|
Spyware File Details O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup Last Detected: 2/8/2007 6:43:00 AM Found on 4 PCs. Users with this object complained of the following: "Over the last few weeks, I have had browser problems ( I use Firefox primarily--also via Netscape-- and IE Explorer). I keep losing contact with Google although the link and browser are still functioning. I also got error reports from Firefox that it could not contact the server and needed to close down. This also happened with Thunderbird. I tried uninstalling and re-installing both programmes to no avail and visited several XP restore points. Thus I have been using Microsoft Explorer and mail and the former has also lost server contact. My AVG anti-virus scan listed four instances of ExploitWMF and eight of Java/ByteVerify. The former are now in the Vault, the latter are apparently fairly harmless. However, when I ran another anti-virus test (XoftSpy) it briefly noted that my browser may have been hijacked. It found only 18 innocuous trackers and no viruses or trojans. However, I cleared the Java plug-in cache and un-enabled caching to stop any further Java/ByteVerify arrivals. " "Slow pc" "popups" "spyware popups" PCs containing this item also contained the following spyware: O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE (More Details) O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper (More Details) O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup (More Details) O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\System32\fast.exe (More Details) O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe (More Details) O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k (More Details) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01 (More Details) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01 (More Details) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online (More Details) R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 (More Details) O2 - BHO: (no name) - {1689ACDE-3F41-4694-6BA1-16837DB8F8CB} - C:\WINDOWS\system32\nynbuol.dll (file missing) (More Details) O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (More Details) O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe (More Details) O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe (More Details) O4 - HKLM\..\Run: [Serviceprocess] CToolBar.exe (More Details) O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file) (More Details) O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZS (More Details) O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU) (More Details) O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (More Details) O4 - HKCU\..\Run: [Tair] "C:\PROGRA~1\COMMON~1\FNTS~1\ntvdm.exe" -vt yazb (More Details) O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe (More Details) O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll (More Details) O20 - Winlogon Notify: winxtx32 - C:\WINDOWS\SYSTEM32\winxtx32.dll (More Details) Back to Spyware List |
||||||
| About HijackRemote | Recently Slayed Spyware | Message Board | Contact Us | ||||||
| HijackRemote ©2005 (Terms of Service) | ||||||
