|
Spyware File Details R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank Last Detected: 1/31/2006 11:01:00 AM Found on 6 PCs. Users with this object complained of the following: "A program called SpyAxe keeps installing on my computer even if I delete it. I use SpyBot. It finds spyware - PSGuard, Smitfraud-C, SpyAxe and Vcodec. It keeps coming back even if i delete it. Have a lot of popups as well. Some of them tells me my computer is infected and I need to download and install a antimalware program." "adware" "popups" "spy" "trojans removed by AVG anti virus but computer still runs slow and I'm not sure if its all gone. crack22.a1.exe.001 crack22a.exe msctl32.dll tool2.exe paytime.exe" PCs containing this item also contained the following spyware: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank (More Details) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank (More Details) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://find.tdconline.dk/google (More Details) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank (More Details) R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.eniro.dk/ (More Details) R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank (More Details) R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank (More Details) R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank (More Details) R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks (More Details) O2 - BHO: HomepageBHO - {e0103cd4-d1ce-411a-b75b-4fec072867f4} - C:\WINDOWS\system32\hpC6C8.tmp (More Details) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR (More Details) R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://welcome.intranet.mckinsey.com/ (More Details) R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://welcome.intranet.mckinsey.com/ (More Details) R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR (More Details) R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm (More Details) R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://127.0.0.1:9495/ (More Details) R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://iedownload.intranet.mckinsey.com/ie6sp1/install.ins (More Details) O2 - BHO: HomepageBHO - {27150f81-0877-42e9-af13-55e5a3439a26} - C:\WINDOWS\System32\hp69BF.tmp (More Details) O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present (More Details) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank (More Details) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Yahoo! (More Details) O1 - Hosts: comments (such as these) may be inserted on individual (More Details) O2 - BHO: TChkBHO Class - {D06722B2-58E4-400E-8930-8BAD18F1297C} - C:\WINDOWS\SYSTEM32\foliez.dll (file missing) (More Details) O2 - BHO: (no name) - {D4C871E8-B0C3-4088-B605-26BE8E62AFD3} - C:\WINDOWS\System32\d3dnim.dll (file missing) (More Details) O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A (More Details) O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (More Details) O4 - HKLM\..\Run: [HREOBM] C:\WINDOWS\HREOBM.exe (More Details) O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe (More Details) R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = (More Details) R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = (More Details) R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vnculos (More Details) O17 - HKLM\System\CCS\Services\Tcpip\..\{28BAEC64-1358-427E-8C74-735156978617}: NameServer = 80.58.0.33,80.58.32.97 (More Details) O17 - HKLM\System\CS1\Services\Tcpip\..\{28BAEC64-1358-427E-8C74-735156978617}: NameServer = 80.58.0.33,80.58.32.97 (More Details) O17 - HKLM\System\CS2\Services\Tcpip\..\{28BAEC64-1358-427E-8C74-735156978617}: NameServer = 80.58.0.33,80.58.32.97 (More Details) O23 - Service: Windows Automatic Updates - Stanford University - C:\WINDOWS\system32\windowsautomaticupdates.exe (More Details) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank (More Details) R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank (More Details) R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank (More Details) O2 - BHO: (no name) - {00C9D850-244D-10E1-B3C9-10805E499D95} - (no file) (More Details) Back to Spyware List |
||||||
| About HijackRemote | Recently Slayed Spyware | Message Board | Contact Us | ||||||
| HijackRemote ©2005 (Terms of Service) | ||||||
