Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Difficulty Removing "Callinghome.biz"[RESOLVED]


  • This topic is locked This topic is locked

#1
echangnd

echangnd

    New Member

  • Member
  • Pip
  • 5 posts
Hi there,
If someone can help me get rid of whatever is causing this recent flood of popups, i'd greatly appreciate it. After using all the programs, it seems like "callinghome.biz" keeps on coming up and spybot and everything else doesn't seem to know how to remove it.
Thank-you!
Emily

Logfile of HijackThis v1.99.1
Scan saved at 1:52:00 AM, on 3/23/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRAM FILES\THINKPAD\CONNECTUTILITIES\QCWLICON.EXE
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRAM FILES\THINKPAD\CONNECTUTILITIES\QCTRAY.EXE
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\WINDOWS\System32\exp.exe
C:\WINDOWS\System32\wintask.exe
C:\WINDOWS\System32\mak10.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\system\urtw.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\ssisvr32.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\WINDOWS\System32\locinpun.exe
C:\WINDOWS\System32\1XConfig.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Emily Chang\Local Settings\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Emily Chang\Local Settings\Temp\Temporary Directory 4 for hijackthis[1].zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.cnn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: DLMaxObj Class - {00000000-59D4-4008-9058-080011001200} - C:\WINDOWS\dlmax.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ohb - {999A06FF-10EF-4A29-8640-69E99882C26B} - C:\WINDOWS\System32\rtneg2.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QCWLIcon] C:\PROGRAM FILES\THINKPAD\CONNECTUTILITIES\QCWLICON.EXE
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [QCTray] C:\PROGRAM FILES\THINKPAD\CONNECTUTILITIES\QCTRAY.EXE
O4 - HKLM\..\Run: [PaciSoft] C:\WINDOWS\System32\pacis.exe
O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\System32\exp.exe
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\System32\wintask.exe
O4 - HKLM\..\Run: [tF9k34T] mak10.exe
O4 - HKLM\..\Run: [etbrun] C:\windows\system32\eliteino32.exe
O4 - HKLM\..\Run: [wytqcq] c:\windows\system32\wytqcq.exe
O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
O4 - HKLM\..\RunOnce: [AAW] "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" "+b1"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [coqqRQfme] locinpun.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java141\jre\bin\NPJPI141.dll
O9 - Extra 'Tools' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java141\jre\bin\NPJPI141.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O11 - Options group: [JAVA_IBM] Java (IBM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www.pc.ibm.c...er/IbmEgath.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zon...ry/ZAxRcMgr.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.c...ropper1_4us.cab
O16 - DPF: {C0B285F6-DB2B-4908-9C58-F6D95397D747} - http://www.pacimedia...ll/pcs_0002.exe
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O20 - Winlogon Notify: GoToMyPC - C:\WINDOWS\SYSTEM32\G2WinLogon.dll
O20 - Winlogon Notify: QConGina - C:\WINDOWS\SYSTEM32\QConGina.dll
O20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
O23 - Service: GoToMyPC - Unknown owner - C:\Program Files\Citrix\GoToMyPC\g2svc.exe" -service (file missing)
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Software Secure Service (SSISvr32) - SoftwareSecure Inc - C:\WINDOWS\system32\ssisvr32.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
  • 0

Advertisements


#2
amunra

amunra

    Member

  • Member
  • PipPipPip
  • 112 posts
First of all I would not reccomed using hijack this unless you know what you are doing. For the popups I would say run Spybot search and destroy along with Adaware. This should stop the popups.

Tim
  • 0

#3
echangnd

echangnd

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Tim, thanks for responding. I used both spybot and adaware numerous times and it hasn't taken care of the problem.
Emily
  • 0

#4
amunra

amunra

    Member

  • Member
  • PipPipPip
  • 112 posts
Have you used hijack this before? If so try deleting the file that is causing the popups.
  • 0

#5
echangnd

echangnd

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Tim,
I looked for it and I couldn't find it; I didn't know specifically which one is safe to delete.
thanks for your help,
Emily
  • 0

#6
amunra

amunra

    Member

  • Member
  • PipPipPip
  • 112 posts
Give me a minute and I will google the hijack this.
  • 0

#7
amunra

amunra

    Member

  • Member
  • PipPipPip
  • 112 posts
HijackThis tutorial

That is the link to the hijack this tutorial
  • 0

#8
echangnd

echangnd

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
i read that; i need to know what entries to remove.
Thanks,
Emily
  • 0

#9
amunra

amunra

    Member

  • Member
  • PipPipPip
  • 112 posts
I looked through the log and did not find anything sticking out that would cause the problem. Do the popups come from every site or just surten ones? Have you tried a popup blocker?
  • 0

#10
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Hi Emily and welcome
Sorry for the late reply the board has been really busy lately,
If your still looking to resolve this issue,

Please run through all the steps outlined in this Topic
Post back a fresh log when done please

You do have some items in your log that need to be removed, But please run through the steps listed in the Topic above to remove what it can first,

If you have resolved this issue please let us know.

Thanks and again sorry for the late reply

Don
  • 0

#11
echangnd

echangnd

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Don,
Thanks for replying. It turned out that there was something wrong with my AOL Instant Messenger which was triggering like 50 popups all at once. I took care of it though. Thanks so much though.
Best,
Emily
  • 0

#12
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Well that may have solved your pop up problem, But the log you have posted above has some worms and trojans running,
I would suggest running a fresh scan with HJT and posting back a new log,

Also you don't want HJt running from a Temp folder,

You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it hjt.
Move HJT into this new folder,

Its your call however,

Don
  • 0

#13
mtnokc

mtnokc

    New Member

  • Member
  • Pip
  • 1 posts
CallingHome.Biz can be removed by running Microsoft AntiSpyware (Beta) program
  • 0

#14
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP