[Mobo]

Rescan once again with hijack and insert a check njext to each of the following items please then close all windows except those of hijack and click "fix checked"

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us8l.hpwis.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us8l.hpwis.com

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us8l.hpwis.com/

O4 - HKLM\..\Run: [Microsoft Hosting Service] chrox.exe

O4 - HKLM\..\Run: [mstask32] mstask32.exe

O4 - HKLM\..\Run: [Sygate Personal Firewall] sysproxy.exe

O4 - HKLM\..\Run: [Gate Personal Firewall] systpl.exe

O4 - HKLM\..\Run: [Microsoft Host Service] mswinlog.exe

O4 - HKLM\..\RunServices: [Microsoft Hosting Service] chrox.exe

O4 - HKLM\..\RunServices: [mstask32] mstask32.exe

O4 - HKLM\..\RunServices: [Sygate Personal Firewall] sysproxy.exe

O4 - HKLM\..\RunServices: [Gate Personal Firewall] systpl.exe

O4 - HKLM\..\RunServices: [Microsoft Host Service] mswinlog.exe

O4 - HKCU\..\Run: [Microsoft Host Service] mswinlog.exe

O4 - HKCU\..\Run: [Microsoft Hosting Service] chrox.exe

O4 - HKCU\..\Run: [Microsoft World Service] winworld.exe

O4 - HKCU\..\Run: [mstask32] mstask32.exe

O4 - HKCU\..\Run: [Sygate Personal Firewall] sysproxy.exe

O4 - HKCU\..\Run: [Gate Personal Firewall] systpl.exe

O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/..._1/axofupld.cab


Then reboot the system into safe mode http://www.spyware911.net/forum/index.php?showtopic=15


Open windows explorer, find then delete:
C:\WINDOWS\System32\chrox.exe
C:\WINDOWS\System32\mswinlog.exe
C:\WINDOWS\System32\mstask32.exe
C:\WINDOWS\System32\sysproxy.exe

Reboot rescan and post a fresh log.
__________________