|
Spyware File Details O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) Last Detected: 8/25/2007 3:48:00 AM Found on 14 PCs. Users with this object complained of the following: "tcinstall.exe" "slow pc, "freezing", sudden shutting down" "genuine" "slow pc" "trojan " PCs containing this item also contained the following spyware: R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local (More Details) F3 - REG:win.ini: load=C:\WINDOWS\system32\afthbwtp\winlogon.exe (More Details) F3 - REG:win.ini: run=C:\WINDOWS\system32\afthbwtp\winlogon.exe (More Details) O1 - Hosts: 1.1.1.1 f-secure.com (More Details) O1 - Hosts: 1.1.1.1 www.f-secure.com (More Details) O1 - Hosts: 1.1.1.1 ftp.f-secure.com (More Details) O1 - Hosts: 1.1.1.1 ftp.sophos.com (More Details) O1 - Hosts: 1.1.1.1 liveupdate.symantec.com (More Details) O1 - Hosts: 1.1.1.1 customer.symantec.com (More Details) O1 - Hosts: 1.1.1.1 dispatch.mcafee.com (More Details) O2 - BHO: (no name) - {325E8916-A1E3-4068-92C1-C145D91F1479} - C:\WINDOWS\system32\safrdm32.dll (file missing) (More Details) O4 - HKLM\..\Run: [juqzali.dll] C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\USER\Local Settings\Application Data\juqzali.dll",rdrhwne (More Details) O4 - HKCU\..\Run: [Malware Sweeper] C:\Program Files\MalwareSweeper.com\MalwareSweeper\MalSwep.exe (More Details) O4 - Startup: .protected (More Details) O4 - Global Startup: .protected (More Details) O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (More Details) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) (More Details) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) (More Details) O11 - Options group: [INTERNATIONAL] International* (More Details) O4 - Startup: PowerReg Scheduler V3.exe (More Details) O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 (More Details) O17 - HKLM\System\CCS\Services\Tcpip\..\{8ECB72A3-BFD2-4448-B87E-ED6CE1E4F160}: NameServer = 213.244.255.2 (More Details) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) (More Details) O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (More Details) O4 - HKLM\..\Run: [netkitap_beta] C:\Program Files\NetKitap\netkitap_v2_0.exe (More Details) O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (More Details) O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe" (More Details) O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized (More Details) O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (More Details) O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (More Details) O2 - BHO: (no name) - {34E6F97C-34E0-4CE5-B92B-F83634BEDC01} - C:\Program Files\Video ActiveX Access\iesplg.dll (More Details) O3 - Toolbar: Protection Bar - {29C5A3B6-9A8D-4FA0-B5AD-3E20F4AA5C00} - C:\Program Files\Video ActiveX Access\iesbpl.dll (More Details) O4 - HKLM\..\Run: [vwdajqbe] C:\WINDOWS\system32\pjbucohu.exe (More Details) O4 - HKLM\..\Run: [rtasks] C:\Program Files\TrustedProtection\rtasks.exe (More Details) O4 - HKLM\..\Run: [ugescw] "C:\PROGRA~1\BUGSDE~1\ugescw.exe" -start (More Details) O4 - HKLM\..\RunOnce: [SpybotDeletingA4015] command /c del "C:\Program Files\Video ActiveX Access\imsmain.exe_tobedeleted_old" (More Details) O4 - HKLM\..\RunOnce: [SpybotDeletingC6399] cmd /c del "C:\Program Files\Video ActiveX Access\imsmain.exe_tobedeleted_old" (More Details) O4 - HKCU\..\RunOnce: [SpybotDeletingB2475] command /c del "C:\Program Files\Video ActiveX Access\imsmain.exe_tobedeleted_old" (More Details) O4 - HKCU\..\RunOnce: [SpybotDeletingD8579] cmd /c del "C:\Program Files\Video ActiveX Access\imsmain.exe_tobedeleted_old" (More Details) Back to Spyware List |
||||||
| About HijackRemote | Recently Slayed Spyware | Message Board | Contact Us | ||||||
| HijackRemote ©2005 (Terms of Service) | ||||||
