\..\Run: [ZUhTYnvsvca32.exe] C:\WINDOWS\ZUhTYnvsvca32.exe
O4 - HKLM\..\Run: [GDRvRclfmon.exe] C:\WINDOWS\GDRvRclfmon.exe
O4 - HKLM\..\Run: [lcCHUclfmon.exe] C:\WINDOWS\lcCHUclfmon.exe
O4 - HKLM\..\Run: [nOtCbclfmon.exe] C:\WINDOWS\nOtCbclfmon.exe
O4 - HKLM\..\Run: [kWmSInvsvca32.exe] C:\WINDOWS\kWmSInvsvca32.exe
O4 - HKLM\..\Run: [jvEDUnvsvca32.exe] C:\WINDOWS\jvEDUnvsvca32.exe
O4 - HKLM\..\Run: [HSDPRclfmon.exe] C:\WINDOWS\HSDPRclfmon.exe
O4 - HKLM\..\Run: [iAxOXclfmon.exe] C:\WINDOWS\iAxOXclfmon.exe
O4 - HKLM\..\Run: [xQARaclfmon.exe] C:\WINDOWS\xQARaclfmon.exe
O4 - HKLM\..\Run: [ZsEjCclfmon.exe] C:\WINDOWS\ZsEjCclfmon.exe
O4 - HKLM\..\Run: [qSxfUnvsvca32.exe] C:\WINDOWS\qSxfUnvsvca32.exe
O4 - HKLM\..\Run: [ALfpbclfmon.exe] C:\WINDOWS\ALfpbclfmon.exe
O4 - HKLM\..\Run: [PdYCdclfmon.exe] C:\WINDOWS\PdYCdclfmon.exe
O4 - HKLM\..\Run: [lIaBaclfmon.exe] C:\WINDOWS\lIaBaclfmon.exe
O4 - HKLM\..\Run: [NwaaQclfmon.exe] C:\WINDOWS\NwaaQclfmon.exe
O4 - HKLM\..\Run: [wRTbBnvsvca32.exe] C:\WINDOWS\wRTbBnvsvca32.exe
O4 - HKLM\..\Run: [MkUfLnvsvca32.exe] C:\WINDOWS\MkUfLnvsvca32.exe
O4 - HKLM\..\Run: [GbfsLclfmon.exe] C:\WINDOWS\GbfsLclfmon.exe
O4 - HKLM\..\Run: [JKjoQclfmon.exe] C:\WINDOWS\JKjoQclfmon.exe
O4 - HKLM\..\Run: [aROqEnvsvca32.exe] C:\WINDOWS\aROqEnvsvca32.exe
O4 - HKLM\..\Run: [ajVoPnvsvca32.exe] C:\WINDOWS\ajVoPnvsvca32.exe
O4 - HKLM\..\Run: [XbRsinvsvca32.exe] C:\WINDOWS\XbRsinvsvca32.exe
O4 - HKLM\..\Run: [ifOLRclfmon.exe] C:\WINDOWS\ifOLRclfmon.exe
O4 - HKLM\..\Run: [eQIlanvsvca32.exe] C:\WINDOWS\eQIlanvsvca32.exe
O4 - HKLM\..\Run: [tiBhlclfmon.exe] C:\WINDOWS\tiBhlclfmon.exe
O4 - HKLM\..\Run: [biaNinvsvca32.exe] C:\WINDOWS\biaNinvsvca32.exe
O4 - HKLM\..\Run: [kCbXrnvsvca32.exe] C:\WINDOWS\kCbXrnvsvca32.exe
O4 - HKLM\..\Run: [rKMbknvsvca32.exe] C:\WINDOWS\rKMbknvsvca32.exe
O4 - HKLM\..\Run: [YTecYclfmon.exe] C:\WINDOWS\YTecYclfmon.exe
O4 - HKLM\..\Run: [WpZfynvsvca32.exe] C:\WINDOWS\WpZfynvsvca32.exe
O4 - HKLM\..\Run: [nPSkJclfmon.exe] C:\WINDOWS\nPSkJclfmon.exe
O4 - HKLM\..\Run: [cKHqnclfmon.exe] C:\WINDOWS\cKHqnclfmon.exe
O4 - HKLM\..\Run: [JLRjbnvsvca32.exe] C:\WINDOWS\JLRjbnvsvca32.exe
O4 - HKLM\..\Run: [RYdloclfmon.exe] C:\WINDOWS\RYdloclfmon.exe
O4 - HKLM\..\Run: [bcIGrnvsvca32.exe] C:\WINDOWS\bcIGrnvsvca32.exe
O4 - HKLM\..\Run: [lcJJFclfmon.exe] C:\WINDOWS\lcJJFclfmon.exe
O4 - HKLM\..\Run: [FgevQclfmon.exe] C:\WINDOWS\FgevQclfmon.exe
O4 - HKLM\..\Run: [TpAuWclfmon.exe] C:\WINDOWS\TpAuWclfmon.exe
O4 - HKLM\..\Run: [rGrqinvsvca32.exe] C:\WINDOWS\rGrqinvsvca32.exe
O4 - HKLM\..\Run: [iApwnnvsvca32.exe] C:\WINDOWS\iApwnnvsvca32.exe
O4 - HKLM\..\Run: [PAPpdnvsvca32.exe] C:\WINDOWS\PAPpdnvsvca32.exe
O4 - HKLM\..\Run: [KhVByclfmon.exe] C:\WINDOWS\KhVByclfmon.exe
O4 - HKLM\..\Run: [CaqiZnvsvca32.exe] C:\WINDOWS\CaqiZnvsvca32.exe
O4 - HKLM\..\Run: [VHAsUnvsvca32.exe] C:\WINDOWS\VHAsUnvsvca32.exe
O4 - HKLM\..\Run: [vQJtBclfmon.exe] C:\WINDOWS\vQJtBclfmon.exe
O4 - HKLM\..\Run: [RfabMclfmon.exe] C:\WINDOWS\RfabMclfmon.exe
O4 - HKLM\..\Run: [yaNDSclfmon.exe] C:\WINDOWS\yaNDSclfmon.exe
O4 - HKLM\..\Run: [RbUgAclfmon.exe] C:\WINDOWS\RbUgAclfmon.exe
O4 - HKLM\..\Run: [rddYvclfmon.exe] C:\WINDOWS\rddYvclfmon.exe
O4 - HKLM\..\Run: [dddeBclfmon.exe] C:\WINDOWS\dddeBclfmon.exe
O4 - HKLM\..\Run: [pbFIMclfmon.exe] C:\WINDOWS\pbFIMclfmon.exe
O4 - HKLM\..\Run: [GagRKnvsvca32.exe] C:\WINDOWS\GagRKnvsvca32.exe
O4 - HKLM\..\Run: [CBBbgnvsvca32.exe] C:\WINDOWS\CBBbgnvsvca32.exe
O4 - HKLM\..\Run: [VVAbdclfmon.exe] C:\WINDOWS\VVAbdclfmon.exe
O4 - HKLM\..\Run: [FfKbZnvsvca32.exe] C:\WINDOWS\FfKbZnvsvca32.exe
O4 - HKLM\..\Run: [qMDdmclfmon.exe] C:\WINDOWS\qMDdmclfmon.exe
O4 - HKLM\..\Run: [rqwhMclfmon.exe] C:\WINDOWS\rqwhMclfmon.exe
O4 - HKLM\..\Run: [GWPnGclfmon.exe] C:\WINDOWS\GWPnGclfmon.exe
O4 - HKLM\..\Run: [yegMGnvsvca32.exe] C:\WINDOWS\yegMGnvsvca32.exe
O4 - HKLM\..\Run: [nSbalnvsvca32.exe] C:\WINDOWS\nSbalnvsvca32.exe
O4 - HKLM\..\Run: [iUTApnvsvca32.exe] C:\WINDOWS\iUTApnvsvca32.exe
O4 - HKLM\..\Run: [QVlXmnvsvca32.exe] C:\WINDOWS\QVlXmnvsvca32.exe
O4 - HKLM\..\Run: [lJfBbclfmon.exe] C:\WINDOWS\lJfBbclfmon.exe
O4 - HKLM\..\Run: [eDIHKclfmon.exe] C:\WINDOWS\eDIHKclfmon.exe
O4 - HKLM\..\Run: [FESAHnvsvca32.exe] C:\WINDOWS\FESAHnvsvca32.exe
O4 - HKLM\..\Run: [biqQfnvsvca32.exe] C:\WINDOWS\biqQfnvsvca32.exe
O4 - HKLM\..\Run: [IdeAmnvsvca32.exe] C:\WINDOWS\IdeAmnvsvca32.exe
O4 - HKLM\..\Run: [KedvGclfmon.exe] C:\WINDOWS\KedvGclfmon.exe
O4 - HKLM\..\Run: [CRImanvsvca32.exe] C:\WINDOWS\CRImanvsvca32.exe
O4 - HKLM\..\Run: [vacJBclfmon.exe] C:\WINDOWS\vacJBclfmon.exe
O4 - HKLM\..\Run: [GeGuwnvsvca32.exe] C:\WINDOWS\GeGuwnvsvca32.exe
O4 - HKLM\..\Run: [HumQGclfmon.exe] C:\WINDOWS\HumQGclfmon.exe
O4 - HKLM\..\Run: [sSHiaclfmon.exe] C:\WINDOWS\sSHiaclfmon.exe
O4 - HKLM\..\Run: [eZBVUnvsvca32.exe] C:\WINDOWS\eZBVUnvsvca32.exe
O4 - HKLM\..\Run: [RAFdqclfmon.exe] C:\WINDOWS\RAFdqclfmon.exe
O4 - HKLM\..\Run: [wljffnvsvca32.exe] C:\WINDOWS\wljffnvsvca32.exe
O4 - HKLM\..\Run: [HfwaNnvsvca32.exe] C:\WINDOWS\HfwaNnvsvca32.exe
O4 - HKLM\..\Run: [BvrVHclfmon.exe] C:\WINDOWS\BvrVHclfmon.exe
O4 - HKLM\..\Run: [ZGtsWnvsvca32.exe] C:\WINDOWS\ZGtsWnvsvca32.exe
O4 - HKLM\..\Run: [dHZfSclfmon.exe] C:\WINDOWS\dHZfSclfmon.exe
O4 - HKLM\..\Run: [cgjddnvsvca32.exe] C:\WINDOWS\cgjddnvsvca32.exe
O4 - HKLM\..\Run: [eoxMvclfmon.exe] C:\WINDOWS\eoxMvclfmon.exe
O4 - HKLM\..\Run: [qdaYFnvsvca32.exe] C:\WINDOWS\qdaYFnvsvca32.exe
O4 - HKLM\..\Run: [KBPdbclfmon.exe] C:\WINDOWS\KBPdbclfmon.exe
O4 - HKLM\..\Run: [lQOTHclfmon.exe] C:\WINDOWS\lQOTHclfmon.exe
O4 - HKLM\..\Run: [bRCauclfmon.exe] C:\WINDOWS\bRCauclfmon.exe
O4 - HKLM\..\Run: [ZEcIVnvsvca32.exe] C:\WINDOWS\ZEcIVnvsvca32.exe
O4 - HKLM\..\Run: [Wcwfbclfmon.exe] C:\WINDOWS\Wcwfbclfmon.exe
O4 - HKLM\..\Run: [TeGuDnvsvca32.exe] C:\WINDOWS\TeGuDnvsvca32.exe
O4 - HKLM\..\Run: [BRyXinvsvca32.exe] C:\WINDOWS\BRyXinvsvca32.exe
O4 - HKLM\..\Run: [xYHhQclfmon.exe] C:\WINDOWS\xYHhQclfmon.exe
O4 - HKLM\..\Run: [JFIqRclfmon.exe] C:\WINDOWS\JFIqRclfmon.exe
O4 - HKLM\..\Run: [aeJmanvsvca32.exe] C:\WINDOWS\aeJmanvsvca32.exe
O4 - HKLM\..\Run: [NQQamclfmon.exe] C:\WINDOWS\NQQamclfmon.exe
O4 - HKLM\..\Run: [vRaSaclfmon.exe] C:\WINDOWS\vRaSaclfmon.exe
O4 - HKLM\..\Run: [hjfgNnvsvca32.exe] C:\WINDOWS\hjfgNnvsvca32.exe
O4 - HKLM\..\Run: [ecHOhclfmon.exe] C:\WINDOWS\ecHOhclfmon.exe
O4 - HKLM\..\Run: [PlxUsclfmon.exe] C:\WINDOWS\PlxUsclfmon.exe
O4 - HKLM\..\Run: [NeCBenvsvca32.exe] C:\WINDOWS\NeCBenvsvca32.exe
O4 - HKLM\..\Run: [cpPEFclfmon.exe] C:\WINDOWS\cpPEFclfmon.exe
O4 - HKLM\..\Run: [iOAsanvsvca32.exe] C:\WINDOWS\iOAsanvsvca32.exe
O4 - HKLM\..\Run: [aVdetclfmon.exe] C:\WINDOWS\aVdetclfmon.exe
O4 - HKLM\..\Run: [IQapNclfmon.exe] C:\WINDOWS\IQapNclfmon.exe
O4 - HKLM\..\Run: [DFTlZnvsvca32.exe] C:\WINDOWS\DFTlZnvsvca32.exe
O4 - HKLM\..\Run: [JbCkqnvsvca32.exe] C:\WINDOWS\JbCkqnvsvca32.exe
O4 - HKLM\..\Run: [vFSGUnvsvca32.exe] C:\WINDOWS\vFSGUnvsvca32.exe
O4 - HKLM\..\Run: [XtEYEnvsvca32.exe] C:\WINDOWS\XtEYEnvsvca32.exe
O4 - HKLM\..\Run: [Ymedcnvsvca32.exe] C:\WINDOWS\Ymedcnvsvca32.exe
O4 - HKLM\..\Run: [hEWfmnvsvca32.exe] C:\WINDOWS\hEWfmnvsvca32.exe
O4 - HKLM\..\Run: [daFdnclfmon.exe] C:\WINDOWS\daFdnclfmon.exe
O4 - HKLM\..\Run: [KcXeknvsvca32.exe] C:\WINDOWS\KcXeknvsvca32.exe
O4 - HKLM\..\Run: [Deakfnvsvca32.exe] C:\WINDOWS\Deakfnvsvca32.exe
O4 - HKLM\..\Run: [YESvonvsvca32.exe] C:\WINDOWS\YESvonvsvca32.exe
O4 - HKLM\..\Run: [VqfGanvsvca32.exe] C:\WINDOWS\VqfGanvsvca32.exe
O4 - HKLM\..\Run: [SyhWIclfmon.exe] C:\WINDOWS\SyhWIclfmon.exe
O4 - HKLM\..\Run: [btuIunvsvca32.exe] C:\WINDOWS\btuIunvsvca32.exe
O4 - HKLM\..\Run: [YCDYbnvsvca32.exe] C:\WINDOWS\YCDYbnvsvca32.exe
O4 - HKLM\..\Run: [doebnnvsvca32.exe] C:\WINDOWS\doebnnvsvca32.exe
O4 - HKLM\..\Run: [KAwcdnvsvca32.exe] C:\WINDOWS\KAwcdnvsvca32.exe
O4 - HKLM\..\Run: [Gtpewnvsvca32.exe] C:\WINDOWS\Gtpewnvsvca32.exe
O4 - HKLM\..\Run: [fvHPmclfmon.exe] C:\WINDOWS\fvHPmclfmon.exe
O4 - HKLM\..\Run: [cmrDBclfmon.exe] C:\WINDOWS\cmrDBclfmon.exe
O4 - HKLM\..\Run: [EbeVjnvsvca32.exe] C:\WINDOWS\EbeVjnvsvca32.exe
O4 - HKLM\..\Run: [okQuLclfmon.exe] C:\WINDOWS\okQuLclfmon.exe
O4 - HKLM\..\Run: [QWDFuclfmon.exe] C:\WINDOWS\QWDFuclfmon.exe
O4 - HKLM\..\Run: [TnNIUnvsvca32.exe] C:\WINDOWS\TnNIUnvsvca32.exe
O4 - HKLM\..\Run: [iFcJEnvsvca32.exe] C:\WINDOWS\iFcJEnvsvca32.exe
O4 - HKLM\..\Run: [UGoCHclfmon.exe] C:\WINDOWS\UGoCHclfmon.exe
O4 - HKLM\..\Run: [BHIDEclfmon.exe] C:\WINDOWS\BHIDEclfmon.exe
O4 - HKLM\..\Run: [FQMuinvsvca32.exe] C:\WINDOWS\FQMuinvsvca32.exe
O4 - HKLM\..\Run: [faWgfclfmon.exe] C:\WINDOWS\faWgfclfmon.exe
O4 - HKLM\..\Run: [hACBPclfmon.exe] C:\WINDOWS\hACBPclfmon.exe
O4 - HKLM\..\Run: [OBLuMclfmon.exe] C:\WINDOWS\OBLuMclfmon.exe
O4 - HKLM\..\Run: [cAftYnvsvca32.exe] C:\WINDOWS\cAftYnvsvca32.exe
O4 - HKLM\..\Run: [uwAPdnvsvca32.exe] C:\WINDOWS\uwAPdnvsvca32.exe
O4 - HKLM\..\Run: [RvlaEnvsvca32.exe] C:\WINDOWS\RvlaEnvsvca32.exe
O4 - HKLM\..\Run: [iVmcWclfmon.exe] C:\WINDOWS\iVmcWclfmon.exe
O4 - HKLM\..\Run: [dbsxHnvsvca32.exe] C:\WINDOWS\dbsxHnvsvca32.exe
O4 - HKLM\..\Run: [hfTaJclfmon.exe] C:\WINDOWS\hfTaJclfmon.exe
O4 - HKLM\..\Run: [uvgoHnvsvca32.exe] C:\WINDOWS\uvgoHnvsvca32.exe
O4 - HKLM\..\Run: [ZNfjYnvsvca32.exe] C:\WINDOWS\ZNfjYnvsvca32.exe
O4 - HKLM\..\Run: [ElpFvclfmon.exe] C:\WINDOWS\ElpFvclfmon.exe
O4 - HKLM\..\Run: [LHoalclfmon.exe] C:\WINDOWS\LHoalclfmon.exe
O4 - HKLM\..\Run: [PakgXnvsvca32.exe] C:\WINDOWS\PakgXnvsvca32.exe
O4 - HKLM\..\Run: [Misvynvsvca32.exe] C:\WINDOWS\Misvynvsvca32.exe
O4 - HKLM\..\Run: [bTYEdnvsvca32.exe] C:\WINDOWS\bTYEdnvsvca32.exe
O4 - HKLM\..\Run: [AlRPhnvsvca32.exe] C:\WINDOWS\AlRPhnvsvca32.exe
O4 - HKLM\..\Run: [DJbBgclfmon.exe] C:\WINDOWS\DJbBgclfmon.exe
O4 - HKLM\..\Run: [uEGcIclfmon.exe] C:\WINDOWS\uEGcIclfmon.exe
O4 - HKLM\..\Run: [XiFqFclfmon.exe] C:\WINDOWS\XiFqFclfmon.exe
O4 - HKLM\..\Run: [xkectclfmon.exe] C:\WINDOWS\xkectclfmon.exe
O4 - HKLM\..\Run: [HfUTxnvsvca32.exe] C:\WINDOWS\HfUTxnvsvca32.exe
O4 - HKLM\..\Run: [KgNUfnvsvca32.exe] C:\WINDOWS\KgNUfnvsvca32.exe
O4 - HKLM\..\Run: [acdRIclfmon.exe] C:\WINDOWS\acdRIclfmon.exe
O4 - HKLM\..\Run: [ZVirAclfmon.exe] C:\WINDOWS\ZVirAclfmon.exe
O4 - HKLM\..\Run: [fsvvIclfmon.exe] C:\WINDOWS\fsvvIclfmon.exe
O4 - HKLM\..\Run: [SvcH0st] C:\WINDOWS\shch.exe /i
O4 - HKLM\..\Run: [TkBellExee] C:\WINDOWS\realschd.exe
O4 - Startup: Remedy Keys.lnk = C:\program files\Remedy Keys.exe
O4 - Global Startup: Remedy Keys.lnk = C:\program files\Remedy Keys.exe
O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - C:\WINDOWS\remove_me.dll (file missing)
O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - C:\WINDOWS\remove_me.dll (file missing) (HKCU)
O9 - Extra button: (no name) - {3D3809CB-C35F-4465-825B-461B903BEB9F} - C:\Documents and Settings\Hannah May Sage\Local Settings\Temporary Internet Files\Content.IE5\KZ6J2TUD\cxmsx[1].exe (file missing) (HKCU)

now click Fix checked
and close hijack this





Then please reboot into Safe Mode by restarting your computer and pressing F8 as your computer is booting up. Then select the Safe Mode option.

Once in Safe Mode, please run Killbox.

Select "Delete on Reboot".

Copy the file names below to the clipboard by highlighting them and pressing Control-C:
Code: Select all
C:\Documents and Settings\Hannah May Sage\Local Settings\Temporary Internet Files\Content.IE5\KZ6J2TUD\cxmsx[1].exe
C:\program files\Remedy Keys.exe
C:\WINDOWS\aaLodnvsvca32.exe
C:\WINDOWS\acdRIclfmon.exe
C:\WINDOWS\aeJmanvsvca32.exe
C:\WINDOWS\AHmGxclfmon.exe
C:\WINDOWS\ajVoPnvsvca32.exe
C:\WINDOWS\ALfpbclfmon.exe
C:\WINDOWS\AlRPhnvsvca32.exe
C:\WINDOWS\apJaynvsvca32.exe
C:\WINDOWS\aROqEnvsvca32.exe
C:\WINDOWS\aRXRgclfmon.exe
C:\WINDOWS\aVdetclfmon.exe
C:\WINDOWS\aVpeCnvsvca32.exe
C:\WINDOWS\bcIGrnvsvca32.exe
C:\WINDOWS\BHIDEclfmon.exe
C:\WINDOWS\biaNinvsvca32.exe
C:\WINDOWS\biqQfnvsvca32.exe
C:\WINDOWS\blaDUnvsvca32.exe
C:\WINDOWS\bOCNSnvsvca32.exe
C:\WINDOWS\bRCauclfmon.exe
C:\WINDOWS\BRyXinvsvca32.exe
C:\WINDOWS\btuIunvsvca32.exe
C:\WINDOWS\bTYEdnvsvca32.exe
C:\WINDOWS\BuKJjclfmon.exe
C:\WINDOWS\BvrVHclfmon.exe
C:\WINDOWS\cAftYnvsvca32.exe
C:\WINDOWS\CaqiZnvsvca32.exe
C:\WINDOWS\CBBbgnvsvca32.exe
C:\WINDOWS\cGCqjnvsvca32.exe
C:\WINDOWS\cgjddnvsvca32.exe
C:\WINDOWS\CjXiFclfmon.exe
C:\WINDOWS\cKHqnclfmon.exe
C:\WINDOWS\clfmon.exe
C:\WINDOWS\cltaKnvsvca32.exe
C:\WINDOWS\cmrDBclfmon.exe
C:\WINDOWS\cpPEFclfmon.exe
C:\WINDOWS\CRImanvsvca32.exe
C:\WINDOWS\daFdnclfmon.exe
C:\WINDOWS\dbsxHnvsvca32.exe
C:\WINDOWS\dddeBclfmon.exe
C:\WINDOWS\Deakfnvsvca32.exe
C:\WINDOWS\DFTlZnvsvca32.exe
C:\WINDOWS\DGTJUclfmon.exe
C:\WINDOWS\dHZfSclfmon.exe
C:\WINDOWS\DJbBgclfmon.exe
C:\WINDOWS\doebnnvsvca32.exe
C:\WINDOWS\EbeVjnvsvca32.exe
C:\WINDOWS\ecHOhclfmon.exe
C:\WINDOWS\eCvdEclfmon.exe
C:\WINDOWS\edCTBnvsvca32.exe
C:\WINDOWS\eDIHKclfmon.exe
C:\WINDOWS\eehQSclfmon.exe
C:\WINDOWS\ElpFvclfmon.exe
C:\WINDOWS\eoxMvclfmon.exe
C:\WINDOWS\ePcaCclfmon.exe
C:\WINDOWS\eQIlanvsvca32.exe
C:\WINDOWS\eZBVUnvsvca32.exe
C:\WINDOWS\faWgfclfmon.exe
C:\WINDOWS\FcbLUnvsvca32.exe
C:\WINDOWS\fclebnvsvca32.exe
C:\WINDOWS\FESAHnvsvca32.exe
C:\WINDOWS\FfKbZnvsvca32.exe
C:\WINDOWS\FgevQclfmon.exe
C:\WINDOWS\FQMuinvsvca32.exe
C:\WINDOWS\fsvvIclfmon.exe
C:\WINDOWS\fvHPmclfmon.exe
C:\WINDOWS\FYNgQnvsvca32.exe
C:\WINDOWS\GagRKnvsvca32.exe
C:\WINDOWS\GbfsLclfmon.exe
C:\WINDOWS\GDmkPclfmon.exe
C:\WINDOWS\GDRvRclfmon.exe
C:\WINDOWS\GeGuwnvsvca32.exe
C:\WINDOWS\GfNbKnvsvca32.exe
C:\WINDOWS\GgLewnvsvca32.exe
C:\WINDOWS\GHeAMclfmon.exe
C:\WINDOWS\Gtpewnvsvca32.exe
C:\WINDOWS\gUeFhclfmon.exe
C:\WINDOWS\GWPnGclfmon.exe
C:\WINDOWS\hACBPclfmon.exe
C:\WINDOWS\hEWfmnvsvca32.exe
C:\WINDOWS\hfTaJclfmon.exe
C:\WINDOWS\HfUTxnvsvca32.exe
C:\WINDOWS\HfwaNnvsvca32.exe
C:\WINDOWS\hjfgNnvsvca32.exe
C:\WINDOWS\HSDPRclfmon.exe
C:\WINDOWS\HumQGclfmon.exe
C:\WINDOWS\iApwnnvsvca32.exe
C:\WINDOWS\iAxOXclfmon.exe
C:\WINDOWS\IdeAmnvsvca32.exe
C:\WINDOWS\iFcJEnvsvca32.exe
C:\WINDOWS\IfGowclfmon.exe
C:\WINDOWS\IFiECclfmon.exe
C:\WINDOWS\ifOLRclfmon.exe
C:\WINDOWS\iOAsanvsvca32.exe
C:\WINDOWS\IQapNclfmon.exe
C:\WINDOWS\iUTApnvsvca32.exe
C:\WINDOWS\iVmcWclfmon.exe
C:\WINDOWS\JbCkqnvsvca32.exe
C:\WINDOWS\JFIqRclfmon.exe
C:\WINDOWS\JKjoQclfmon.exe
C:\WINDOWS\JLRjbnvsvca32.exe
C:\WINDOWS\jvEDUnvsvca32.exe
C:\WINDOWS\KAwcdnvsvca32.exe
C:\WINDOWS\KBPdbclfmon.exe
C:\WINDOWS\kCbXrnvsvca32.exe
C:\WINDOWS\KcXeknvsvca32.exe
C:\WINDOWS\KedvGclfmon.exe
C:\WINDOWS\KgNUfnvsvca32.exe
C:\WINDOWS\KhVByclfmon.exe
C:\WINDOWS\kIcxsnvsvca32.exe
C:\WINDOWS\KtaIpnvsvca32.exe
C:\WINDOWS\kWmSInvsvca32.exe
C:\WINDOWS\lcCHUclfmon.exe
C:\WINDOWS\lcJJFclfmon.exe
C:\WINDOWS\leDhInvsvca32.exe
C:\WINDOWS\LHoalclfmon.exe
C:\WINDOWS\lIaBaclfmon.exe
C:\WINDOWS\lJfBbclfmon.exe
C:\WINDOWS\lQOTHclfmon.exe
C:\WINDOWS\Misvynvsvca32.exe
C:\WINDOWS\MjOxBclfmon.exe
C:\WINDOWS\MkUfLnvsvca32.exe
C:\WINDOWS\mNBnGclfmon.exe
C:\WINDOWS\mQlEuclfmon.exe
C:\WINDOWS\mxQofnvsvca32.exe
C:\WINDOWS\NeCBenvsvca32.exe
C:\WINDOWS\nOtCbclfmon.exe
C:\WINDOWS\npImdnvsvca32.exe
C:\WINDOWS\nPSkJclfmon.exe
C:\WINDOWS\NQQamclfmon.exe
C:\WINDOWS\nSbalnvsvca32.exe
C:\WINDOWS\nvsvca32.exe
C:\WINDOWS\NwaaQclfmon.exe
C:\WINDOWS\NXvMhnvsvca32.exe
C:\WINDOWS\oaclMnvsvca32.exe
C:\WINDOWS\OBLuMclfmon.exe
C:\WINDOWS\okQuLclfmon.exe
C:\WINDOWS\ooHsdclfmon.exe
C:\WINDOWS\OvWOhclfmon.exe
C:\WINDOWS\PakgXnvsvca32.exe
C:\WINDOWS\PAPpdnvsvca32.exe
C:\WINDOWS\pbFIMclfmon.exe
C:\WINDOWS\PdYCdclfmon.exe
C:\WINDOWS\PlxUsclfmon.exe
C:\WINDOWS\pQJDSnvsvca32.exe
C:\WINDOWS\qdaYFnvsvca32.exe
C:\WINDOWS\qMDdmclfmon.exe
C:\WINDOWS\QsrUdnvsvca32.exe
C:\WINDOWS\qSxfUnvsvca32.exe
C:\WINDOWS\QVlXmnvsvca32.exe
C:\WINDOWS\QWDFuclfmon.exe
C:\WINDOWS\RAFdqclfmon.exe
C:\WINDOWS\RbUgAclfmon.exe
C:\WINDOWS\rByLIclfmon.exe
C:\WINDOWS\rddYvclfmon.exe
C:\WINDOWS\realschd.exe
C:\WINDOWS\RfabMclfmon.exe
C:\WINDOWS\rGrqinvsvca32.exe
C:\WINDOWS\rjcJdclfmon.exe
C:\WINDOWS\rKMbknvsvca32.exe
C:\WINDOWS\rqwhMclfmon.exe
C:\WINDOWS\RvlaEnvsvca32.exe
C:\WINDOWS\RYdloclfmon.exe
C:\WINDOWS\shch.exe
C:\WINDOWS\sSHiaclfmon.exe
C:\WINDOWS\SyhWIclfmon.exe
C:\WINDOWS\TeGuDnvsvca32.exe
C:\WINDOWS\tEYKVclfmon.exe
C:\WINDOWS\tfDPSclfmon.exe
C:\WINDOWS\tiBhlclfmon.exe
C:\WINDOWS\TnNIUnvsvca32.exe
C:\WINDOWS\tOdYOnvsvca32.exe
C:\WINDOWS\TpAuWclfmon.exe
C:\WINDOWS\TWdWMclfmon.exe
C:\WINDOWS\txvAFnvsvca32.exe
C:\WINDOWS\uEGcIclfmon.exe
C:\WINDOWS\UGoCHclfmon.exe
C:\WINDOWS\uvgoHnvsvca32.exe
C:\WINDOWS\uwAPdnvsvca32.exe
C:\WINDOWS\UYrapclfmon.exe
C:\WINDOWS\vacJBclfmon.exe
C:\WINDOWS\vAPBVnvsvca32.exe
C:\WINDOWS\vFSGUnvsvca32.exe
C:\WINDOWS\VHAsUnvsvca32.exe
C:\WINDOWS\ViODHnvsvca32.exe
C:\WINDOWS\VnqGFnvsvca32.exe
C:\WINDOWS\VqfGanvsvca32.exe
C:\WINDOWS\vQJtBclfmon.exe
C:\WINDOWS\vRaSaclfmon.exe
C:\WINDOWS\VVAbdclfmon.exe
C:\WINDOWS\VXBrcnvsvca32.exe
C:\WINDOWS\Wcwfbclfmon.exe
C:\WINDOWS\wDGQanvsvca32.exe
C:\WINDOWS\Wfbibnvsvca32.exe
C:\WINDOWS\wljffnvsvca32.exe
C:\WINDOWS\WpZfynvsvca32.exe
C:\WINDOWS\wRTbBnvsvca32.exe
C:\WINDOWS\XbRsinvsvca32.exe
C:\WINDOWS\xdGBQclfmon.exe
C:\WINDOWS\xErGoclfmon.exe
C:\WINDOWS\XiFqFclfmon.exe
C:\WINDOWS\xkectclfmon.exe
C:\WINDOWS\xQARaclfmon.exe
C:\WINDOWS\XtEYEnvsvca32.exe
C:\WINDOWS\xYHhQclfmon.exe
C:\WINDOWS\XZYOhnvsvca32.exe
C:\WINDOWS\yaNDSclfmon.exe
C:\WINDOWS\YANgvclfmon.exe
C:\WINDOWS\YbMDbclfmon.exe
C:\WINDOWS\YCDYbnvsvca32.exe
C:\WINDOWS\yegMGnvsvca32.exe
C:\WINDOWS\YESvonvsvca32.exe
C:\WINDOWS\YkxxQnvsvca32.exe
C:\WINDOWS\Ymedcnvsvca32.exe
C:\WINDOWS\YTecYclfmon.exe
C:\WINDOWS\ZEcIVnvsvca32.exe
C:\WINDOWS\ZGtsWnvsvca32.exe
C:\WINDOWS\ZNfjYnvsvca32.exe
C:\WINDOWS\ZRPyOnvsvca32.exe
C:\WINDOWS\ZsEjCclfmon.exe
C:\WINDOWS\ZtqfUnvsvca32.exe
C:\WINDOWS\ZUhTYnvsvca32.exe
C:\WINDOWS\ZVirAclfmon.exe


Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.


After the reboot run the Panda scan
and save the result

post back the result of the panda scan and a fresh hijack this log
User avatar
Perculator
Regular Member
 
Posts: 470
Joined: March 30th, 2005, 4:55 pm
Location: netherlands

Unread postby MikeSage » October 12th, 2005, 4:23 am

Okay, I got as far as opening the KillBox, and I copied those file names but it wouldn't let me paste them all into that text box, well, I clicked it and nothing appeared. so when I right clicked and pasted, only the very first file name appeared, and when I clicked the delete file, it asked if i wanted to create a backup, I said no, and it still appeared to do nothing :s

New HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 09:22:14, on 12/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Michael Colin Sage\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by evesham.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [Nokia Connection Monitor] "C:\Program Files\Common Files\Nokia\NCLTools\NclConf.exe"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [explorer] C:\WINDOWS\System32\explorer.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [ASDPLUGIN] C:\WINDOWS\system32\temp532.exe -N
O4 - HKLM\..\Run: [IEACCESS] C:\WINDOWS\system32\temp532.exe -N
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - Startup: Microsoft Find Fast.lnk = C:\program files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\program files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BigFix.lnk = C:\program files\BigFix\BigFix.exe
O4 - Global Startup: EPSON CardMonitor.lnk = ?
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Kodak EasyShare software.lnk = C:\program files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\program files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\program files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Microsoft® JavaScript® Console - {3D3809CB-C35F-4465-825B-461B903BEB9F} - C:\WINDOWS\system32\COMDLG32.OCX
O9 - Extra 'Tools' menuitem: JavaScript Console - {3D3809CB-C35F-4465-825B-461B903BEB9F} - C:\WINDOWS\system32\COMDLG32.OCX
O9 - Extra button: Microsoft® JavaScript® Console - {405BCD7B-F932-4841-8C22-C1E99CB4A7F7} - C:\WINDOWS\system32\COMDLG32.OCX
O9 - Extra 'Tools' menuitem: JavaScript Console - {405BCD7B-F932-4841-8C22-C1E99CB4A7F7} - C:\WINDOWS\system32\COMDLG32.OCX
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: Microsoft® JavaScript® Console - {A62943F4-B2DA-4366-A12B-BDFCB6004B4D} - C:\WINDOWS\system32\COMDLG32.OCX
O9 - Extra 'Tools' menuitem: JavaScript Console - {A62943F4-B2DA-4366-A12B-BDFCB6004B4D} - C:\WINDOWS\system32\COMDLG32.OCX
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\program files\AIM\aim.exe
O9 - Extra button: Microsoft® JavaScript® Console - {B72A6D8C-8F6D-4C9F-90FF-25D0A050B96F} - C:\WINDOWS\system32\COMDLG32.OCX
O9 - Extra 'Tools' menuitem: JavaScript Console - {B72A6D8C-8F6D-4C9F-90FF-25D0A050B96F} - C:\WINDOWS\system32\COMDLG32.OCX
O9 - Extra button: Microsoft® JavaScript® Console - {EB6B5DA5-6946-4613-977A-385D8F0FE1BF} - C:\WINDOWS\system32\COMDLG32.OCX
O9 - Extra 'Tools' menuitem: JavaScript Console - {EB6B5DA5-6946-4613-977A-385D8F0FE1BF} - C:\WINDOWS\system32\COMDLG32.OCX
O9 - Extra button: Microsoft® JavaScript® Console - {ECCD6D25-C922-4186-ACC9-8C1BA418D12B} - C:\WINDOWS\system32\COMDLG32.OCX
O9 - Extra 'Tools' menuitem: JavaScript Console - {ECCD6D25-C922-4186-ACC9-8C1BA418D12B} - C:\WINDOWS\system32\COMDLG32.OCX
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Microsoft® JavaScript® Console - {405BCD7B-F932-4841-8C22-C1E99CB4A7F7} - C:\WINDOWS\system32\COMDLG32.OCX (HKCU)
O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - (no file) (HKCU)
O9 - Extra button: Microsoft® JavaScript® Console - {EB6B5DA5-6946-4613-977A-385D8F0FE1BF} - C:\WINDOWS\system32\COMDLG32.OCX (HKCU)
O9 - Extra 'Tools' menuitem: JavaScript Console - {EB6B5DA5-6946-4613-977A-385D8F0FE1BF} - C:\WINDOWS\system32\COMDLG32.OCX (HKCU)
O9 - Extra button: Microsoft® JavaScript® Console - {ECCD6D25-C922-4186-ACC9-8C1BA418D12B} - C:\WINDOWS\system32\COMDLG32.OCX (HKCU)
O9 - Extra 'Tools' menuitem: JavaScript Console - {ECCD6D25-C922-4186-ACC9-8C1BA418D12B} - C:\WINDOWS\system32\COMDLG32.OCX (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.etel-internet.co.uk
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/ ... nicode.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... Client.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.telewest.co.uk/motive/files/ ... reQual.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by8fd.bay8.hotmail.msn.com/activex/HMAtchmt.ocx
O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
User avatar
MikeSage
Active Member
 
Posts: 13
Joined: June 23rd, 2005, 3:13 pm
Location: UK

Unread postby Perculator » October 13th, 2005, 2:46 pm

Download Brute Force Uninstaller.
Unzip it to a folder of it’s own (c:\BFU).

RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download IEACCESS Remover. Save it in the folder you made earlier (c:\BFU).

Start the Brute Force Uninstaller by doubleclicking BFU.exe

In the scriptline to execute copy and paste c:\bfu\ieaccess.bfu
Press execute and let it do it’s job.

Wait for the complete script execution box to popup and press OK.
Press exit to terminate the BFU program.

Open Internet Explorer.
Under Tools > Internet Options > on the General tab change your startpage to the one you want.

Post back to this topic using the add reply button with a fresh HijackThis log.
User avatar
Perculator
Regular Member
 
Posts: 470
Joined: March 30th, 2005, 4:55 pm
Location: netherlands

Unread postby NonSuch » November 2nd, 2005, 7:49 am

Whilst we appreciate that you may be busy, it has been 14 days or more since we heard from you. Most of your replies, both in this topic and your previous topic, were posted after long delays. A helper cannot possibly make progress in cleaning your system with such delays between responses.

This topic is now closed, if you still require assistance then please start a new topic in the Malware Removal Forum but be prepared to respond to your helper in a prompt manner.

You can help support this site from this link :
Donations For Malware Removal
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 288 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware