Hiya
This is the bit that I'm 50/50 with:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page=http://srch-gb7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL=http://gb7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL=http://srch-gb7.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page=http://gb7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar=http://srch-gb7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page=http://srch-gb7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL=http://srch-gb7.hpwis.com/
Its on my system, and the rest look okay, but here it is anyway:
Logfile of HijackThis v1.95.0
Scan saved at 18:42:05, on 15/09/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\USB Storage RW\shwicon.exe
C:\Program Files\AntiViral Toolkit Pro\avpm.exe
C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Documents and Settings\Owner\My Documents\Programs\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page=http://srch-gb7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL=http://gb7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL=http://srch-gb7.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page=http://gb7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar=http://srch-gb7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page=http://srch-gb7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL=http://www.blueyonder.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL=http://srch-gb7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title=Microsoft Internet Explorer provided by blueyonder
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride=localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page=C:\WINDOWS\System32\blank.htm
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - c:\Program Files\Microsoft Money\System\mnyside.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KYE_Showicon] "C:\Program Files\USB Storage RW\shwicon.exe" -t"KYE\USB Storage RW"
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - Global Startup: AVP Monitor.lnk = C:\Program Files\AntiViral Toolkit Pro\avpm.exe
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
O9 - Extra button: Money Viewer (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.blueyonder.co.uk
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct1_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
O16 - DPF: Yahoo! Reversi - http://download.games.yahoo.com/games/clients/y/rt0_x.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37864.3828240741
Am I right that the top bits need removing?
Thanks
eddie
This is the bit that I'm 50/50 with:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page=http://srch-gb7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL=http://gb7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL=http://srch-gb7.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page=http://gb7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar=http://srch-gb7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page=http://srch-gb7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL=http://srch-gb7.hpwis.com/
Its on my system, and the rest look okay, but here it is anyway:
Logfile of HijackThis v1.95.0
Scan saved at 18:42:05, on 15/09/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\USB Storage RW\shwicon.exe
C:\Program Files\AntiViral Toolkit Pro\avpm.exe
C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Documents and Settings\Owner\My Documents\Programs\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page=http://srch-gb7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL=http://gb7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL=http://srch-gb7.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page=http://gb7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar=http://srch-gb7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page=http://srch-gb7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL=http://www.blueyonder.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL=http://srch-gb7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title=Microsoft Internet Explorer provided by blueyonder
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride=localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page=C:\WINDOWS\System32\blank.htm
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - c:\Program Files\Microsoft Money\System\mnyside.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KYE_Showicon] "C:\Program Files\USB Storage RW\shwicon.exe" -t"KYE\USB Storage RW"
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - Global Startup: AVP Monitor.lnk = C:\Program Files\AntiViral Toolkit Pro\avpm.exe
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
O9 - Extra button: Money Viewer (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.blueyonder.co.uk
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct1_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
O16 - DPF: Yahoo! Reversi - http://download.games.yahoo.com/games/clients/y/rt0_x.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37864.3828240741
Am I right that the top bits need removing?
Thanks
eddie