|
|
#1
October 23rd, 2003, 05:06 PM
|
|||
|
|||
Possible spyware?
Ok, I was testing just doing some thing (Backing up files, mostly) and, I got a "low on disk space" thing, so I checked my HDD, I found it said it only had 20MB's left on it (Although, Just before this I had 920MB and have not installed anything recently), then after clicking ok, and clearing up the temp files etc, I got a error, kernel32.dll caused a error, in "SDhelper.dll" , I had to shutdown, got a "SpyRemover ( trial ) is not responding" I click "End Task" it shuts down, and I have no evidence of ANY file called "Syware Remover" on my computer, I am running Ad-Aware and Spybot S&D right now, but, have found nothing.. so far, here is a HiJack this log:
Logfile of HijackThis v1.97.2 Scan saved at 4:49:38 PM, on 10/23/03 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v5.00 (5.00.2614.3500) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE C:\PROGRAM FILES\REGPROT\REGPROT.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE C:\PROGRAM FILES\ID-BLASTER PLUS\IDBLASTERPLUS.EXE C:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\WINPATROL.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.EXE C:\WINDOWS\SYSTEM\RNAAPP.EXE C:\WINDOWS\SYSTEM\TAPISRV.EXE C:\PROGRAM FILES\EARTHLINK TOTALACCESS\TASKPANL.EXE C:\PROGRAM FILES\EARTHLINK TOTALACCESS\FASTLANE\ARUPLD32.EXE C:\PROGRAM FILES\MOZILLAFIREBIRD\MOZILLAFIREBIRD.EXE C:\PROGRAM FILES\MIRC\MIRC.EXE C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.earthlink.net/partner/more/msie/button/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.earthlink.net/partner/more/msie/button/search.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.earthlink.net/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.earthlink.net/partner/more/msie/button/search.html O1 - Hosts: 203.161.127.141 www.dcsresearch.com O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLL O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [AVG_CC] C:\PROGRAM FILES\GRISOFT\AVG6\avgcc32.exe /startup O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp O4 - HKLM\..\Run: [Spyware Gaurd] C:\Program Files\SpywareGuard\sgmain.exe O4 - HKLM\..\Run: [IDblaster] C:\Program Files\ID-Blaster Plus\idblasterplus.exe O4 - HKLM\..\Run: [WinPatrol] C:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\WINPATROL.EXE O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE O4 - HKLM\..\RunServices: [RegProt] c:\program files\regprot\regprot.exe /start O5 - control.ini: inetcpl.cpl=no O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present Note, that I am the one that disabled the Internet Control panel, I found it useless, so I used TweakUI and disabled it (I can still get to it through the IE menu) |
| « Previous Thread | Next Thread » |
| Thread Tools | Search this Thread |
|
|
