• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
dawgaritaville

Hijacked to zestyfind.com

9 posts in this topic

I have read the FAQ and followed the directions instructed. I have updated and run both Ad-Aware and Spybot with no help :scratchhead:. Installed, updated and ran SpySweeper that removed some additional spyware :p. Still can't remove WinTools, WebSearch Toolbar, and Virtual Bouncer. Here is my HijackThis log. Any help is greatly appreciated!

 

Logfile of HijackThis v1.98.0

Scan saved at 6:25:58 PM, on 6/29/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\windows\system\hpsysdrv.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe

C:\Program Files\Common files\WinTools\WToolsS.exe

C:\WINDOWS\System32\hphmon05.exe

C:\WINDOWS\system32\ps2.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\WINDOWS\System32\hccclntr.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\Program Files\Webroot\Washer\wwDisp.exe

C:\PROGRA~1\PANICW~1\POP-UP~1\PSComp.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Common files\WinTools\WSup.exe

C:\Program Files\FinePixViewer\QuickDCF.exe

C:\Program Files\Norton AntiVirus\SAVScan.exe

C:\WINDOWS\ehome\ehmsas.exe

C:\Program Files\Common files\WinTools\WToolsA.exe

C:\WINDOWS\System32\AxhBR.exe

C:\WINDOWS\System32\AxhBR.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Security\hijackthis\HijackThis.exe

C:\Program Files\Internet Explorer\iexplore.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us9.hpwis.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us9.hpwis.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - Default URLSearchHook is missing

F0 - system.ini: Shell=

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,

O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll (file missing)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Pop-Up Stopper &Companion - {8F05B1A8-9D77-4B8F-AF54-6B2202066F95} - C:\Program Files\Panicware\Pop-Up Stopper Companion\popupus.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe

O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKLM\..\Run: [5YPC#4T4LRJR5E] C:\WINDOWS\System32\BuhgfaH.exe

O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe

O4 - HKCU\..\Run: [MProcessor] "C:\Program Files\\MProcessor\mprocessor.exe"

O4 - HKCU\..\Run: [Mo39RWY5Q] hccclntr.exe

O4 - HKCU\..\Run: [spySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0

O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe

O4 - HKCU\..\Run: [PopUpStopperCompanion] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSComp.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - Startup: PowerReg Scheduler.exe

O4 - Global Startup: Exif Launcher.lnk = ?

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe

O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)

O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - (no file)

O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe

O20 - AppInit_DLLs: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\drv160.tmp.dll

Share this post


Link to post
Share on other sites

Hi dawgaritaville,

You may want to print off these insructions.

 

It looks as if you have the peper trojan among a few other nasties.

 

Let's start by downloading all of the tools you'll need.

Download VXFinder here: http://www.downloads.subratam.org/VX2Finder.exe

 

Please download Option^Explicit's PeperFix from here:

http://downloads.subratam.org/PeperFix.exe

 

Hit Ctrl-Alt-Delete and end the BuhgfaH.exe process

 

After you download peperfix, just run it and have it fix whatever it finds.

 

Please run HJT and have it fix the following lines:

O4 - HKLM\..\Run: [5YPC#4T4LRJR5E] C:\WINDOWS\System32\BuhgfaH.exe

 

Please reboot into safe mode now by following these instructions:

Safe Mode

 

You also have WinTools which can removed by following these insructions:

 

Go to start>Settings>Control Panel>Administrative Tools>Services Look for "WinTools for IE service" in the right pane. If you find it, right click on it. Stop it by pressing the stop button. Then disable it by clicking on the startup type drop down and selecting "Disable"

 

Then right click on the taskbar and open taskmanager.

Go to applications and/or processes and end task on the following (Most will probably not be running in safe mode):

 

WToolsA.exe

WToolsS.exe

WSup.exe

 

Now, run HJT and have it fix the following entries:

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - Default URLSearchHook is missing

 

O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll (file missing)

 

O4 - HKCU\..\Run: [Mo39RWY5Q] hccclntr.exe

O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe

O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsS.exe

O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WSup.exe

 

(not all of those 04 entries may be present, fix whatever is though)

 

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe

O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - (no file)

 

 

Now, please press ctrl-alt-delete and end the following tasks:

 

hccclntr.exe

 

Now, please enable the viewing of hidden files as seen here: view hidden files

 

Please delete the following files or folders:

C:\Program Files\Common files\WinTools\ <==== delete folder

hccclntr.exe <==== you'll have to search for it and then delete it

Browse to folder C:\DOCUMENTS AND SETTINGS\DO THIS FOR EACH USER\LOCAL SETTINGS\Temp\ and delte all the files and folders

 

Also, browse to C:\WINDOWS\Temp\ and delete everything in the temp folder.

 

 

Please reboot back into normal mode.

 

To get rid of the zestyfind, please complete the following insructions:

 

After downloading, locate the file VX2Finder.exe and double click to start the cleaning process.

 

1.) Delete all files found(VX2Finder will "End Task" on

up to 2 instances of Rundll32.exe automatically)

You will get a message about "cannot delete this one"

matching the same name in the Guardian Key.

 

2.) Click "Open regedit" will take you right to

the Guardian Key(no need to search for it)

 

 

Hilite "Guardian", RightClick and choose

Security/permissions, you'll get another

window with 'advanced'..

DE-select (uncheck) the lower box with

"inheritable permissions"

hit 'ok' and 'remove' on the following

security prompts.

 

Restart computer.

 

 

3.) On restart use VX2Finder again, select + delete the

last file, click "User Agent$" will remove that

entry from the registry.

 

4.) Click "Open regedit" again, this time

restoring the checkmark in "inheritable permissions"

 

5.) Click "Guardian.reg" Deletes the Guardian

Key.

 

6.) Use Find again should produce a clean log of blank values.

 

7.) Click "Restore Policy" to restore the Debug

policy

 

 

I would also run an updated version of ad-aware for good measure.

adaware download

How to use Ad-aware

 

Please reboot after the above fixes have been made and post an updated HJT log.

Share this post


Link to post
Share on other sites

Thanks guacamel! I followed your instructions. Ran Ad-Aware, Spybot, and SpySweeper. Here is my new log.

 

Logfile of HijackThis v1.98.0

Scan saved at 6:26:25 PM, on 6/30/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\ehome\ehtray.exe

C:\windows\system\hpsysdrv.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe

C:\WINDOWS\System32\hphmon05.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\system32\ps2.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\Program Files\Webroot\Washer\wwDisp.exe

C:\PROGRA~1\PANICW~1\POP-UP~1\PSComp.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\FinePixViewer\QuickDCF.exe

C:\Program Files\Norton AntiVirus\SAVScan.exe

C:\WINDOWS\ehome\ehmsas.exe

C:\Program Files\Security\hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us9.hpwis.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us9.hpwis.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com

F0 - system.ini: Shell=

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Pop-Up Stopper &Companion - {8F05B1A8-9D77-4B8F-AF54-6B2202066F95} - C:\Program Files\Panicware\Pop-Up Stopper Companion\popupus.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe

O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKCU\..\Run: [MProcessor] "C:\Program Files\\MProcessor\mprocessor.exe"

O4 - HKCU\..\Run: [spySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0

O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe

O4 - HKCU\..\Run: [PopUpStopperCompanion] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSComp.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - Startup: PowerReg Scheduler.exe

O4 - Global Startup: Exif Launcher.lnk = ?

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)

O9 - Extra button: (no name) - {36FDCC55-8CB8-45DF-A208-13F26083370B} - (no file) (HKCU)

O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe

O20 - AppInit_DLLs: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\drv160.tmp.dll

Share this post


Link to post
Share on other sites

It looks clean to me, are you having anymore problems?

Share this post


Link to post
Share on other sites

No more pop-ups! So far no mor redirects. When I ran SpySweeper it finds BackWeb and WebSearch toolbar. Should I be concerned with these? I have since read about how not to get hijacked and have downloaded SpyBlaster. I also use Outlook Express and will make the necessary settings to be more secure there. Thanks for the help!

Share this post


Link to post
Share on other sites

Both backweb and websearch should be able to be removed through the add/remove programs in the control panel if I'm not mistaken.

 

I'm still worried there may be some malicious software left, I'm asking some of my peers right now to verify what they think.

Share this post


Link to post
Share on other sites

Okay, there are some things that aren't clear yet with the new version of HJT (line 20 is new in this version) so I would check back in a couple days (or sooner if you notice any problems) to see if I have any more information for you.

 

If you can't remove backweb or mywebsearch in add/remove programs, I would have SpySweeper fix it.

 

 

 

 

Here is how to protect yourself in the future - download and install these:

 

IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.

http://www.staff.uiuc.edu/~ehowes/resource.htm#IESPYAD

 

You've already installed spyblaster which is good, just make sure you keep it up to date.

 

And also see

So how did I get infected in the first place?

Share this post


Link to post
Share on other sites

Any info on line 20? I still have an occasional pop-up that with an advertisement for "noadware". Here is my current HiJack This log.

 

Logfile of HijackThis v1.98.0

Scan saved at 8:59:08 PM, on 7/2/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\ehome\ehtray.exe

C:\windows\system\hpsysdrv.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe

C:\WINDOWS\System32\hphmon05.exe

C:\WINDOWS\system32\ps2.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\PROGRA~1\PANICW~1\POP-UP~1\PSComp.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\FinePixViewer\QuickDCF.exe

C:\Program Files\Norton AntiVirus\SAVScan.exe

C:\WINDOWS\ehome\ehmsas.exe

C:\Program Files\Security\hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us9.hpwis.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us9.hpwis.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com

F0 - system.ini: Shell=

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Pop-Up Stopper &Companion - {8F05B1A8-9D77-4B8F-AF54-6B2202066F95} - C:\Program Files\Panicware\Pop-Up Stopper Companion\popupus.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe

O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"

O4 - HKCU\..\Run: [MProcessor] "C:\Program Files\\MProcessor\mprocessor.exe"

O4 - HKCU\..\Run: [spySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0

O4 - HKCU\..\Run: [PopUpStopperCompanion] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSComp.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - Startup: PowerReg Scheduler.exe

O4 - Global Startup: Exif Launcher.lnk = ?

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)

O9 - Extra button: (no name) - {36FDCC55-8CB8-45DF-A208-13F26083370B} - (no file) (HKCU)

O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe

O20 - AppInit_DLLs: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\drv160.tmp.dll

Share this post


Link to post
Share on other sites

Okay, I would run HJT again and have it fix the following items:

 

O4 - Startup: PowerReg Scheduler.exe

O9 - Extra button: (no name) - {36FDCC55-8CB8-45DF-A208-13F26083370B} - (no file) (HKCU)

O20 - AppInit_DLLs: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\drv160.tmp.dll

 

If you notice any adverse affects from fixing the line 020, you can always have HJT restore fixed items (you shouldn't though with that specific one).

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0