|
Spyware File Details O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present Last Detected: 1/11/2007 11:56:00 AM Found on 48 PCs. Users with this object complained of the following: "spyware detected" "alway the www.880123.com" "Slow pc, window installer popsup,Homepage Changes,Host File Changes" "Browser Hijack, modem auto dialing, spy sniper popup every 2sec ,browser hijack recover pops up every 5 sec" "lost D: drive (no longer reads) lost printer/fax/scanner (no longer reads) ....assume both due to missing drivers which have been re-directed by other software" PCs containing this item also contained the following spyware: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html (More Details) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.siemens.net/cgi-bin/iesearch.pl (More Details) R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html (More Details) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html (More Details) R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html (More Details) R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm (More Details) R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html (More Details) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Siemens VDO V1.0 (More Details) R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://proxyconfig01/jscripts/proxy.pac (More Details) R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http= (More Details) O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present (More Details) O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present (More Details) O9 - Extra button: ???? - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing) (More Details) O9 - Extra 'Tools' menuitem: ? - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing) (More Details) O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/activex/EPUWALControl_v1-0-3-18.cab (More Details) O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/186df3dbacffd1f12a15/netzip/RdxIE601_tw.cab (More Details) O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} (pCastPanel Class) - http://ps.itv.mop.com/dn/files/pCastCtl_1.0.0.76_20051110.cab (More Details) O23 - Service: GEARSecurity - Unknown owner - D:\WINDOWS\System32\GEARSec.exe (file missing) (More Details) O23 - Service: Windows Anti Virus (win32ocx) - Unknown owner - D:\WINDOWS\win32ocx.exe (More Details) R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch (More Details) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present (More Details) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present (More Details) O17 - HKLM\System\CCS\Services\Tcpip\..\{9D4E194B-4706-47F3-9040-4057211F6636}: NameServer = 205.188.146.145 (More Details) O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file) (More Details) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net (More Details) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html (More Details) R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.earthlink.net/ (More Details) R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.adware-free-security.com (More Details) R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = (More Details) R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=22028 (More Details) R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) (More Details) O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - (value not set) (file missing) (More Details) O3 - Toolbar: (no name) - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - (no file) (More Details) O3 - Toolbar: &FirstStop WebSearch - {E26FDEC1-053B-11D6-B969-CEEBA9E95046} - C:\PROGRA~1\BIZ-MO~1\Weather Pulse\ieband3.dll (More Details) Back to Spyware List |
||||||
| About HijackRemote | Recently Slayed Spyware | Message Board | Contact Us | ||||||
| HijackRemote ©2005 (Terms of Service) Privacy Policy | ||||||
