|
Spyware File Details R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Last Detected: 10/29/2006 10:28:00 AM Found on 36 PCs. Users with this object complained of the following: "popup" "Remote admin new users, unable to do online virus scans, registry changes, denied access to files, loss of admin rights. This is a stand alone computer - not networked." PCs containing this item also contained the following spyware: R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = (More Details) R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com (More Details) O4 - HKLM\..\Run: [Popup Blocker System9 Monitoring] PopUpBlocker9.exe (More Details) O4 - HKLM\..\Run: [MS Office1 Startup] OfficeGUI1.exe (More Details) O4 - HKLM\..\Run: [timessquare] c:\windows\timessquare.exe (More Details) O4 - HKLM\..\Run: [winsync] C:\WINNT\system32\ycyyii.exe reg_run (More Details) O4 - HKLM\..\Run: [drsmartloadb] c:\\drsmartloadb.exe (More Details) O4 - HKLM\..\RunServices: [Popup Blocker System9 Monitoring] PopUpBlocker9.exe (More Details) O4 - HKLM\..\RunServices: [MS Office1 Startup] OfficeGUI1.exe (More Details) O4 - Global Startup: pjpp.exe (More Details) R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = (More Details) R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = (More Details) R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.winxpcentral.com/windowsxp/ (More Details) O10 - Broken Internet access because of LSP provider 'c:\windows\system32\rsvpsp.dll' missing (More Details) R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = http://clearsurfing.net/srch.php?qq=%s (More Details) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://v73.us (More Details) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://v73.us (More Details) R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = (More Details) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank (More Details) R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://v73.us/search.html (More Details) R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://v73.us (More Details) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = (More Details) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = (More Details) R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = (More Details) O2 - BHO: ngsh35.clsIS - {392BAF48-A26A-45B5-9263-97128E429268} - C:\WINDOWS\system32\ngsh35.dll (More Details) O4 - HKLM\..\Run: [elitemedia] C:\WINDOWS\elitemediapop.exe (More Details) O4 - HKLM\..\Run: [sms_msn] C:\WINDOWS\system32\sms_msn.exe (More Details) O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\lwinksaw.exe FI002 (More Details) O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\lwinksaw.exe (More Details) O15 - Trusted Zone: *.elitemediagroup.net (More Details) Back to Spyware List |
||||||
| About HijackRemote | Recently Slayed Spyware | Message Board | Contact Us | ||||||
| HijackRemote ©2005 (Terms of Service) | ||||||
