Tech Support Forum banner
Status
Not open for further replies.

W32/Noala.b@MM

4K views 7 replies 3 participants last post by  greyknight17 
#1 ·
I have been trying to clear up my PC. I know that I have W32/Noala.b but haven’t found anything to get rid of it. I have been to several site that claim free Trojan/Spyware hunter killers but almost all that I have found want you to pay them before you can remove the problems and I don’t have a lot of money to spend. Below you will find what I have been trying, my latest HijackThis log and my Sygate Personal Firewall log. I know I have a lot of work to do. Any help you can offer me will be greatly appreciated
.
Spy Sweeper 3.0.0 = Negative
SpyHunter v 1.1.30 = 72 Registry items for BackWeb Lite
CWShreader v 1.59.1 = Negative
NoAdware v 2.01 = W32/Noala.b@MM HKEY_LOCAL_MACHINE\software\mRegValue
syscean = Negative

Logfile of HijackThis v1.98.2
Scan saved at 1:28:53 PM, on 9/3/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
http://housecall.trendmicro.com/ = Negative

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY\PCCIOMON.EXE
C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY\PCCPFW.EXE
C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY\TMPROXY.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\WINDOWS\SYSTEM\USBMMKBD.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\SYSTEM\LXSUPMON.EXE
C:\PROGRAM FILES\VERIZON ONLINE\DIAL 4.0\VISUALIPINSIGHT\IPCLIENT.EXE
C:\PROGRAM FILES\VERIZON ONLINE\DIAL 4.0\VISUALIPINSIGHT\IPMON32.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY\PCCGUIDE.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY\PCCLIENT.EXE
C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY\TMOAGENT.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\SCANSOFT\NATURALLYSPEAKING\PROGRAM\NATSPEAK.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://cgi.verizon.net/bookmarks/bmredir.asp?region=east&bw=dialin&cd=4.0&bm=ho_search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://cgi.verizon.net/bookmarks/bmredir.asp?region=east&bw=dialin&cd=4.0&bm=ho_search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer customized for Verizon Online
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [USBMMKBD] usbmmkbd.exe
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\SYSTEM\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\PROGRAM FILES\VERIZON ONLINE\DIAL 4.0\VISUALIPINSIGHT\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\PROGRAM FILES\VERIZON ONLINE\DIAL 4.0\VISUALIPINSIGHT\IPMon32.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security\pccguide.exe"
O4 - HKLM\..\Run: [PCCIOMON.exe] "C:\Program Files\Trend Micro\Internet Security\PCCIOMON.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Internet Security\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe" /run
O4 - HKLM\..\Run: [SpyHunter] C:\PROGRAM FILES\ENIGMA SOFTWARE GROUP\SPYHUNTER\SPYHUNTER.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Encompass_ENCMONTR] C:\Program Files\Easy Internet\ENCMONTR.EXE
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
O4 - HKLM\..\RunServices: [PCCIOMON.exe] "C:\Program Files\Trend Micro\Internet Security\PCCIOMON.exe"
O4 - HKLM\..\RunServices: [PccPfw] C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
O4 - HKLM\..\RunServices: [tmproxy] C:\Program Files\Trend Micro\Internet Security\tmproxy.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SPYSWEEPER.EXE" /0
O4 - HKCU\..\RunServices: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\RunServices: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\RunServices: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SPYSWEEPER.EXE" /0
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Dragon NaturallySpeaking.lnk = C:\Program Files\ScanSoft\NaturallySpeaking\Program\natspeak.exe
O9 - Extra button: RealGuide - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: TREND MICRO HouseCall - {2B5EA4F8-620A-4A8B-B003-4C8C5EBEA826} - http://uk.trendmicro-europe.com/enterprise/products/housecall_pre.php (file missing)
O9 - Extra button: Control Pad - {28D44DAC-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\PROGRAM FILES\VERIZON ONLINE\DIAL 4.0\CONTROLPAD\Misc\a_menu.exe (file missing)
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab


Action Direction Protocol Remote Host Local Host Application Name
Blocked Incoming UDP 0.0.0.0 255.255.255.255 Block_all
Allowed Incoming UDP 129.44.225.94 129.44.255.255 C:\WINDOWS\SYSTEM\kernel32.dll GUI%GUICONFIG#SRULE@NBENABLEYOU#ALLOW-UDP
Allowed Incoming UDP 129.44.226.109 129.44.255.255 C:\WINDOWS\SYSTEM\KERNEL32.DLL GUI%GUICONFIG#SRULE@NBENABLEYOU#ALLOW-UDP
Allowed Incoming UDP 129.44.226.78 129.44.255.255 C:\WINDOWS\SYSTEM\kernel32.dll GUI%GUICONFIG#SRULE@NBENABLEYOU#ALLOW-UDP
Allowed Outgoing UDP 129.44.255.255 129.44.226.78 C:\WINDOWS\SYSTEM\kernel32.dll GUI%GUICONFIG#SRULE@NBENABLEYOU#ALLOW-UDP
Blocked Incoming TCP 141.149.206.232 141.149.228.158 Block_all
Allowed Incoming UDP 141.149.228.158 141.149.255.255 C:\WINDOWS\SYSTEM\kernel32.dll GUI%GUICONFIG#SRULE@NBENABLEYOU#ALLOW-UDP
Blocked Incoming TCP 141.149.246.142 141.149.228.158 Block_all
Blocked Incoming TCP 141.149.252.222 141.149.228.158 Block_all
Allowed Outgoing UDP 141.149.255.255 141.149.228.158 C:\WINDOWS\SYSTEM\kernel32.dll GUI%GUICONFIG#SRULE@NBENABLEYOU#ALLOW-UDP
Allowed Outgoing UDP 151.202.0.85 141.149.228.158 C:\Program Files\Internet Explorer\IEXPLORE.EXE Ask all running apps
Blocked Outgoing ICMP 151.202.0.85 141.149.228.158 Block_all
Allowed Incoming UDP 169.254.19.207 169.254.255.255 C:\WINDOWS\SYSTEM\kernel32.dll GUI%GUICONFIG#SRULE@NBENABLEYOU#ALLOW-UDP
Allowed Outgoing UDP 169.254.255.255 169.254.19.207 C:\WINDOWS\SYSTEM\kernel32.dll GUI%GUICONFIG#SRULE@NBENABLEYOU#ALLOW-UDP
Allowed Outgoing TCP 194.112.106.208 141.149.228.240 C:\Program Files\Trend Micro\Internet Security\tmproxy.exe Ask all running apps
Allowed Outgoing TCP 216.150.206.250 141.149.228.158 C:\Program Files\Internet Explorer\IEXPLORE.EXE Ask all running apps
Blocked Incoming UDP 222.88.173.5 141.149.228.158 Block_all
Blocked Outgoing ICMP 224.0.0.2 141.149.228.158 C:\WINDOWS\SYSTEM\kernel32.dll GUI%GUICONFIG#SRULE@APPCONFIG-ICMP#C:\WINDOWS\SYSTEM\kernel32.dll
Blocked Incoming TCP 4.28.247.184 141.149.228.158 Block_all
Allowed Outgoing TCP a.as-us.falkag.net [208.184.39.146] 129.44.226.78 C:\Program Files\Trend Micro\Internet Security\tmproxy.exe Ask all running apps
Allowed Outgoing TCP a.softpedia.com [67.18.239.196] 129.44.226.78 C:\Program Files\Trend Micro\Internet Security\tmproxy.exe Ask all running apps
Allowed Outgoing TCP a840.g.akamai.net [130.81.64.12] 141.149.228.240 C:\Program Files\Trend Micro\Internet Security\tmproxy.exe Ask all running apps
Allowed Outgoing TCP activex.microsoft.com [207.46.196.108] 141.149.228.158 C:\Program Files\Internet Explorer\IEXPLORE.EXE Ask all running apps
Allowed Outgoing TCP ad2.ip.ro [80.86.96.70] 129.44.226.78 C:\Program Files\Trend Micro\Internet Security\tmproxy.exe Ask all running apps
Allowed Outgoing TCP ads.com.com [216.239.115.142] 129.44.226.78 C:\Program Files\Trend Micro\Internet Security\tmproxy.exe Ask all running apps
Allowed Outgoing TCP beam.to [212.254.206.30] 129.44.226.78 C:\Program Files\Trend Micro\Internet Security\tmproxy.exe Ask all running apps
Allowed Outgoing TCP bn.gewinn24.de [217.13.203.18] 129.44.226.78 C:\Program Files\Trend Micro\Internet Security\tmproxy.exe Ask all running apps
Allowed Outgoing TCP codecs.microsoft.com [130.81.64.26] 141.149.228.158 C:\Program Files\Internet Explorer\IEXPLORE.EXE Ask all running apps
Allowed Outgoing TCP crl.microsoft.com [131.107.103.243] 141.149.228.240 C:\WINDOWS\SYSTEM\WUCRTUPD.EXE Ask all running apps
Allowed Outgoing TCP crl.verisign.com [12.158.80.10] 141.149.228.240 C:\Program Files\Trend Micro\Internet Security\tmproxy.exe Ask all running apps
Allowed Outgoing TCP dl1.pctools.com [67.19.31.250] 141.149.228.158 C:\Program Files\Internet Explorer\IEXPLORE.EXE Ask all running apps
Allowed Outgoing TCP download.com [206.16.0.235] 129.44.226.78 C:\Program Files\Trend Micro\Internet Security\tmproxy.exe Ask all running apps
Allowed Outgoing TCP download.com.com [216.239.115.131] 129.44.226.78 C:\Program Files\Trend Micro\Internet Security\tmproxy.exe Ask all running apps
Blocked Outgoing TCP download.macromedia.com [216.104.212.81] 141.149.228.158 C:\Program Files\Internet Explorer\IEXPLORE.EXE GUI%GUICONFIG#SRULE@ADVRULECONFIG#Normal_103
Allowed Outgoing TCP download.softpedia.com [213.233.121.9] 129.44.226.78 C:\Program Files\Internet Explorer\IEXPLORE.EXE Ask all running apps
Allowed Outgoing TCP download.windowsupdate.com [64.4.23.29] 141.149.228.240 C:\Program Files\Trend Micro\Internet Security\tmproxy.exe Ask all running apps
Allowed Outgoing TCP download-pdl.search.com [206.16.0.179] 129.44.226.78 C:\Program Files\Trend Micro\Internet Security\tmproxy.exe Ask all running apps
Allowed Outgoing TCP dw.com.com [216.239.115.143] 141.149.228.158 C:\Program Files\Internet Explorer\IEXPLORE.EXE Ask all running apps
Allowed Outgoing TCP files1.majorgeeks.com [65.110.60.130] 129.44.226.78 C:\Program Files\Trend Micro\Internet Security\tmproxy.exe Ask all running apps
Allowed Outgoing TCP hop.clickbank.net [207.114.236.43] 129.44.226.78 C:\Program Files\Trend Micro\Internet Security\tmproxy.exe Ask all running apps
Allowed Outgoing TCP housecall.trendmicro.com [66.35.253.32] 141.149.228.240 C:\Program Files\Trend Micro\Internet Security\tmproxy.exe Ask all running apps
Allowed Outgoing TCP images.webattack.com [69.28.135.164] 129.44.226.78 C:\Program Files\Trend Micro\Internet Security\tmproxy.exe Ask all running apps
Allowed Outgoing TCP imgserv.adbutler.com [216.127.38.100] 129.44.225.94 C:\Program Files\Trend Micro\Internet Security\tmproxy.exe Ask all running apps
Allowed Outgoing TCP insight1.verizon.net [199.45.45.130] 129.44.225.94 C:\Program Files\Verizon Online\Dial 4.0\VisualIPInsight\IPClient.exe Ask all running apps
Allowed Outgoing TCP insight10.verizon.net [199.45.45.139] 129.44.225.94 C:\Program Files\Verizon Online\Dial 4.0\VisualIPInsight\IPClient.exe Ask all running apps
Allowed Outgoing TCP insight2.verizon.net [199.45.45.131] 141.149.228.158 C:\Program Files\Verizon Online\Dial 4.0\VisualIPInsight\IPClient.exe Ask all running apps
Allowed Outgoing TCP itxt.vibrantmedia.com [63.211.210.221] 129.44.226.78 C:\Program Files\Trend Micro\Internet Security\tmproxy.exe Ask all running apps
Allowed Outgoing TCP liveupdate.symantecliveupdate.com [63.211.66.27] 129.44.225.94 C:\Program Files\Symantec\LiveUpdate\LuComServer.EXE Ask all running apps
Allowed Outgoing TCP log.trafic.ro [217.156.103.27] 129.44.226.78 C:\Program Files\Trend Micro\Internet Security\tmproxy.exe Ask all running apps
Allowed Outgoing TCP mjc1.com [209.157.129.87] 141.149.228.158 C:\Program Files\Internet Explorer\IEXPLORE.EXE Ask all running apps
Allowed Outgoing TCP pagead2.googlesyndication.com [216.239.41.104] 141.149.228.158 C:\Program Files\Internet Explorer\IEXPLORE.EXE Ask all running apps
Allowed Outgoing TCP pc-cillin-p.activeupdate.trendmicro.com [4.78.20.11] 141.149.228.240 C:\Program Files\Trend Micro\Internet Security\tmproxy.exe Ask all running apps
Allowed Outgoing TCP pc-cillin-p.activeupdate.trendmicro.com [4.78.20.11] 141.149.228.240 C:\Program Files\Trend Micro\Internet Security\tmproxy.exe Ask all running apps
Allowed Outgoing TCP pc-cillin-t.activeupdate.trendmicro.com [64.28.86.228] 141.149.228.240 C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe Ask all running apps
Allowed Outgoing TCP products.webroot.com [216.58.162.100] 141.149.228.158 C:\Program Files\Internet Explorer\IEXPLORE.EXE Ask all running apps
Allowed Outgoing TCP reviews.cnet.com [216.239.115.141] 141.149.228.158 C:\Program Files\Internet Explorer\IEXPLORE.EXE Ask all running apps
Allowed Outgoing TCP s89223352.onlinehome.us [217.160.226.83] 141.149.228.158 C:\Program Files\Internet Explorer\IEXPLORE.EXE Ask all running apps
Allowed Outgoing TCP security.kolla.de [212.227.118.106] 129.44.226.78 C:\Program Files\Trend Micro\Internet Security\tmproxy.exe Ask all running apps
Allowed Outgoing TCP securityresponse.symantec.com [63.211.66.61] 141.149.228.240 C:\Program Files\Trend Micro\Internet Security\tmproxy.exe Ask all running apps
Allowed Outgoing TCP sel.as-us.falkag.net [66.150.87.2] 129.44.226.78 C:\Program Files\Trend Micro\Internet Security\tmproxy.exe Ask all running apps
Allowed Outgoing TCP software-files.download.com [216.239.120.254] 129.44.226.78 C:\Program Files\Trend Micro\Internet Security\tmproxy.exe Ask all running apps
Allowed Outgoing TCP storage.trafic.ro [217.156.103.59] 129.44.226.78 C:\Program Files\Trend Micro\Internet Security\tmproxy.exe Ask all running apps
Allowed Outgoing TCP v4.windowsupdate.microsoft.com [207.46.134.126] 141.149.228.240 C:\WINDOWS\SYSTEM\WULOADER.EXE Ask all running apps
Allowed Outgoing TCP v4.windowsupdate.microsoft.com [64.4.21.28] 129.44.225.94 C:\WINDOWS\SYSTEM\WUCRTUPD.EXE Ask all running apps
Allowed Outgoing TCP wdcs.trendmicro.com [66.35.255.43] 141.149.228.240 C:\Program Files\Trend Micro\Internet Security\tmproxy.exe Ask all running apps
Allowed Outgoing TCP windowsupdate.microsoft.com [207.46.134.92] 141.149.228.240 C:\WINDOWS\SYSTEM\WUCRTUPD.EXE Ask all running apps
Allowed Outgoing TCP wustat.windows.com [207.46.197.59] 129.44.225.94 C:\WINDOWS\SYSTEM\WUCRTUPD.EXE Ask all running apps
Allowed Outgoing TCP www.aquahobby.com [216.117.138.145] 129.44.225.94 C:\Program Files\Trend Micro\Internet Security\tmproxy.exe Ask all running apps
Allowed Outgoing TCP www.epilot.com [64.94.109.52] 129.44.226.78 C:\Program Files\Trend Micro\Internet Security\tmproxy.exe Ask all running apps
Allowed Outgoing TCP www.google.com [216.239.39.147] 141.149.228.158 C:\Program Files\Internet Explorer\IEXPLORE.EXE Ask all running apps
Allowed Outgoing TCP www.google.com [216.239.39.99] 141.149.228.158 C:\Program Files\Internet Explorer\IEXPLORE.EXE Ask all running apps
Allowed Outgoing TCP www.google.com [216.239.41.104] 129.44.226.78 C:\Program Files\Trend Micro\Internet Security\tmproxy.exe Ask all running apps
Allowed Outgoing TCP www.google.com [216.239.41.99] 141.149.228.240 C:\Program Files\Trend Micro\Internet Security\tmproxy.exe Ask all running apps
Allowed Outgoing TCP www.google.com [64.233.161.99] 129.44.225.94 C:\Program Files\Trend Micro\Internet Security\tmproxy.exe Ask all running apps
Allowed Outgoing TCP www.googleadservices.com [216.239.57.96] 129.44.225.94 C:\Program Files\Trend Micro\Internet Security\tmproxy.exe Ask all running apps
Allowed Outgoing TCP www.hijack-this.net [67.15.10.79] 141.149.228.158 C:\Program Files\Internet Explorer\IEXPLORE.EXE Ask all running apps
Allowed Outgoing TCP www.kephyr.com [66.98.166.66] 141.149.228.158 C:\Program Files\Internet Explorer\IEXPLORE.EXE Ask all running apps
Allowed Outgoing TCP www.majorgeeks.com [67.19.72.100] 129.44.226.78 C:\Program Files\Trend Micro\Internet Security\tmproxy.exe Ask all running apps
Allowed Outgoing TCP www.mytechsupport.ca [208.170.149.146] 141.149.228.158 C:\Program Files\Internet Explorer\IEXPLORE.EXE Ask all running apps
Allowed Outgoing TCP www.noadware.net [69.20.71.82] 141.149.228.158 C:\Program Files\Internet Explorer\IEXPLORE.EXE Ask all running apps
Allowed Outgoing TCP www.pctools.com [65.61.181.240] 141.149.228.158 C:\Program Files\Internet Explorer\IEXPLORE.EXE Ask all running apps
Allowed Outgoing TCP www.pestpatrol.com [209.92.194.116] 141.149.228.158 C:\Program Files\Internet Explorer\IEXPLORE.EXE Ask all running apps
Allowed Outgoing TCP www.safer-networking.org [212.227.253.104] 129.44.226.78 C:\Program Files\Trend Micro\Internet Security\tmproxy.exe Ask all running apps
Allowed Outgoing TCP www.snapfiles.net [69.28.135.165] 129.44.226.78 C:\Program Files\Trend Micro\Internet Security\tmproxy.exe Ask all running apps
Allowed Outgoing TCP www.softpedia.com [193.226.140.167] 129.44.226.78 C:\Program Files\Trend Micro\Internet Security\tmproxy.exe Ask all running apps
Allowed Outgoing TCP www.spychecker.com [69.28.135.166] 129.44.226.78 C:\Program Files\Trend Micro\Internet Security\tmproxy.exe Ask all running apps
Allowed Outgoing TCP www.spywareinfo.com [216.98.141.250] 129.44.226.78 C:\My Documents\My Downloads\CWShredder.exe Ask all running apps
Allowed Outgoing TCP www.techsupportforum.com [67.43.10.154] 141.149.228.158 C:\Program Files\Internet Explorer\IEXPLORE.EXE Ask all running apps
Allowed Outgoing TCP www.trendmicro.com [130.81.64.13] 141.149.228.240 C:\Program Files\Trend Micro\Internet Security\tmproxy.exe Ask all running apps
Allowed Outgoing TCP www.webroot.com [216.150.206.248] 141.149.228.158 C:\Program Files\Internet Explorer\IEXPLORE.EXE Ask all running apps
Allowed Outgoing TCP www.webrootdisp.net [66.216.97.155] 141.149.228.158 C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe Ask all running apps
Allowed Outgoing TCP www.webtraffictools.com [66.161.20.16] 129.44.225.94 C:\Program Files\Trend Micro\Internet Security\tmproxy.exe Ask all running apps
Allowed Outgoing TCP www.winguides.com [65.61.180.80] 129.44.226.78 C:\Program Files\Trend Micro\Internet Security\tmproxy.exe Ask all running apps
Allowed Outgoing TCP www.zoneedit.com [69.72.176.178] 129.44.226.78 C:\Program Files\Trend Micro\Internet Security\tmproxy.exe Ask all running apps
Allowed Outgoing TCP x.cb.kount.com [207.114.236.44] 141.149.228.158 C:\Program Files\Internet Explorer\IEXPLORE.EXE Ask all running apps
 
See less See more
#2 ·
Welcome to TSF.

Please print out or copy this page to Notepad. You should not have any open browsers when you are following the procedures below.

Make sure to update Windows at http://windowsupdate.microsoft.com.

Go to My Computer->Tools->Folder Options->View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing/visible also.

Run an online virus scan at TrendMicro or RAV Antivirus. Select the Autoclean option if you use TrendMicro.

Reboot into Safe Mode (hit F8 key until menu shows up).

Make sure to close any open browsers. Go into HijackThis->Config->Misc. Tools->Open process manager. Select the following and click Kill process for each one if they are still listed (they shouldn’t be – but double check it):

C:\WINDOWS\RunDLL.exe

Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist:

SpyHunter – it’s rogueware and we highly recommend that you uninstall it. "Rogue/Suspect" means that these products are of unknown, questionable, or dubious value as anti-spyware protection.

SpyKiller – rogueware

NoAdware - rogueware

Check and fix the following in HijackThis if they still exist (make sure not to miss any):

O4 - HKLM\..\Run: [SpyHunter] C:\PROGRAM FILES\ENIGMA SOFTWARE GROUP\SPYHUNTER\SPYHUNTER.exe
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\RunServices: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O9 - Extra button: RealGuide - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: TREND MICRO HouseCall - {2B5EA4F8-620A-4A8B-B003-4C8C5EBEA826} - http://uk.trendmicro-europe.com/ent...usecall_pre.php (file missing)
O9 - Extra button: Control Pad - {28D44DAC-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\PROGRAM FILES\VERIZON ONLINE\DIAL 4.0\CONTROLPAD\Misc\a_menu.exe (file missing)

Delete the following Files/Folders (delete folders if no filename is specified) according to their directory (if none, just do a search for them) and delete them if they exist:

C:\PROGRAM FILES\ENIGMA SOFTWARE GROUP\
C:\Program Files\SpyKiller\

Reboot into Normal Mode.

After that’s done, restart and post a new HijackThis log file so we can make sure it’s clean.

To help prevent future spyware installations/infections, please read my anti-spyware section and use the tools provided.
 
#3 ·
2nd HijackThis Log

Ran RAV Antivirus with 0 viruses found. Uninstalled SpyHunter, SpyKiller and NoAdware. RunDLL.exe process wasn't running. Deleted Enigma Software Group and SpyKiller. Below is my latest HijackThis Log. Is wucrtupd.exe a bad news file? I thought that W32/Noala.b@MM wrote to this file but all online scans go right past it.
 
#4 ·
Forgot your log paste.....

wucrtupd.exe

CriticalUpdate
Microsoft Windows Critical Update. This program will notify you when security related updates has been released. An excellent way to keep your system secure. Located in "C:\WINDOWS\SYSTEM\" on Windows 98/ME, "C:\WINNT\SYSTEM32" on Windows NT/2000 and "C:\WINDOWS\SYSTEM32" on Windows XP.
 
#5 ·
HijackThis Logfile 2nd try

Logfile of HijackThis v1.98.2
Scan saved at 7:37:00 PM, on 9/9/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSRTE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\WINDOWS\SYSTEM\USBMMKBD.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\SYSTEM\LXSUPMON.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAM FILES\VERIZON ONLINE\DIAL 4.0\VISUALIPINSIGHT\IPCLIENT.EXE
C:\PROGRAM FILES\VERIZON ONLINE\DIAL 4.0\VISUALIPINSIGHT\IPMON32.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSESCN.EXE
C:\PROGRAM FILES\MCAFEE.COM\PERSONAL FIREWALL\MPFTRAY.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\SCANSOFT\NATURALLYSPEAKING\PROGRAM\NATSPEAK.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\PROGRAM FILES\MCAFEE.COM\PERSONAL FIREWALL\MP***ENT.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://cgi.verizon.net/bookmarks/bmredir.asp?region=east&bw=dialin&cd=4.0&bm=ho_search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://cgi.verizon.net/bookmarks/bmredir.asp?region=east&bw=dialin&cd=4.0&bm=ho_search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.go.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.go.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer customized for Verizon Online
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHL.DLL
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [USBMMKBD] usbmmkbd.exe
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\SYSTEM\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\PROGRAM FILES\VERIZON ONLINE\DIAL 4.0\VISUALIPINSIGHT\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\PROGRAM FILES\VERIZON ONLINE\DIAL 4.0\VISUALIPINSIGHT\IPMon32.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\MCAFEE.COM\VSO\MCMNHDLR.EXE" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "C:\PROGRA~1\MCAFEE.COM\VSO\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Encompass_ENCMONTR] C:\Program Files\Easy Internet\ENCMONTR.EXE
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKLM\..\RunServices: [McVsRte] C:\PROGRA~1\MCAFEE.COM\VSO\mcvsrte.exe /embedding
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SPYSWEEPER.EXE" /0
O4 - HKCU\..\RunServices: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\RunServices: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SPYSWEEPER.EXE" /0
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Dragon NaturallySpeaking.lnk = C:\Program Files\ScanSoft\NaturallySpeaking\Program\natspeak.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4389/mcfscan.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
 
#6 ·
Try running the TrendMicro online virus scan using Internet Explorer.

Find and delete if it still exists:

C:\WINDOWS\RunDLL.exe


Restart and post a new log file. Any problems now?
 
#7 ·
Removed Rundll.exe, scanned and new update

Ok. I have removed Rundll.exe while in Safe Mode. HouseCall did not show and viruses. I still have Rundll.lgc, Rundll32.exe and Rundll32.lgc. Do I have to remove these files also? Thanks for all of the help I am getting here.

Logfile of HijackThis v1.98.2
Scan saved at 2:22:26 PM, on 9/14/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSRTE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\WINDOWS\SYSTEM\USBMMKBD.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\SYSTEM\LXSUPMON.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\PROGRAM FILES\VERIZON ONLINE\DIAL 4.0\VISUALIPINSIGHT\IPCLIENT.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAM FILES\VERIZON ONLINE\DIAL 4.0\VISUALIPINSIGHT\IPMON32.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
C:\PROGRAM FILES\MCAFEE.COM\PERSONAL FIREWALL\MPFTRAY.EXE
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSESCN.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\SCANSOFT\NATURALLYSPEAKING\PROGRAM\NATSPEAK.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\PROGRAM FILES\MCAFEE.COM\PERSONAL FIREWALL\MP***ENT.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://cgi.verizon.net/bookmarks/bmredir.asp?region=east&bw=dialin&cd=4.0&bm=ho_search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://cgi.verizon.net/bookmarks/bmredir.asp?region=east&bw=dialin&cd=4.0&bm=ho_search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.go.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.go.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer customized for Verizon Online
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHL.DLL
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [USBMMKBD] usbmmkbd.exe
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\SYSTEM\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\PROGRAM FILES\VERIZON ONLINE\DIAL 4.0\VISUALIPINSIGHT\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\PROGRAM FILES\VERIZON ONLINE\DIAL 4.0\VISUALIPINSIGHT\IPMon32.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\MCAFEE.COM\VSO\MCMNHDLR.EXE" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "C:\PROGRA~1\MCAFEE.COM\VSO\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Encompass_ENCMONTR] C:\Program Files\Easy Internet\ENCMONTR.EXE
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKLM\..\RunServices: [McVsRte] C:\PROGRA~1\MCAFEE.COM\VSO\mcvsrte.exe /embedding
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SPYSWEEPER.EXE" /0
O4 - HKCU\..\RunServices: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\RunServices: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SPYSWEEPER.EXE" /0
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Dragon NaturallySpeaking.lnk = C:\Program Files\ScanSoft\NaturallySpeaking\Program\natspeak.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4389/mcfscan.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
 
#8 ·
Your log looks clean now. Good job. :bgrin:

To help prevent future spyware installations/infections, please read my anti-spyware section and use the tools provided.

Do NOT delete rundll32.exe. You should be safe now. Since you found a file called rundll.lgc, I would suggest deleting that also (probably junk left over).

Any problems now?
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top