1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

(Solved) Quick HT list

Discussion in 'Virus & Other Malware Removal' started by eddie5659, Sep 15, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. eddie5659

    eddie5659 Moderator Malware Specialist Thread Starter

    Joined:
    Mar 19, 2001
    Messages:
    34,395
    Hiya

    This is the bit that I'm 50/50 with:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page=http://srch-gb7.hpwis.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL=http://gb7.hpwis.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL=http://srch-gb7.hpwis.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page=http://gb7.hpwis.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar=http://srch-gb7.hpwis.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page=http://srch-gb7.hpwis.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL=http://srch-gb7.hpwis.com/

    Its on my system, and the rest look okay, but here it is anyway:

    Logfile of HijackThis v1.95.0
    Scan saved at 18:42:05, on 15/09/2003
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\windows\system\hpsysdrv.exe
    C:\Program Files\USB Storage RW\shwicon.exe
    C:\Program Files\AntiViral Toolkit Pro\avpm.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Documents and Settings\Owner\My Documents\Programs\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page=http://srch-gb7.hpwis.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL=http://gb7.hpwis.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL=http://srch-gb7.hpwis.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page=http://gb7.hpwis.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar=http://srch-gb7.hpwis.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page=http://srch-gb7.hpwis.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL=http://www.blueyonder.co.uk
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL=http://srch-gb7.hpwis.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title=Microsoft Internet Explorer provided by blueyonder
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride=localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page=C:\WINDOWS\System32\blank.htm
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - c:\Program Files\Microsoft Money\System\mnyside.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [KYE_Showicon] "C:\Program Files\USB Storage RW\shwicon.exe" -t"KYE\USB Storage RW"
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\Coloreal\coloreal.exe"
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - Global Startup: AVP Monitor.lnk = C:\Program Files\AntiViral Toolkit Pro\avpm.exe
    O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
    O9 - Extra button: Money Viewer (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.blueyonder.co.uk
    O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct1_x.cab
    O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
    O16 - DPF: Yahoo! Reversi - http://download.games.yahoo.com/games/clients/y/rt0_x.cab
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
    O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37864.3828240741



    Am I right that the top bits need removing?

    Thanks

    eddie
     
  2. e-liam

    e-liam

    Joined:
    Jun 19, 2003
    Messages:
    1,241
    Hi Eddie,

    Yep, you can fix those (don't forget to close all browsew windows first) and also include this one...

    O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/sof...nch/alaunch.cab


    Then reboot

    That's the lot.. :)

    Cheers

    Liam
     
  3. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,224
    First Name:
    Derek
    yep remove all the Hp search & homepage cr*p

    set who YOU want as your home page
     
  4. eddie5659

    eddie5659 Moderator Malware Specialist Thread Starter

    Joined:
    Mar 19, 2001
    Messages:
    34,395
    Thanks guys

    My home page is Google, so its all clear no. I'll mark this Solved, and close it :)

    eddie
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/165014

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice