[tk421]

Hello everyone!

This is my first post here. I used to go on Wilder's Security forums, where Derek used to post. I am glad that I found this site because the notorious hedgehog saviour was of great help to me in the past.

I am posting because my computer is very slow these days, and I suspect that I have some kind of virus or spuware on my system. When I start my computer, many programs just start out of the blue! It is very annoying for me to restart my computer. Also, my Outlook Office 2003 sessions are always cut short, as the program is not abe to connect with the server. (This could be unrelated, as I changed my modem last week.)

This is my highjack this log! Tanks in advance for the help guys!

Logfile of HijackThis v1.97.7
Scan saved at 13:18:47, on 2005-01-14
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
c:\mysql\bin\mysqld-nt.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\FTP\Serv-U\ServUDaemon.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\VNC\TightVNC1.2.9\TightVNC\WinVNC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\DS Clock\dsclock.exe
C:\PROGRA~1\FTP\Serv-U\SERVUT~1.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WinMX\WinMX.exe
C:\Program Files\FTP\No-IP\DUC20.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\conime.exe
C:\WINDOWS\slrundll.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Spyware Cleaners\hijackthis\hijackthis.exe

F0 - syst>m.ini: Shell=
F0 - R >ystem.ini: Shel>=
F0 - R >ystem.ini: UserInit=
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (file missing)
O2 - BHO: (no name) - {A44CBB0B-C77D-4BF5-87CC-B4EE79AD1B7E} - C:\Program Files\Fichiers communs\justDo\Jd2002.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Pilot Group LLC\Save Flash 2.4.20\SaveFlash.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [Internet Timer 3] C:\PROGRA~1\INTERN~3\Intern~1.exe
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\VNC\TightVNC1.2.9\TightVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [FlashSaver] C:\Program Files\Flash Saver 4.5\flashsaver.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [DS Clock] "C:\Program Files\DS Clock\dsclock.exe"
O4 - HKCU\..\Run: [delmsbb] C:\WINDOWS\delmsbb.exe
O4 - HKCU\..\Run: [ServUTrayIcon] C:\PROGRA~1\FTP\Serv-U\SERVUT~1.EXE
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &Save Flash In This Page - C:\PROGRA~1\FLASHS~1.5\save.htm
O8 - Extra context menu item: &Save To Palm - C:\Program Files\palmOne\HandStoryME.htm
O8 - Extra context menu item: C&lip To Palm - C:\Program Files\palmOne\HandStoryMEC.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Save Flash with Flash Catcher - res://C:\Program Files\Fichiers communs\justDo\IECatcher.DLL/FlashCatcher.htm
O9 - Extra 'Tools' menuitem: Console Java (Sun) (HKLM)
O9 - Extra button: Flash Saver (HKLM)
O9 - Extra 'Tools' menuitem: Flash Saver (HKLM)
O9 - Extra button: Save To Palm (HKLM)
O9 - Extra 'Tools' menuitem: &Save To Palm (HKLM)
O9 - Extra button: Flash Catcher (HKLM)
O9 - Extra 'Tools' menuitem: Flash Catcher (HKLM)
O9 - Extra button: Recherche (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38026.4816550926
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A9936854-14DC-4BD5-BAC6-10333850F5EA}: NameServer = 206.47.244.79 206.47.244.12

 

[MFDnNC]

I see Spybot, but you need AdAware also AdAware SE http://www.majorgeeks.com/download506.html check for updates before running the scan

You HJT is old - get the latest and the repost

http://www.majorgeeks.com/download3155.html

 

[tk421]

Thanks for the help!

I do have ad aware on my computer, and I ran it before making the first scan. I just downloaded ad aware se now. I also got teh new highjack this, and this is my log. There seem to be something missing though. The first entries seemed to be what was making my programs start at startup. Now the entries are gone with the new highjack this. I erased highjack this 1.97. Can I somehow get it back?

Thanks in advance for the help!

Logfile of HijackThis v1.99.0
Scan saved at 15:42:50, on 2005-01-14
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
c:\mysql\bin\mysqld-nt.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\FTP\Serv-U\ServUDaemon.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\VNC\TightVNC1.2.9\TightVNC\WinVNC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\DS Clock\dsclock.exe
C:\PROGRA~1\FTP\Serv-U\SERVUT~1.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\slrundll.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spyware Cleaners\hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (file missing)
O2 - BHO: SnapFlash Class - {A44CBB0B-C77D-4BF5-87CC-B4EE79AD1B7E} - C:\Program Files\Fichiers communs\justDo\Jd2002.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Pilot Group LLC\Save Flash 2.4.20\SaveFlash.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [Internet Timer 3] C:\PROGRA~1\INTERN~3\Intern~1.exe
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\VNC\TightVNC1.2.9\TightVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [FlashSaver] C:\Program Files\Flash Saver 4.5\flashsaver.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [DS Clock] "C:\Program Files\DS Clock\dsclock.exe"
O4 - HKCU\..\Run: [delmsbb] C:\WINDOWS\delmsbb.exe
O4 - HKCU\..\Run: [ServUTrayIcon] C:\PROGRA~1\FTP\Serv-U\SERVUT~1.EXE
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &Save Flash In This Page - C:\PROGRA~1\FLASHS~1.5\save.htm
O8 - Extra context menu item: &Save To Palm - C:\Program Files\palmOne\HandStoryME.htm
O8 - Extra context menu item: C&lip To Palm - C:\Program Files\palmOne\HandStoryMEC.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Save Flash with Flash Catcher - res://C:\Program Files\Fichiers communs\justDo\IECatcher.DLL/FlashCatcher.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1.5\save.htm
O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1.5\save.htm
O9 - Extra button: Save To Palm - {6C8741AB-53B4-476e-BE7C-F519AD8A6494} - C:\Program Files\palmOne\HandStoryTE.htm
O9 - Extra 'Tools' menuitem: &Save To Palm - {6C8741AB-53B4-476e-BE7C-F519AD8A6494} - C:\Program Files\palmOne\HandStoryTE.htm
O9 - Extra button: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Fichiers communs\justDo\IECatcher.DLL
O9 - Extra 'Tools' menuitem: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Fichiers communs\justDo\IECatcher.DLL
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O17 - HKLM\System\CCS\Services\Tcpip\..\{A9936854-14DC-4BD5-BAC6-10333850F5EA}: NameServer = 206.47.244.134 206.47.244.43
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique - Unknown - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des evenements - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Service COM de gravage de CD IMAPI - Unknown - C:\WINDOWS\System32\imapi.exe
O23 - Service: Partage de Bureau a distance NetMeeting - Unknown - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: MySQL - Unknown - c:\mysql\bin\mysqld-nt.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: DDE reseau - Unknown - C:\WINDOWS\system32\netdde.exe
O23 - Service: DSDM DDE reseau - Unknown - C:\WINDOWS\system32\netdde.exe
O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Plug-and-Play - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau a distance - Unknown - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Prise en charge des cartes a puces - Unknown - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Carte a puce - Unknown - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Serv-U FTP Server - Cat Soft - C:\PROGRA~1\FTP\Serv-U\ServUDaemon.exe
O23 - Service: SmartLinkService - Unknown - slserv.exe (file missing)
O23 - Service: Journaux et alertes de performance - Unknown - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Telnet - Unknown - C:\WINDOWS\System32\tlntsvr.exe
O23 - Service: Cliche instantane de volume - Unknown - C:\WINDOWS\System32\vssvc.exe
O23 - Service: VNC Server - Constantin Kaplinsky - C:\Program Files\VNC\TightVNC1.2.9\TightVNC\WinVNC.exe
O23 - Service: Carte de performance WMI - Unknown - C:\WINDOWS\System32\wbem\wmiapsrv.exe

 

[MFDnNC]

Ah the joy of running updated AdAware!!!!!!!! - I'll look at the log.

Read this link on one of your problems - you need to thinkabout how you touch the net

http://vil.nai.com/vil/content/v_99378.htm

 

[MFDnNC]

Fix these

O4 - HKCU\..\Run: [delmsbb] C:\WINDOWS\delmsbb.exe

O23 - Service: Serv-U FTP Server - Cat Soft - C:\PROGRA~1\FTP\Serv-U\ServUDaemon.exe

O23 - Service: SmartLinkService - Unknown - slserv.exe (file missing)

O23 - Service: Telnet - Unknown - C:\WINDOWS\System32\tlntsvr.exe

Oh how I’ve lost my French I learned in Switzerland!!!!!!!!!!

 

[tk421]

Fix these

O4 - HKCU\..\Run: [delmsbb] C:\WINDOWS\delmsbb.exe

O23 - Service: Serv-U FTP Server - Cat Soft - C:\PROGRA~1\FTP\Serv-U\ServUDaemon.exe

O23 - Service: SmartLinkService - Unknown - slserv.exe (file missing)

O23 - Service: Telnet - Unknown - C:\WINDOWS\System32\tlntsvr.exe

Oh how I’ve lost my French I learned in Switzerland!!!!!!!!!!

Ce n'est pas grave, je parlerai francais pour toi!

Why should I fix the Serv-U FTP Server? I have built an FTP site out of my computer. I do some remore desktop too, so that might explain that Telnet thing.

Somehow I feel like highjack this 1.99 did not see the problems that 1.97 saw, i.e the startup issue. I can't find it here.

I will fix them all except for the Serv-U FTP server. Hopefully things will work. I will get back after doing this.

Thanks again a million times!

 

[MFDnNC]

That's fine - 1.99.0 sees more - you have a very complex setup so .... Just be careful

Nah, speak English - When I moved to Puerto Rico I asked for a receipt in Spanish and then Sil vous plat - She laughed and in perfect English told me I'd learn Spanish eventually

 

[tk421]

Thanks! I still have some problems though.


First of all, do I have to go erase the reg key like in the link that you gave me, or just fixing them with highjack this will do it?


Also, I still have all those programs running at startup. It's very messy. Somehow if you look at my first log, it seems that the three F0 keys are the problem. When I highlight them and ask for info, it says that this is a modified key that will result in a program running at startup. So can I just fix the three keys, and that's it?


Thanks in advance!

 

[MFDnNC]

Let HJT do it - click scan only then check the box to the left and when you've marked them, at the bottom click fix checked

Much safer than regedit