HijackRemote Anti-Spyware P2P Service

 
     
 
 Clean This with HijackRemote


Spyware File Details

 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

Last Detected: 6/12/2008 5:09:00 AM
Found on 27 PCs.

 Users with this object complained of the following:

 "5R444"
"no problem"
"A program called SpyAxe keeps installing on my computer even if I delete it. I use SpyBot. It finds spyware - PSGuard, Smitfraud-C, SpyAxe and Vcodec. It keeps coming back even if i delete it. Have a lot of popups as well. Some of them tells me my computer is infected and I need to download and install a antimalware program."
"a lot of "slugginesh" while starting up"
"Hi, I just reported a problem I have had since I got the C:\WINNT\system32\msblank.html removed. There is this small sidebar starting up anytime I turn on my PC. Its not in a window or anything(wish I could send a screenshot). It actually looks a little like some of the stuff you can place on your disktop with Samurize. Well I cant find it running anywhere, and no where on my PC either. I reported this 1 hour ago, and got real good and fast support. Sadly it didnt fix my problem. I was asked to remove 2 thing, one of them is Diskpins.exe wich is an opensource program I have used for years with no problem, so it cant be it. The other thing I dont know what it was, but it didnt remove that sidebar. Any help will be gladly appriciated. Thanks in advance! Great Project!! Aktiwers"


PCs containing this item also contained the following spyware:

O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\PROGRA~1\RXTOOL~1\sfcont.dll (file missing)
(More Details)

O4 - HKLM\..\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IXP000.TMP\"
(More Details)

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
(More Details)

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.kenwoodusa.com/
(More Details)

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
(More Details)

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\TSI32\tsircusr.exe
(More Details)

O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\Programmi\SlipStream Web Accelerator\PBHelper.dll
(More Details)

O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Programmi\Desktop Sidebar\sbhelp.dll
(More Details)

O2 - BHO: IEPlugin Class - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Programmi\Advanced System Optimizer\IEHelper.dll
(More Details)

O3 - Toolbar: (no name) - {00000000-5736-4205-0008-781cd0e19f00} - (no file)
(More Details)

O3 - Toolbar: SlipStream Web Accelerator - {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - C:\Programmi\SlipStream Web Accelerator\Toolband.dll
(More Details)

O4 - Startup: YPOPs!.lnk = C:\Programmi\YPOPs\ypops.exe
(More Details)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
(More Details)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
(More Details)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://find.tdconline.dk/google
(More Details)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
(More Details)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.eniro.dk/
(More Details)

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
(More Details)

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
(More Details)

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
(More Details)

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
(More Details)

O2 - BHO: HomepageBHO - {e0103cd4-d1ce-411a-b75b-4fec072867f4} - C:\WINDOWS\system32\hpC6C8.tmp
(More Details)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.altavista.com/
(More Details)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dellbiz.myway.com/
(More Details)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.altavista.com/
(More Details)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
(More Details)

O4 - Startup: Firewall Engine.lnk = C:\WINDOWS\SYSTEM32\NET.EXE
(More Details)

O4 - Startup: X1 System Tray.lnk = ?
(More Details)

O4 - Startup: X1.lnk = C:\Program Files\X1\X1.exe
(More Details)

O8 - Extra context menu item: + &Download Express: download this file - C:\Program Files\Download Express\Add_Url.htm
(More Details)

O9 - Extra button: Attach Web page to ACT! contact - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
(More Details)

O9 - Extra 'Tools' menuitem: Attach Web page to ACT! contact... - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
(More Details)

F2 - REG:system.ini: Shell=xpsf.exe
(More Details)

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_04\bin\npjpi150_04.dll
(More Details)

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_04\bin\npjpi150_04.dll
(More Details)

O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programmer\WinHTTrack\WinHTTrackIEBar.dll
(More Details)
Back to Spyware List
 
     
 About HijackRemote | Recently Slayed Spyware | Message Board | Contact Us
 HijackRemote ©2005 (Terms of Service)