|
Spyware File Details O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx Last Detected: 4/23/2007 5:44:00 AM Found on 5 PCs. Users with this object complained of the following: "%systemroot%\system32\dumprep 0 -k shuts down computer and dumps files in cache" "Hi, 3 weeks ago I got the C:\WINNT\System32\msblank.html I removed it and it keeped on getting reinstalled. I used Hijac this to find it and used alot of anti spyware software and finally my browser was clean, and I could pick my own start page again. But another thing that came with it, as a Very annoying sidebar, that opens when windows starts. It like floots on the disktop. I cant find it running in Processors, and not even in the msconfig startup list. No spyware scanner has been able to remove it, and im just lost. Any help with this would be gladly appriciated :) Thanks a lot for a great project! Sincerely Aktiwers" "lot of viruses" "have spyware issues constant pop ups error messages at start up such as csrss.new.exe very slow computer also get a error message about my sub system being dos not sure what it is" "popups, slow pc" PCs containing this item also contained the following spyware: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us7.hpwis.com/ (More Details) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us7.hpwis.com/ (More Details) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html (More Details) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us7.hpwis.com (More Details) R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.isp.com/ (More Details) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us7.hpwis.com/ (More Details) R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us7.hpwis.com/ (More Details) O2 - BHO: PopKill Class - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Zero Knowledge\Freedom\pkR.dll (More Details) O2 - BHO: ZKBho Class - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll (More Details) O2 - BHO: Burn4Free Toolbar Helper - {F8E5CA21-C27B-43e7-B2BE-4CA93C9F9A1F} - C:\Program Files\Burn4Free Toolbar\v2.0.0.3\Burn4Free_Toolbar.dll (More Details) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx (More Details) O4 - Startup: DeskPins.lnk = C:\Programmer\DeskPins\DeskPins.exe (More Details) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html (More Details) R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html (More Details) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html (More Details) R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html (More Details) R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html (More Details) R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html (More Details) F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe" (More Details) O4 - HKLM\..\Run: [RealPlayer Ath Check] rnathchk.exe (More Details) O4 - HKLM\..\Run: [WINTASK] taskgmr.exe (More Details) R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?p=%s (More Details) R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System\blank.htm (More Details) R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file) (More Details) F3 - REG:win.ini: load=C:\WINDOWS\System32\lufajlvb\csrss.new.exe (More Details) F3 - REG:win.ini: run=C:\WINDOWS\System32\lufajlvb\csrss.new.exe (More Details) O1 - Hosts: 64.233.167.104 www.symantec.com (More Details) O1 - Hosts: 64.233.167.104 www.sophos.com (More Details) O1 - Hosts: 64.233.167.104 www.mcafee.com (More Details) O1 - Hosts: 64.233.167.104 www.viruslist.com (More Details) O1 - Hosts: 64.233.167.104 www.f-secure.com (More Details) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about: (More Details) O3 - Toolbar: Zango Toolbar - {EA0D26BD-9029-431A-86E0-83152D67828A} - (no file) (More Details) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (More Details) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll (More Details) O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Zango/ie/bridge-c18.cab (More Details) Back to Spyware List |
||||||
| About HijackRemote | Recently Slayed Spyware | Message Board | Contact Us | ||||||
| HijackRemote ©2005 (Terms of Service) | ||||||
