Boot in Safe Mode
Switch off System Restore
Run HJT on its own and let it 'fix':
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://us7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://srch-us7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://srch-us7.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://us7.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {208E7E77-507A-4649-B0C9-D39E9049C7A2} - (no file)
O2 - BHO: (no name) - {2AD6E7E3-741E-46C0-8096-ABF9DB55596C} - (no file)
O2 - BHO: (no name) - {9BE84FEF-6711-4BEF-999F-2F6019ADB8FC} - (no file)
O2 - BHO: (no name) - {DD465ECF-29B6-4F86-A8FB-81A5B6AC4810} - (no file)
O3 - Toolbar: (no name) - {29071488-56FD-48AB-9A48-407F9A16DBF1} - (no file)
O8 - Extra context menu item: &Search -
http://bar.mywebsearch.com/menusearch.html?p=ZCxdm240XXUS
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\
GAMES\Empire Poker\EmpirePoker.exe (file missing)
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\GAMES\Empire Poker\EmpirePoker.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\GAMES\PartyPoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\GAMES\PartyPoker\IEExtension.dll
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
http://207.188.7.150/276f5ff073a989468804/netzip/RdxIE601.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) -
http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {F229AB32-7BF9-4225-B78F-B4680AE6FC23} (Snapfish File Upload ActiveX Control) -
http://www.snapfish.com/SnapfishUpload.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) -
http://fdl.msn.com/public/chat/msnchat45.cab
O23 - Service: OracleOracleTNSListener - Unknown owner - C:\
oracle\ora92\BIN\TNSLSNR.exe (file missing)
O23 - Service: OracleServiceGARY - Unknown owner - c:\oracle\ora92\bin\ORACLE.EXE (file missing)
O23 - Service: OracleServiceGC - Unknown owner - c:\oracle\ora92\bin\ORACLE.EXE (file missing)
When done, delete the
bold files. When a
directory is also
bold, delete everything in it, including that directory itself.
Next, press ctrl/alt/del and in Taskmanager try to STOP:
sbw9xup.exe if it is there and then try to delete it.
Boot normal. If OK, turn System Restore back on.