Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijackThis Please help diagnose


  • Please log in to reply
1 reply to this topic

#1 chezlavinia

chezlavinia

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:42 AM

Posted 12 March 2005 - 12:30 PM

Hello there, I have attached my first HijackThis log file. I don't know which files to leave and which to delete - can you help?

L

Logfile of HijackThis v1.99.1
Scan saved at 17:10:23, on 12/03/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50110
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50110
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50110
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: (no name) - {22B9A67D-E689-44B6-B775-0E8FE84B4F9B} - (no file)
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SDWin32 Class - {7C725941-A2EE-4DFB-8734-F05F7F323C3B} - C:\WINDOWS\System32\itios.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-gb\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-gb\msntb.dll
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [itiosc] C:\WINDOWS\System32\itiosc.exe
O4 - HKLM\..\Run: [hjiceao] C:\WINDOWS\System32\hjiceao.exe
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~2\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [EiPBDnvsvca32.exe] C:\WINDOWS\EiPBDnvsvca32.exe
O4 - HKLM\..\Run: [nBPXCnvsvca32.exe] C:\WINDOWS\nBPXCnvsvca32.exe
O4 - HKLM\..\Run: [XCNdoclfmon.exe] C:\WINDOWS\XCNdoclfmon.exe
O4 - HKLM\..\Run: [edFAMclfmon.exe] C:\WINDOWS\edFAMclfmon.exe
O4 - HKLM\..\Run: [IeBgPclfmon.exe] C:\WINDOWS\IeBgPclfmon.exe
O4 - HKLM\..\Run: [mHCCqnvsvca32.exe] C:\WINDOWS\mHCCqnvsvca32.exe
O4 - HKLM\..\Run: [egJTvnvsvca32.exe] C:\WINDOWS\egJTvnvsvca32.exe
O4 - HKLM\..\Run: [kbCeJclfmon.exe] C:\WINDOWS\kbCeJclfmon.exe
O4 - HKLM\..\Run: [cJWNvnvsvca32.exe] C:\WINDOWS\cJWNvnvsvca32.exe
O4 - HKLM\..\Run: [mhSHnclfmon.exe] C:\WINDOWS\mhSHnclfmon.exe
O4 - HKLM\..\Run: [nrYhNclfmon.exe] C:\WINDOWS\nrYhNclfmon.exe
O4 - HKLM\..\Run: [YoecIclfmon.exe] C:\WINDOWS\YoecIclfmon.exe
O4 - HKLM\..\Run: [AclYVclfmon.exe] C:\WINDOWS\AclYVclfmon.exe
O4 - HKLM\..\Run: [DRYWcnvsvca32.exe] C:\WINDOWS\DRYWcnvsvca32.exe
O4 - HKLM\..\Run: [fSeahnvsvca32.exe] C:\WINDOWS\fSeahnvsvca32.exe
O4 - HKLM\..\Run: [dNwtPnvsvca32.exe] C:\WINDOWS\dNwtPnvsvca32.exe
O4 - HKLM\..\Run: [mQlEuclfmon.exe] C:\WINDOWS\mQlEuclfmon.exe
O4 - HKLM\..\Run: [SIlicnvsvca32.exe] C:\WINDOWS\SIlicnvsvca32.exe
O4 - HKLM\..\Run: [eYCGGnvsvca32.exe] C:\WINDOWS\eYCGGnvsvca32.exe
O4 - HKLM\..\Run: [rLjfMnvsvca32.exe] C:\WINDOWS\rLjfMnvsvca32.exe
O4 - HKLM\..\Run: [mCHHsnvsvca32.exe] C:\WINDOWS\mCHHsnvsvca32.exe
O4 - HKLM\..\Run: [FiKMdnvsvca32.exe] C:\WINDOWS\FiKMdnvsvca32.exe
O4 - HKLM\..\Run: [UsQVmnvsvca32.exe] C:\WINDOWS\UsQVmnvsvca32.exe
O4 - HKLM\..\Run: [rDwPEclfmon.exe] C:\WINDOWS\rDwPEclfmon.exe
O4 - HKLM\..\Run: [sBcjGclfmon.exe] C:\WINDOWS\sBcjGclfmon.exe
O4 - HKLM\..\Run: [XEZMdclfmon.exe] C:\WINDOWS\XEZMdclfmon.exe
O4 - HKLM\..\Run: [eEwWVnvsvca32.exe] C:\WINDOWS\eEwWVnvsvca32.exe
O4 - HKLM\..\Run: [ZIGoCnvsvca32.exe] C:\WINDOWS\ZIGoCnvsvca32.exe
O4 - HKLM\..\Run: [fGwapnvsvca32.exe] C:\WINDOWS\fGwapnvsvca32.exe
O4 - HKLM\..\Run: [BeLLOnvsvca32.exe] C:\WINDOWS\BeLLOnvsvca32.exe
O4 - HKLM\..\Run: [BaFXRnvsvca32.exe] C:\WINDOWS\BaFXRnvsvca32.exe
O4 - HKLM\..\Run: [ujbaNclfmon.exe] C:\WINDOWS\ujbaNclfmon.exe
O4 - HKLM\..\Run: [mvhbEclfmon.exe] C:\WINDOWS\mvhbEclfmon.exe
O4 - HKLM\..\Run: [oceCxnvsvca32.exe] C:\WINDOWS\oceCxnvsvca32.exe
O4 - HKLM\..\Run: [eeOILclfmon.exe] C:\WINDOWS\eeOILclfmon.exe
O4 - HKLM\..\Run: [gRboFclfmon.exe] C:\WINDOWS\gRboFclfmon.exe
O4 - HKLM\..\Run: [ZrADBclfmon.exe] C:\WINDOWS\ZrADBclfmon.exe
O4 - HKLM\..\Run: [VJfBoclfmon.exe] C:\WINDOWS\VJfBoclfmon.exe
O4 - HKLM\..\Run: [RMMgCclfmon.exe] C:\WINDOWS\RMMgCclfmon.exe
O4 - HKLM\..\Run: [GCMnFnvsvca32.exe] C:\WINDOWS\GCMnFnvsvca32.exe
O4 - HKLM\..\Run: [ciQwfclfmon.exe] C:\WINDOWS\ciQwfclfmon.exe
O4 - HKLM\..\Run: [cHteRnvsvca32.exe] C:\WINDOWS\cHteRnvsvca32.exe
O4 - HKLM\..\Run: [gnMpmnvsvca32.exe] C:\WINDOWS\gnMpmnvsvca32.exe
O4 - HKLM\..\Run: [xcEafnvsvca32.exe] C:\WINDOWS\xcEafnvsvca32.exe
O4 - HKLM\..\Run: [iwWxwnvsvca32.exe] C:\WINDOWS\iwWxwnvsvca32.exe
O4 - HKLM\..\Run: [brLXJclfmon.exe] C:\WINDOWS\brLXJclfmon.exe
O4 - HKLM\..\Run: [FmPiXclfmon.exe] C:\WINDOWS\FmPiXclfmon.exe
O4 - HKLM\..\Run: [AjGdSclfmon.exe] C:\WINDOWS\AjGdSclfmon.exe
O4 - HKLM\..\Run: [QdHwnnvsvca32.exe] C:\WINDOWS\QdHwnnvsvca32.exe
O4 - HKLM\..\Run: [WpZeHnvsvca32.exe] C:\WINDOWS\WpZeHnvsvca32.exe
O4 - HKLM\..\Run: [FedZHnvsvca32.exe] C:\WINDOWS\FedZHnvsvca32.exe
O4 - HKLM\..\Run: [Dfmdinvsvca32.exe] C:\WINDOWS\Dfmdinvsvca32.exe
O4 - HKLM\..\Run: [PAbDtclfmon.exe] C:\WINDOWS\PAbDtclfmon.exe
O4 - HKLM\..\Run: [Jutbhnvsvca32.exe] C:\WINDOWS\Jutbhnvsvca32.exe
O4 - HKLM\..\Run: [CSCHEclfmon.exe] C:\WINDOWS\CSCHEclfmon.exe
O4 - HKLM\..\Run: [clqBrclfmon.exe] C:\WINDOWS\clqBrclfmon.exe
O4 - HKLM\..\Run: [KMopdnvsvca32.exe] C:\WINDOWS\KMopdnvsvca32.exe
O4 - HKLM\..\Run: [PNAGDclfmon.exe] C:\WINDOWS\PNAGDclfmon.exe
O4 - HKLM\..\Run: [XCJfUnvsvca32.exe] C:\WINDOWS\XCJfUnvsvca32.exe
O4 - HKLM\..\Run: [nUbaVnvsvca32.exe] C:\WINDOWS\nUbaVnvsvca32.exe
O4 - HKLM\..\Run: [ldKGAnvsvca32.exe] C:\WINDOWS\ldKGAnvsvca32.exe
O4 - HKLM\..\Run: [BwNDKclfmon.exe] C:\WINDOWS\BwNDKclfmon.exe
O4 - HKLM\..\Run: [IlWcfclfmon.exe] C:\WINDOWS\IlWcfclfmon.exe
O4 - HKLM\..\Run: [YFmkpnvsvca32.exe] C:\WINDOWS\YFmkpnvsvca32.exe
O4 - HKLM\..\Run: [irnKXnvsvca32.exe] C:\WINDOWS\irnKXnvsvca32.exe
O4 - HKLM\..\Run: [NIUfcclfmon.exe] C:\WINDOWS\NIUfcclfmon.exe
O4 - HKLM\..\Run: [aNemcnvsvca32.exe] C:\WINDOWS\aNemcnvsvca32.exe
O4 - HKLM\..\Run: [itMtAnvsvca32.exe] C:\WINDOWS\itMtAnvsvca32.exe
O4 - HKLM\..\Run: [QEMQrnvsvca32.exe] C:\WINDOWS\QEMQrnvsvca32.exe
O4 - HKLM\..\Run: [gHLxPnvsvca32.exe] C:\WINDOWS\gHLxPnvsvca32.exe
O4 - HKLM\..\Run: [qLFvuclfmon.exe] C:\WINDOWS\qLFvuclfmon.exe
O4 - HKLM\..\Run: [VpVRHnvsvca32.exe] C:\WINDOWS\VpVRHnvsvca32.exe
O4 - HKLM\..\Run: [rfEPiclfmon.exe] C:\WINDOWS\rfEPiclfmon.exe
O4 - HKLM\..\Run: [fLbJpclfmon.exe] C:\WINDOWS\fLbJpclfmon.exe
O4 - HKLM\..\Run: [KWfNfnvsvca32.exe] C:\WINDOWS\KWfNfnvsvca32.exe
O4 - HKLM\..\Run: [SpeVAnvsvca32.exe] C:\WINDOWS\SpeVAnvsvca32.exe
O4 - HKLM\..\Run: [scuUnclfmon.exe] C:\WINDOWS\scuUnclfmon.exe
O4 - HKLM\..\Run: [OujGGclfmon.exe] C:\WINDOWS\OujGGclfmon.exe
O4 - HKLM\..\Run: [aFFYInvsvca32.exe] C:\WINDOWS\aFFYInvsvca32.exe
O4 - HKLM\..\Run: [QtveVnvsvca32.exe] C:\WINDOWS\QtveVnvsvca32.exe
O4 - HKLM\..\Run: [iDqRSclfmon.exe] C:\WINDOWS\iDqRSclfmon.exe
O4 - HKLM\..\Run: [rHfaHnvsvca32.exe] C:\WINDOWS\rHfaHnvsvca32.exe
O4 - HKLM\..\Run: [GwZRKnvsvca32.exe] C:\WINDOWS\GwZRKnvsvca32.exe
O4 - HKLM\..\Run: [geRdbclfmon.exe] C:\WINDOWS\geRdbclfmon.exe
O4 - HKLM\..\Run: [iZEUmclfmon.exe] C:\WINDOWS\iZEUmclfmon.exe
O4 - HKLM\..\Run: [gEtpvclfmon.exe] C:\WINDOWS\gEtpvclfmon.exe
O4 - HKLM\..\Run: [vPGFFnvsvca32.exe] C:\WINDOWS\vPGFFnvsvca32.exe
O4 - HKLM\..\Run: [cjvtyclfmon.exe] C:\WINDOWS\cjvtyclfmon.exe
O4 - HKLM\..\Run: [GmjpGnvsvca32.exe] C:\WINDOWS\GmjpGnvsvca32.exe
O4 - HKLM\..\Run: [gaHsOclfmon.exe] C:\WINDOWS\gaHsOclfmon.exe
O4 - HKLM\..\Run: [CyJcMclfmon.exe] C:\WINDOWS\CyJcMclfmon.exe
O4 - HKLM\..\Run: [JoDBOclfmon.exe] C:\WINDOWS\JoDBOclfmon.exe
O4 - HKLM\..\Run: [trpwMnvsvca32.exe] C:\WINDOWS\trpwMnvsvca32.exe
O4 - HKLM\..\Run: [XPbCKnvsvca32.exe] C:\WINDOWS\XPbCKnvsvca32.exe
O4 - HKLM\..\Run: [UcJuCnvsvca32.exe] C:\WINDOWS\UcJuCnvsvca32.exe
O4 - HKLM\..\Run: [bQIRDclfmon.exe] C:\WINDOWS\bQIRDclfmon.exe
O4 - HKLM\..\Run: [aYCecnvsvca32.exe] C:\WINDOWS\aYCecnvsvca32.exe
O4 - HKLM\..\Run: [XIvcDclfmon.exe] C:\WINDOWS\XIvcDclfmon.exe
O4 - HKLM\..\Run: [ebkEVclfmon.exe] C:\WINDOWS\ebkEVclfmon.exe
O4 - HKLM\..\Run: [HAcATnvsvca32.exe] C:\WINDOWS\HAcATnvsvca32.exe
O4 - HKLM\..\Run: [eBkXJclfmon.exe] C:\WINDOWS\eBkXJclfmon.exe
O4 - HKLM\..\Run: [shjvKnvsvca32.exe] C:\WINDOWS\shjvKnvsvca32.exe
O4 - HKLM\..\Run: [RctbSclfmon.exe] C:\WINDOWS\RctbSclfmon.exe
O4 - HKLM\..\Run: [FZbCiclfmon.exe] C:\WINDOWS\FZbCiclfmon.exe
O4 - HKLM\..\Run: [hsbRcclfmon.exe] C:\WINDOWS\hsbRcclfmon.exe
O4 - HKLM\..\Run: [kuPQRnvsvca32.exe] C:\WINDOWS\kuPQRnvsvca32.exe
O4 - HKLM\..\Run: [VGcNyclfmon.exe] C:\WINDOWS\VGcNyclfmon.exe
O4 - HKLM\..\Run: [clAnbclfmon.exe] C:\WINDOWS\clAnbclfmon.exe
O4 - HKLM\..\Run: [ebaExnvsvca32.exe] C:\WINDOWS\ebaExnvsvca32.exe
O4 - HKLM\..\Run: [cIweaclfmon.exe] C:\WINDOWS\cIweaclfmon.exe
O4 - HKLM\..\Run: [lQAGrnvsvca32.exe] C:\WINDOWS\lQAGrnvsvca32.exe
O4 - HKLM\..\Run: [mbGOUclfmon.exe] C:\WINDOWS\mbGOUclfmon.exe
O4 - HKLM\..\Run: [cmMssnvsvca32.exe] C:\WINDOWS\cmMssnvsvca32.exe
O4 - HKLM\..\Run: [EhUuqnvsvca32.exe] C:\WINDOWS\EhUuqnvsvca32.exe
O4 - HKLM\..\Run: [FbEVCclfmon.exe] C:\WINDOWS\FbEVCclfmon.exe
O4 - HKLM\..\Run: [vfvYHclfmon.exe] C:\WINDOWS\vfvYHclfmon.exe
O4 - HKLM\..\Run: [rxEaDclfmon.exe] C:\WINDOWS\rxEaDclfmon.exe
O4 - HKLM\..\Run: [UfoEKclfmon.exe] C:\WINDOWS\UfoEKclfmon.exe
O4 - HKLM\..\Run: [hpruKnvsvca32.exe] C:\WINDOWS\hpruKnvsvca32.exe
O4 - HKLM\..\Run: [AmRZeclfmon.exe] C:\WINDOWS\AmRZeclfmon.exe
O4 - HKLM\..\Run: [CabgBnvsvca32.exe] C:\WINDOWS\CabgBnvsvca32.exe
O4 - HKLM\..\Run: [mHadaclfmon.exe] C:\WINDOWS\mHadaclfmon.exe
O4 - HKLM\..\Run: [jYlIbclfmon.exe] C:\WINDOWS\jYlIbclfmon.exe
O4 - HKLM\..\Run: [NHAmJnvsvca32.exe] C:\WINDOWS\NHAmJnvsvca32.exe
O4 - HKLM\..\Run: [FowhRclfmon.exe] C:\WINDOWS\FowhRclfmon.exe
O4 - HKLM\..\Run: [lFNIdnvsvca32.exe] C:\WINDOWS\lFNIdnvsvca32.exe
O4 - HKLM\..\Run: [EgaAYclfmon.exe] C:\WINDOWS\EgaAYclfmon.exe
O4 - HKLM\..\Run: [FEjrOnvsvca32.exe] C:\WINDOWS\FEjrOnvsvca32.exe
O4 - HKLM\..\Run: [JHABdnvsvca32.exe] C:\WINDOWS\JHABdnvsvca32.exe
O4 - HKLM\..\Run: [bZmPFnvsvca32.exe] C:\WINDOWS\bZmPFnvsvca32.exe
O4 - HKLM\..\Run: [ewcaUnvsvca32.exe] C:\WINDOWS\ewcaUnvsvca32.exe
O4 - HKLM\..\Run: [Iuadpclfmon.exe] C:\WINDOWS\Iuadpclfmon.exe
O4 - HKLM\..\Run: [xixeCclfmon.exe] C:\WINDOWS\xixeCclfmon.exe
O4 - HKLM\..\Run: [oyiiEclfmon.exe] C:\WINDOWS\oyiiEclfmon.exe
O4 - HKLM\..\Run: [DvfZxnvsvca32.exe] C:\WINDOWS\DvfZxnvsvca32.exe
O4 - HKLM\..\Run: [AAPIGnvsvca32.exe] C:\WINDOWS\AAPIGnvsvca32.exe
O4 - HKLM\..\Run: [wvGrjclfmon.exe] C:\WINDOWS\wvGrjclfmon.exe
O4 - HKLM\..\Run: [dbYDyclfmon.exe] C:\WINDOWS\dbYDyclfmon.exe
O4 - HKLM\..\Run: [onwVBclfmon.exe] C:\WINDOWS\onwVBclfmon.exe
O4 - HKLM\..\Run: [HxrIJnvsvca32.exe] C:\WINDOWS\HxrIJnvsvca32.exe
O4 - HKLM\..\Run: [NtMCcclfmon.exe] C:\WINDOWS\NtMCcclfmon.exe
O4 - HKLM\..\Run: [NpcTQnvsvca32.exe] C:\WINDOWS\NpcTQnvsvca32.exe
O4 - HKLM\..\Run: [ajilOclfmon.exe] C:\WINDOWS\ajilOclfmon.exe
O4 - HKLM\..\Run: [peEAQnvsvca32.exe] C:\WINDOWS\peEAQnvsvca32.exe
O4 - HKLM\..\Run: [HqbXRclfmon.exe] C:\WINDOWS\HqbXRclfmon.exe
O4 - HKLM\..\Run: [iBqtAclfmon.exe] C:\WINDOWS\iBqtAclfmon.exe
O4 - HKLM\..\Run: [qfltrclfmon.exe] C:\WINDOWS\qfltrclfmon.exe
O4 - HKLM\..\Run: [vqSclnvsvca32.exe] C:\WINDOWS\vqSclnvsvca32.exe
O4 - HKLM\..\Run: [DmhdFclfmon.exe] C:\WINDOWS\DmhdFclfmon.exe
O4 - HKLM\..\Run: [HAtCdnvsvca32.exe] C:\WINDOWS\HAtCdnvsvca32.exe
O4 - HKLM\..\Run: [ZtaBCnvsvca32.exe] C:\WINDOWS\ZtaBCnvsvca32.exe
O4 - HKLM\..\Run: [uEbvRnvsvca32.exe] C:\WINDOWS\uEbvRnvsvca32.exe
O4 - HKLM\..\Run: [ENAGDclfmon.exe] C:\WINDOWS\ENAGDclfmon.exe
O4 - HKLM\..\Run: [OoTCpclfmon.exe] C:\WINDOWS\OoTCpclfmon.exe
O4 - HKLM\..\Run: [SIOeInvsvca32.exe] C:\WINDOWS\SIOeInvsvca32.exe
O4 - HKLM\..\Run: [tRlHBnvsvca32.exe] C:\WINDOWS\tRlHBnvsvca32.exe
O4 - HKLM\..\Run: [AFHCLnvsvca32.exe] C:\WINDOWS\AFHCLnvsvca32.exe
O4 - HKLM\..\Run: [ScfIrnvsvca32.exe] C:\WINDOWS\ScfIrnvsvca32.exe
O4 - HKLM\..\Run: [dbXGOnvsvca32.exe] C:\WINDOWS\dbXGOnvsvca32.exe
O4 - HKLM\..\Run: [eNeWOclfmon.exe] C:\WINDOWS\eNeWOclfmon.exe
O4 - HKLM\..\Run: [OEKJinvsvca32.exe] C:\WINDOWS\OEKJinvsvca32.exe
O4 - HKLM\..\Run: [jSiIbnvsvca32.exe] C:\WINDOWS\jSiIbnvsvca32.exe
O4 - HKLM\..\Run: [seYYdnvsvca32.exe] C:\WINDOWS\seYYdnvsvca32.exe
O4 - HKLM\..\Run: [wqegCclfmon.exe] C:\WINDOWS\wqegCclfmon.exe
O4 - HKLM\..\Run: [bWtWaclfmon.exe] C:\WINDOWS\bWtWaclfmon.exe
O4 - HKLM\..\Run: [AvpaQclfmon.exe] C:\WINDOWS\AvpaQclfmon.exe
O4 - HKLM\..\Run: [KGErBclfmon.exe] C:\WINDOWS\KGErBclfmon.exe
O4 - HKLM\..\Run: [DWhtEnvsvca32.exe] C:\WINDOWS\DWhtEnvsvca32.exe
O4 - HKLM\..\Run: [IxqLInvsvca32.exe] C:\WINDOWS\IxqLInvsvca32.exe
O4 - HKLM\..\Run: [tsEfEclfmon.exe] C:\WINDOWS\tsEfEclfmon.exe
O4 - HKLM\..\Run: [BLGfHnvsvca32.exe] C:\WINDOWS\BLGfHnvsvca32.exe
O4 - HKLM\..\Run: [vHjWkclfmon.exe] C:\WINDOWS\vHjWkclfmon.exe
O4 - HKLM\..\Run: [rEskIclfmon.exe] C:\WINDOWS\rEskIclfmon.exe
O4 - HKLM\..\Run: [vLiZCclfmon.exe] C:\WINDOWS\vLiZCclfmon.exe
O4 - HKLM\..\Run: [KJtJHnvsvca32.exe] C:\WINDOWS\KJtJHnvsvca32.exe
O4 - HKLM\..\Run: [CjckKnvsvca32.exe] C:\WINDOWS\CjckKnvsvca32.exe
O4 - HKLM\..\Run: [YmZJIclfmon.exe] C:\WINDOWS\YmZJIclfmon.exe
O4 - HKLM\..\Run: [mMHfeclfmon.exe] C:\WINDOWS\mMHfeclfmon.exe
O4 - HKLM\..\Run: [jdNrqclfmon.exe] C:\WINDOWS\jdNrqclfmon.exe
O4 - HKLM\..\Run: [fYmBdclfmon.exe] C:\WINDOWS\fYmBdclfmon.exe
O4 - HKLM\..\Run: [ekRdEclfmon.exe] C:\WINDOWS\ekRdEclfmon.exe
O4 - HKLM\..\Run: [gsGSwclfmon.exe] C:\WINDOWS\gsGSwclfmon.exe
O4 - HKLM\..\Run: [DLcejclfmon.exe] C:\WINDOWS\DLcejclfmon.exe
O4 - HKLM\..\Run: [TfHouclfmon.exe] C:\WINDOWS\TfHouclfmon.exe
O4 - HKLM\..\Run: [chvIbnvsvca32.exe] C:\WINDOWS\chvIbnvsvca32.exe
O4 - HKLM\..\Run: [FsfJlnvsvca32.exe] C:\WINDOWS\FsfJlnvsvca32.exe
O4 - HKLM\..\Run: [VuAdunvsvca32.exe] C:\WINDOWS\VuAdunvsvca32.exe
O4 - HKLM\..\Run: [dHmcqnvsvca32.exe] C:\WINDOWS\dHmcqnvsvca32.exe
O4 - HKLM\..\Run: [qWbKwnvsvca32.exe] C:\WINDOWS\qWbKwnvsvca32.exe
O4 - HKLM\..\Run: [LDhxinvsvca32.exe] C:\WINDOWS\LDhxinvsvca32.exe
O4 - HKLM\..\Run: [WindUpdates] C:\Program Files\WindUpdates\WinUpdt.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [tuhgnfi] C:\WINDOWS\System32\itlknby.exe
O4 - HKLM\..\Run: [StillMnt] WCamRmv.exe /StartStillMnt
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\Run: [OneTouch Monitor] "C:\Program Files\Xerox One Touch\OneTouchMon.exe"
O4 - HKLM\..\Run: [NastySex] C:\WINDOWS\NastySex.exe -n
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe"
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [gqnzrvopyl] C:\WINDOWS\System32\itlknby.exe
O4 - HKLM\..\Run: [dwihmayqmxoq] C:\WINDOWS\System32\itlknby.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [akkysj] C:\WINDOWS\System32\itlknby.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExee] C:\WINDOWS\realschd.exe
O4 - HKLM\..\Run: [Quicktime] C:\WINDOWS\qttasks.exe /i
O4 - HKLM\..\Run: [SvcH0st] C:\WINDOWS\shch.exe /i
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Device Detector 2.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: QuickBooks Delivery Agent.lnk = C:\QBOOKSW\Components\QBAgent\QBDAgent.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZRxdm076YYGB
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28177.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php...bde5ad8573197fa
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...up1.0.0.8-2.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {30CE93AE-4987-483C-9ABE-F2BD5301AB70} - http://64.158.165.143/100039/uk/gegames/geaccess.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.15.3.1/ttinst.cab
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B23E0CC} - http://direct.data-line.us/gbn285.exe
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B23E0CD} - http://direct.data-line.us/gbn285.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{2BF30B29-D2A6-4E61-9A12-BF00C03CF378}: NameServer = 195.92.195.95 195.92.195.94
O17 - HKLM\System\CS1\Services\Tcpip\..\{2BF30B29-D2A6-4E61-9A12-BF00C03CF378}: NameServer = 195.92.195.95 195.92.195.94
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DM1Service - OLYMPUS Corporation - C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WebSeach Toolbar support NT service (TBPSSvc) - Unknown owner - C:\PROGRA~1\Toolbar\TBPSSvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,718 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:42 AM

Posted 12 March 2005 - 05:01 PM

Before we do anything I want you to boot into safe mode and fix all of these entries:

O4 - HKLM\..\Run: [EiPBDnvsvca32.exe] C:\WINDOWS\EiPBDnvsvca32.exe
O4 - HKLM\..\Run: [nBPXCnvsvca32.exe] C:\WINDOWS\nBPXCnvsvca32.exe
O4 - HKLM\..\Run: [XCNdoclfmon.exe] C:\WINDOWS\XCNdoclfmon.exe
O4 - HKLM\..\Run: [edFAMclfmon.exe] C:\WINDOWS\edFAMclfmon.exe
O4 - HKLM\..\Run: [IeBgPclfmon.exe] C:\WINDOWS\IeBgPclfmon.exe
O4 - HKLM\..\Run: [mHCCqnvsvca32.exe] C:\WINDOWS\mHCCqnvsvca32.exe
O4 - HKLM\..\Run: [egJTvnvsvca32.exe] C:\WINDOWS\egJTvnvsvca32.exe
O4 - HKLM\..\Run: [kbCeJclfmon.exe] C:\WINDOWS\kbCeJclfmon.exe
O4 - HKLM\..\Run: [cJWNvnvsvca32.exe] C:\WINDOWS\cJWNvnvsvca32.exe
O4 - HKLM\..\Run: [mhSHnclfmon.exe] C:\WINDOWS\mhSHnclfmon.exe
O4 - HKLM\..\Run: [nrYhNclfmon.exe] C:\WINDOWS\nrYhNclfmon.exe
O4 - HKLM\..\Run: [YoecIclfmon.exe] C:\WINDOWS\YoecIclfmon.exe
O4 - HKLM\..\Run: [AclYVclfmon.exe] C:\WINDOWS\AclYVclfmon.exe
O4 - HKLM\..\Run: [DRYWcnvsvca32.exe] C:\WINDOWS\DRYWcnvsvca32.exe
O4 - HKLM\..\Run: [fSeahnvsvca32.exe] C:\WINDOWS\fSeahnvsvca32.exe
O4 - HKLM\..\Run: [dNwtPnvsvca32.exe] C:\WINDOWS\dNwtPnvsvca32.exe
O4 - HKLM\..\Run: [mQlEuclfmon.exe] C:\WINDOWS\mQlEuclfmon.exe
O4 - HKLM\..\Run: [SIlicnvsvca32.exe] C:\WINDOWS\SIlicnvsvca32.exe
O4 - HKLM\..\Run: [eYCGGnvsvca32.exe] C:\WINDOWS\eYCGGnvsvca32.exe
O4 - HKLM\..\Run: [rLjfMnvsvca32.exe] C:\WINDOWS\rLjfMnvsvca32.exe
O4 - HKLM\..\Run: [mCHHsnvsvca32.exe] C:\WINDOWS\mCHHsnvsvca32.exe
O4 - HKLM\..\Run: [FiKMdnvsvca32.exe] C:\WINDOWS\FiKMdnvsvca32.exe
O4 - HKLM\..\Run: [UsQVmnvsvca32.exe] C:\WINDOWS\UsQVmnvsvca32.exe
O4 - HKLM\..\Run: [rDwPEclfmon.exe] C:\WINDOWS\rDwPEclfmon.exe
O4 - HKLM\..\Run: [sBcjGclfmon.exe] C:\WINDOWS\sBcjGclfmon.exe
O4 - HKLM\..\Run: [XEZMdclfmon.exe] C:\WINDOWS\XEZMdclfmon.exe
O4 - HKLM\..\Run: [eEwWVnvsvca32.exe] C:\WINDOWS\eEwWVnvsvca32.exe
O4 - HKLM\..\Run: [ZIGoCnvsvca32.exe] C:\WINDOWS\ZIGoCnvsvca32.exe
O4 - HKLM\..\Run: [fGwapnvsvca32.exe] C:\WINDOWS\fGwapnvsvca32.exe
O4 - HKLM\..\Run: [BeLLOnvsvca32.exe] C:\WINDOWS\BeLLOnvsvca32.exe
O4 - HKLM\..\Run: [BaFXRnvsvca32.exe] C:\WINDOWS\BaFXRnvsvca32.exe
O4 - HKLM\..\Run: [ujbaNclfmon.exe] C:\WINDOWS\ujbaNclfmon.exe
O4 - HKLM\..\Run: [mvhbEclfmon.exe] C:\WINDOWS\mvhbEclfmon.exe
O4 - HKLM\..\Run: [oceCxnvsvca32.exe] C:\WINDOWS\oceCxnvsvca32.exe
O4 - HKLM\..\Run: [eeOILclfmon.exe] C:\WINDOWS\eeOILclfmon.exe
O4 - HKLM\..\Run: [gRboFclfmon.exe] C:\WINDOWS\gRboFclfmon.exe
O4 - HKLM\..\Run: [ZrADBclfmon.exe] C:\WINDOWS\ZrADBclfmon.exe
O4 - HKLM\..\Run: [VJfBoclfmon.exe] C:\WINDOWS\VJfBoclfmon.exe
O4 - HKLM\..\Run: [RMMgCclfmon.exe] C:\WINDOWS\RMMgCclfmon.exe
O4 - HKLM\..\Run: [GCMnFnvsvca32.exe] C:\WINDOWS\GCMnFnvsvca32.exe
O4 - HKLM\..\Run: [ciQwfclfmon.exe] C:\WINDOWS\ciQwfclfmon.exe
O4 - HKLM\..\Run: [cHteRnvsvca32.exe] C:\WINDOWS\cHteRnvsvca32.exe
O4 - HKLM\..\Run: [gnMpmnvsvca32.exe] C:\WINDOWS\gnMpmnvsvca32.exe
O4 - HKLM\..\Run: [xcEafnvsvca32.exe] C:\WINDOWS\xcEafnvsvca32.exe
O4 - HKLM\..\Run: [iwWxwnvsvca32.exe] C:\WINDOWS\iwWxwnvsvca32.exe
O4 - HKLM\..\Run: [brLXJclfmon.exe] C:\WINDOWS\brLXJclfmon.exe
O4 - HKLM\..\Run: [FmPiXclfmon.exe] C:\WINDOWS\FmPiXclfmon.exe
O4 - HKLM\..\Run: [AjGdSclfmon.exe] C:\WINDOWS\AjGdSclfmon.exe
O4 - HKLM\..\Run: [QdHwnnvsvca32.exe] C:\WINDOWS\QdHwnnvsvca32.exe
O4 - HKLM\..\Run: [WpZeHnvsvca32.exe] C:\WINDOWS\WpZeHnvsvca32.exe
O4 - HKLM\..\Run: [FedZHnvsvca32.exe] C:\WINDOWS\FedZHnvsvca32.exe
O4 - HKLM\..\Run: [Dfmdinvsvca32.exe] C:\WINDOWS\Dfmdinvsvca32.exe
O4 - HKLM\..\Run: [PAbDtclfmon.exe] C:\WINDOWS\PAbDtclfmon.exe
O4 - HKLM\..\Run: [Jutbhnvsvca32.exe] C:\WINDOWS\Jutbhnvsvca32.exe
O4 - HKLM\..\Run: [CSCHEclfmon.exe] C:\WINDOWS\CSCHEclfmon.exe
O4 - HKLM\..\Run: [clqBrclfmon.exe] C:\WINDOWS\clqBrclfmon.exe
O4 - HKLM\..\Run: [KMopdnvsvca32.exe] C:\WINDOWS\KMopdnvsvca32.exe
O4 - HKLM\..\Run: [PNAGDclfmon.exe] C:\WINDOWS\PNAGDclfmon.exe
O4 - HKLM\..\Run: [XCJfUnvsvca32.exe] C:\WINDOWS\XCJfUnvsvca32.exe
O4 - HKLM\..\Run: [nUbaVnvsvca32.exe] C:\WINDOWS\nUbaVnvsvca32.exe
O4 - HKLM\..\Run: [ldKGAnvsvca32.exe] C:\WINDOWS\ldKGAnvsvca32.exe
O4 - HKLM\..\Run: [BwNDKclfmon.exe] C:\WINDOWS\BwNDKclfmon.exe
O4 - HKLM\..\Run: [IlWcfclfmon.exe] C:\WINDOWS\IlWcfclfmon.exe
O4 - HKLM\..\Run: [YFmkpnvsvca32.exe] C:\WINDOWS\YFmkpnvsvca32.exe
O4 - HKLM\..\Run: [irnKXnvsvca32.exe] C:\WINDOWS\irnKXnvsvca32.exe
O4 - HKLM\..\Run: [NIUfcclfmon.exe] C:\WINDOWS\NIUfcclfmon.exe
O4 - HKLM\..\Run: [aNemcnvsvca32.exe] C:\WINDOWS\aNemcnvsvca32.exe
O4 - HKLM\..\Run: [itMtAnvsvca32.exe] C:\WINDOWS\itMtAnvsvca32.exe
O4 - HKLM\..\Run: [QEMQrnvsvca32.exe] C:\WINDOWS\QEMQrnvsvca32.exe
O4 - HKLM\..\Run: [gHLxPnvsvca32.exe] C:\WINDOWS\gHLxPnvsvca32.exe
O4 - HKLM\..\Run: [qLFvuclfmon.exe] C:\WINDOWS\qLFvuclfmon.exe
O4 - HKLM\..\Run: [VpVRHnvsvca32.exe] C:\WINDOWS\VpVRHnvsvca32.exe
O4 - HKLM\..\Run: [rfEPiclfmon.exe] C:\WINDOWS\rfEPiclfmon.exe
O4 - HKLM\..\Run: [fLbJpclfmon.exe] C:\WINDOWS\fLbJpclfmon.exe
O4 - HKLM\..\Run: [KWfNfnvsvca32.exe] C:\WINDOWS\KWfNfnvsvca32.exe
O4 - HKLM\..\Run: [SpeVAnvsvca32.exe] C:\WINDOWS\SpeVAnvsvca32.exe
O4 - HKLM\..\Run: [scuUnclfmon.exe] C:\WINDOWS\scuUnclfmon.exe
O4 - HKLM\..\Run: [OujGGclfmon.exe] C:\WINDOWS\OujGGclfmon.exe
O4 - HKLM\..\Run: [aFFYInvsvca32.exe] C:\WINDOWS\aFFYInvsvca32.exe
O4 - HKLM\..\Run: [QtveVnvsvca32.exe] C:\WINDOWS\QtveVnvsvca32.exe
O4 - HKLM\..\Run: [iDqRSclfmon.exe] C:\WINDOWS\iDqRSclfmon.exe
O4 - HKLM\..\Run: [rHfaHnvsvca32.exe] C:\WINDOWS\rHfaHnvsvca32.exe
O4 - HKLM\..\Run: [GwZRKnvsvca32.exe] C:\WINDOWS\GwZRKnvsvca32.exe
O4 - HKLM\..\Run: [geRdbclfmon.exe] C:\WINDOWS\geRdbclfmon.exe
O4 - HKLM\..\Run: [iZEUmclfmon.exe] C:\WINDOWS\iZEUmclfmon.exe
O4 - HKLM\..\Run: [gEtpvclfmon.exe] C:\WINDOWS\gEtpvclfmon.exe
O4 - HKLM\..\Run: [vPGFFnvsvca32.exe] C:\WINDOWS\vPGFFnvsvca32.exe
O4 - HKLM\..\Run: [cjvtyclfmon.exe] C:\WINDOWS\cjvtyclfmon.exe
O4 - HKLM\..\Run: [GmjpGnvsvca32.exe] C:\WINDOWS\GmjpGnvsvca32.exe
O4 - HKLM\..\Run: [gaHsOclfmon.exe] C:\WINDOWS\gaHsOclfmon.exe
O4 - HKLM\..\Run: [CyJcMclfmon.exe] C:\WINDOWS\CyJcMclfmon.exe
O4 - HKLM\..\Run: [JoDBOclfmon.exe] C:\WINDOWS\JoDBOclfmon.exe
O4 - HKLM\..\Run: [trpwMnvsvca32.exe] C:\WINDOWS\trpwMnvsvca32.exe
O4 - HKLM\..\Run: [XPbCKnvsvca32.exe] C:\WINDOWS\XPbCKnvsvca32.exe
O4 - HKLM\..\Run: [UcJuCnvsvca32.exe] C:\WINDOWS\UcJuCnvsvca32.exe
O4 - HKLM\..\Run: [bQIRDclfmon.exe] C:\WINDOWS\bQIRDclfmon.exe
O4 - HKLM\..\Run: [aYCecnvsvca32.exe] C:\WINDOWS\aYCecnvsvca32.exe
O4 - HKLM\..\Run: [XIvcDclfmon.exe] C:\WINDOWS\XIvcDclfmon.exe
O4 - HKLM\..\Run: [ebkEVclfmon.exe] C:\WINDOWS\ebkEVclfmon.exe
O4 - HKLM\..\Run: [HAcATnvsvca32.exe] C:\WINDOWS\HAcATnvsvca32.exe
O4 - HKLM\..\Run: [eBkXJclfmon.exe] C:\WINDOWS\eBkXJclfmon.exe
O4 - HKLM\..\Run: [shjvKnvsvca32.exe] C:\WINDOWS\shjvKnvsvca32.exe
O4 - HKLM\..\Run: [RctbSclfmon.exe] C:\WINDOWS\RctbSclfmon.exe
O4 - HKLM\..\Run: [FZbCiclfmon.exe] C:\WINDOWS\FZbCiclfmon.exe
O4 - HKLM\..\Run: [hsbRcclfmon.exe] C:\WINDOWS\hsbRcclfmon.exe
O4 - HKLM\..\Run: [kuPQRnvsvca32.exe] C:\WINDOWS\kuPQRnvsvca32.exe
O4 - HKLM\..\Run: [VGcNyclfmon.exe] C:\WINDOWS\VGcNyclfmon.exe
O4 - HKLM\..\Run: [clAnbclfmon.exe] C:\WINDOWS\clAnbclfmon.exe
O4 - HKLM\..\Run: [ebaExnvsvca32.exe] C:\WINDOWS\ebaExnvsvca32.exe
O4 - HKLM\..\Run: [cIweaclfmon.exe] C:\WINDOWS\cIweaclfmon.exe
O4 - HKLM\..\Run: [lQAGrnvsvca32.exe] C:\WINDOWS\lQAGrnvsvca32.exe
O4 - HKLM\..\Run: [mbGOUclfmon.exe] C:\WINDOWS\mbGOUclfmon.exe
O4 - HKLM\..\Run: [cmMssnvsvca32.exe] C:\WINDOWS\cmMssnvsvca32.exe
O4 - HKLM\..\Run: [EhUuqnvsvca32.exe] C:\WINDOWS\EhUuqnvsvca32.exe
O4 - HKLM\..\Run: [FbEVCclfmon.exe] C:\WINDOWS\FbEVCclfmon.exe
O4 - HKLM\..\Run: [vfvYHclfmon.exe] C:\WINDOWS\vfvYHclfmon.exe
O4 - HKLM\..\Run: [rxEaDclfmon.exe] C:\WINDOWS\rxEaDclfmon.exe
O4 - HKLM\..\Run: [UfoEKclfmon.exe] C:\WINDOWS\UfoEKclfmon.exe
O4 - HKLM\..\Run: [hpruKnvsvca32.exe] C:\WINDOWS\hpruKnvsvca32.exe
O4 - HKLM\..\Run: [AmRZeclfmon.exe] C:\WINDOWS\AmRZeclfmon.exe
O4 - HKLM\..\Run: [CabgBnvsvca32.exe] C:\WINDOWS\CabgBnvsvca32.exe
O4 - HKLM\..\Run: [mHadaclfmon.exe] C:\WINDOWS\mHadaclfmon.exe
O4 - HKLM\..\Run: [jYlIbclfmon.exe] C:\WINDOWS\jYlIbclfmon.exe
O4 - HKLM\..\Run: [NHAmJnvsvca32.exe] C:\WINDOWS\NHAmJnvsvca32.exe
O4 - HKLM\..\Run: [FowhRclfmon.exe] C:\WINDOWS\FowhRclfmon.exe
O4 - HKLM\..\Run: [lFNIdnvsvca32.exe] C:\WINDOWS\lFNIdnvsvca32.exe
O4 - HKLM\..\Run: [EgaAYclfmon.exe] C:\WINDOWS\EgaAYclfmon.exe
O4 - HKLM\..\Run: [FEjrOnvsvca32.exe] C:\WINDOWS\FEjrOnvsvca32.exe
O4 - HKLM\..\Run: [JHABdnvsvca32.exe] C:\WINDOWS\JHABdnvsvca32.exe
O4 - HKLM\..\Run: [bZmPFnvsvca32.exe] C:\WINDOWS\bZmPFnvsvca32.exe
O4 - HKLM\..\Run: [ewcaUnvsvca32.exe] C:\WINDOWS\ewcaUnvsvca32.exe
O4 - HKLM\..\Run: [Iuadpclfmon.exe] C:\WINDOWS\Iuadpclfmon.exe
O4 - HKLM\..\Run: [xixeCclfmon.exe] C:\WINDOWS\xixeCclfmon.exe
O4 - HKLM\..\Run: [oyiiEclfmon.exe] C:\WINDOWS\oyiiEclfmon.exe
O4 - HKLM\..\Run: [DvfZxnvsvca32.exe] C:\WINDOWS\DvfZxnvsvca32.exe
O4 - HKLM\..\Run: [AAPIGnvsvca32.exe] C:\WINDOWS\AAPIGnvsvca32.exe
O4 - HKLM\..\Run: [wvGrjclfmon.exe] C:\WINDOWS\wvGrjclfmon.exe
O4 - HKLM\..\Run: [dbYDyclfmon.exe] C:\WINDOWS\dbYDyclfmon.exe
O4 - HKLM\..\Run: [onwVBclfmon.exe] C:\WINDOWS\onwVBclfmon.exe
O4 - HKLM\..\Run: [HxrIJnvsvca32.exe] C:\WINDOWS\HxrIJnvsvca32.exe
O4 - HKLM\..\Run: [NtMCcclfmon.exe] C:\WINDOWS\NtMCcclfmon.exe
O4 - HKLM\..\Run: [NpcTQnvsvca32.exe] C:\WINDOWS\NpcTQnvsvca32.exe
O4 - HKLM\..\Run: [ajilOclfmon.exe] C:\WINDOWS\ajilOclfmon.exe
O4 - HKLM\..\Run: [peEAQnvsvca32.exe] C:\WINDOWS\peEAQnvsvca32.exe
O4 - HKLM\..\Run: [HqbXRclfmon.exe] C:\WINDOWS\HqbXRclfmon.exe
O4 - HKLM\..\Run: [iBqtAclfmon.exe] C:\WINDOWS\iBqtAclfmon.exe
O4 - HKLM\..\Run: [qfltrclfmon.exe] C:\WINDOWS\qfltrclfmon.exe
O4 - HKLM\..\Run: [vqSclnvsvca32.exe] C:\WINDOWS\vqSclnvsvca32.exe
O4 - HKLM\..\Run: [DmhdFclfmon.exe] C:\WINDOWS\DmhdFclfmon.exe
O4 - HKLM\..\Run: [HAtCdnvsvca32.exe] C:\WINDOWS\HAtCdnvsvca32.exe
O4 - HKLM\..\Run: [ZtaBCnvsvca32.exe] C:\WINDOWS\ZtaBCnvsvca32.exe
O4 - HKLM\..\Run: [uEbvRnvsvca32.exe] C:\WINDOWS\uEbvRnvsvca32.exe
O4 - HKLM\..\Run: [ENAGDclfmon.exe] C:\WINDOWS\ENAGDclfmon.exe
O4 - HKLM\..\Run: [OoTCpclfmon.exe] C:\WINDOWS\OoTCpclfmon.exe
O4 - HKLM\..\Run: [SIOeInvsvca32.exe] C:\WINDOWS\SIOeInvsvca32.exe
O4 - HKLM\..\Run: [tRlHBnvsvca32.exe] C:\WINDOWS\tRlHBnvsvca32.exe
O4 - HKLM\..\Run: [AFHCLnvsvca32.exe] C:\WINDOWS\AFHCLnvsvca32.exe
O4 - HKLM\..\Run: [ScfIrnvsvca32.exe] C:\WINDOWS\ScfIrnvsvca32.exe
O4 - HKLM\..\Run: [dbXGOnvsvca32.exe] C:\WINDOWS\dbXGOnvsvca32.exe
O4 - HKLM\..\Run: [eNeWOclfmon.exe] C:\WINDOWS\eNeWOclfmon.exe
O4 - HKLM\..\Run: [OEKJinvsvca32.exe] C:\WINDOWS\OEKJinvsvca32.exe
O4 - HKLM\..\Run: [jSiIbnvsvca32.exe] C:\WINDOWS\jSiIbnvsvca32.exe
O4 - HKLM\..\Run: [seYYdnvsvca32.exe] C:\WINDOWS\seYYdnvsvca32.exe
O4 - HKLM\..\Run: [wqegCclfmon.exe] C:\WINDOWS\wqegCclfmon.exe
O4 - HKLM\..\Run: [bWtWaclfmon.exe] C:\WINDOWS\bWtWaclfmon.exe
O4 - HKLM\..\Run: [AvpaQclfmon.exe] C:\WINDOWS\AvpaQclfmon.exe
O4 - HKLM\..\Run: [KGErBclfmon.exe] C:\WINDOWS\KGErBclfmon.exe
O4 - HKLM\..\Run: [DWhtEnvsvca32.exe] C:\WINDOWS\DWhtEnvsvca32.exe
O4 - HKLM\..\Run: [IxqLInvsvca32.exe] C:\WINDOWS\IxqLInvsvca32.exe
O4 - HKLM\..\Run: [tsEfEclfmon.exe] C:\WINDOWS\tsEfEclfmon.exe
O4 - HKLM\..\Run: [BLGfHnvsvca32.exe] C:\WINDOWS\BLGfHnvsvca32.exe
O4 - HKLM\..\Run: [vHjWkclfmon.exe] C:\WINDOWS\vHjWkclfmon.exe
O4 - HKLM\..\Run: [rEskIclfmon.exe] C:\WINDOWS\rEskIclfmon.exe
O4 - HKLM\..\Run: [vLiZCclfmon.exe] C:\WINDOWS\vLiZCclfmon.exe
O4 - HKLM\..\Run: [KJtJHnvsvca32.exe] C:\WINDOWS\KJtJHnvsvca32.exe
O4 - HKLM\..\Run: [CjckKnvsvca32.exe] C:\WINDOWS\CjckKnvsvca32.exe
O4 - HKLM\..\Run: [YmZJIclfmon.exe] C:\WINDOWS\YmZJIclfmon.exe
O4 - HKLM\..\Run: [mMHfeclfmon.exe] C:\WINDOWS\mMHfeclfmon.exe
O4 - HKLM\..\Run: [jdNrqclfmon.exe] C:\WINDOWS\jdNrqclfmon.exe
O4 - HKLM\..\Run: [fYmBdclfmon.exe] C:\WINDOWS\fYmBdclfmon.exe
O4 - HKLM\..\Run: [ekRdEclfmon.exe] C:\WINDOWS\ekRdEclfmon.exe
O4 - HKLM\..\Run: [gsGSwclfmon.exe] C:\WINDOWS\gsGSwclfmon.exe
O4 - HKLM\..\Run: [DLcejclfmon.exe] C:\WINDOWS\DLcejclfmon.exe
O4 - HKLM\..\Run: [TfHouclfmon.exe] C:\WINDOWS\TfHouclfmon.exe
O4 - HKLM\..\Run: [chvIbnvsvca32.exe] C:\WINDOWS\chvIbnvsvca32.exe
O4 - HKLM\..\Run: [FsfJlnvsvca32.exe] C:\WINDOWS\FsfJlnvsvca32.exe
O4 - HKLM\..\Run: [VuAdunvsvca32.exe] C:\WINDOWS\VuAdunvsvca32.exe
O4 - HKLM\..\Run: [dHmcqnvsvca32.exe] C:\WINDOWS\dHmcqnvsvca32.exe
O4 - HKLM\..\Run: [qWbKwnvsvca32.exe] C:\WINDOWS\qWbKwnvsvca32.exe
O4 - HKLM\..\Run: [LDhxinvsvca32.exe] C:\WINDOWS\LDhxinvsvca32.exe
O4 - HKLM\..\Run: [WindUpdates] C:\Program Files\WindUpdates\WinUpdt.exe
O4 - HKLM\..\Run: [tuhgnfi] C:\WINDOWS\System32\itlknby.exe

Then reboot and delete all the files associated with the entries (those are the names to the right of the names in the [brackets]
.

Then follow the directions here:

http://www.bleepingcomputer.com/forums/t/3275/how-to-remove-websearch-and-the-websearch-toolbar/

reboot and post a new log




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users