Boot in Safe Mode.
Switch System restore OFF.
Press Ctrl/Alt/Del simultaneously, select Taskmanager/Processes, select the process (if there), click "End Process" for:
cirvboq.exe
Next, click Start/Run and type
services.msc and click OK. Look for the service:
svcproc.exe
Doubleclick it, click Stop if it's running, and change the Startup type to Disabled.
Next, run a HJT scan and place a tick-mark in the little square before (if still there):
c:\windows\system32\
cirvboq.exe
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\
cfgmgr52.dll
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32
AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [hyqvwt] c:\windows\system32\cirvboq.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O15 - Trusted Zone:
http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {47CD99DF-8BCF-4B9B-94EF-02E51B2F79DA} -
http://www.alwaysupdatednews.com/install/aun_0008.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\
svcproc.exe
Now click on the
Fix Checked button in HJT.
When done, delete the highlighted
bold files.
Delete all files and directories from: C:\Documents and Settings\[username]\Local Settings\Temp
Repeat this for ALL [usernames].
Boot normal. When all OK, switch System Restore back on.
PS: you may have to reboot after stopping svcproc.exe before you can delete it
