Possible spyware?

Discussion in 'privacy problems' started by Comp01, Oct 23, 2003.

Thread Status:
Not open for further replies.
  1. Comp01

    Comp01 Registered Member

    Joined:
    Sep 4, 2003
    Posts:
    638
    Ok, I was testing just doing some thing (Backing up files, mostly) and, I got a "low on disk space" thing, so I checked my HDD, I found it said it only had 20MB's left on it (Although, Just before this I had 920MB and have not installed anything recently), then after clicking ok, and clearing up the temp files etc, I got a error, kernel32.dll caused a error, in "SDhelper.dll" , I had to shutdown, got a "SpyRemover ( trial ) is not responding" I click "End Task" it shuts down, and I have no evidence of ANY file called "Syware Remover" on my computer, I am running Ad-Aware and Spybot S&D right now, but, have found nothing.. so far, here is a HiJack this log:

    Logfile of HijackThis v1.97.2
    Scan saved at 4:49:38 PM, on 10/23/03
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v5.00 (5.00.2614.3500)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
    C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
    C:\PROGRAM FILES\REGPROT\REGPROT.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
    C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE
    C:\PROGRAM FILES\ID-BLASTER PLUS\IDBLASTERPLUS.EXE
    C:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\WINPATROL.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\PROGRAM FILES\EARTHLINK TOTALACCESS\TASKPANL.EXE
    C:\PROGRAM FILES\EARTHLINK TOTALACCESS\FASTLANE\ARUPLD32.EXE
    C:\PROGRAM FILES\MOZILLAFIREBIRD\MOZILLAFIREBIRD.EXE
    C:\PROGRAM FILES\MIRC\MIRC.EXE
    C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.earthlink.net/partner/more/msie/button/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.earthlink.net/partner/more/msie/button/search.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.earthlink.net/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.earthlink.net/partner/more/msie/button/search.html
    O1 - Hosts: 203.161.127.141 www.dcsresearch.com
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRAM FILES\GRISOFT\AVG6\avgcc32.exe /startup
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui
    O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
    O4 - HKLM\..\Run: [Spyware Gaurd] C:\Program Files\SpywareGuard\sgmain.exe
    O4 - HKLM\..\Run: [IDblaster] C:\Program Files\ID-Blaster Plus\idblasterplus.exe
    O4 - HKLM\..\Run: [WinPatrol] C:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\WINPATROL.EXE
    O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
    O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
    O4 - HKLM\..\RunServices: [RegProt] c:\program files\regprot\regprot.exe /start
    O5 - control.ini: inetcpl.cpl=no
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

    Note, that I am the one that disabled the Internet Control panel, I found it useless, so I used TweakUI and disabled it (I can still get to it through the IE menu)
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.