Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't Access Tm House Call, My Bank Acct, Etc.


  • Please log in to reply
1 reply to this topic

#1 mhd

mhd

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:07 AM

Posted 22 July 2006 - 04:49 PM

Am I hijacked? Eudora not responding correctly to "Close" command, got error msg trying to access Trend Micro House Call. Scans by Trend Micro/Adaware/Spybot all say nothing's wrong. Can someone look atmy log to see if I have a problem?

Logfile of HijackThis v1.99.1
Scan saved at 4:42:17 PM, on 7/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\system32\clipsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PCCTLCOM.EXE
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TMPFW.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\SM1BG.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\SYSTEM32\XPAGENT.EXE
C:\WINDOWS\SYSTEM32\MSAGENTXP.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\SYSTEM32\PMSPL.EXE
C:\WINDOWS\System32\svchost.exe
C:\PROGRAM FILES\QUALCOMM\EUDORA\EUDORA.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRA~1\TRENDM~1\INTERN~2\TMPROXY.EXE
C:\Program Files\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

O2 - BHO: Trend Micro Antifraud Toolbar - {06647158-359E-4D10-A8DE-E6145DA90BE9} - C:\PROGRA~1\TRENDM~1\INTERN~2\PccIeBar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Trend Micro Antifraud Toolbar - {871F91FD-3A92-4988-A842-16AB2CFF5AF1} - C:\PROGRA~1\TRENDM~1\INTERN~2\PccIeBar.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [XPAGENT] C:\WINDOWS\SYSTEM32\XPAGENT.EXE
O4 - HKCU\..\Run: [MSAGENTXP] C:\WINDOWS\SYSTEM32\MSAGENTXP.EXE
O4 - HKCU\..\Run: [pstorec] "C:\WINDOWS\system32\pstorec.exe"
O4 - HKCU\..\Run: [wzcsvc] "C:\WINDOWS\system32\wzcsvc.exe"
O4 - HKCU\..\Run: [d3d8thk] "C:\WINDOWS\system32\d3d8thk.exe"
O4 - HKCU\..\Run: [ntmsevt] "C:\WINDOWS\system32\ntmsevt.exe"
O4 - HKCU\..\Run: [netui2] "C:\WINDOWS\system32\netui2.exe"
O4 - HKCU\..\Run: [msvbvm60] "C:\WINDOWS\system32\msvbvm60.exe"
O4 - HKCU\..\Run: [kbdhe] "C:\WINDOWS\system32\kbdhe.exe"
O4 - HKCU\..\Run: [wow32] "C:\WINDOWS\system32\wow32.exe"
O4 - HKCU\..\Run: [ws2_32] "C:\WINDOWS\system32\ws2_32.exe"
O4 - HKCU\..\Run: [lfbmp10n] "C:\WINDOWS\system32\lfbmp10n.exe"
O4 - HKCU\..\Run: [rasmxs] "C:\WINDOWS\system32\rasmxs.exe"
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [winhttp] "C:\WINDOWS\system32\winhttp.exe"
O4 - HKCU\..\Run: [wtsapi32] "C:\WINDOWS\system32\wtsapi32.exe"
O4 - HKCU\..\Run: [iphlpapi] "C:\WINDOWS\system32\iphlpapi.exe"
O4 - HKCU\..\Run: [setupapi] "C:\WINDOWS\system32\setupapi.exe"
O4 - HKCU\..\Run: [lfawd12n] "C:\WINDOWS\system32\lfawd12n.exe"
O4 - HKCU\..\Run: [clusapi] "C:\WINDOWS\system32\clusapi.exe"
O4 - HKCU\..\Run: [spxcoins] "C:\WINDOWS\system32\spxcoins.exe"
O4 - HKCU\..\Run: [mfc42enu] "C:\WINDOWS\system32\mfc42enu.exe"
O4 - HKCU\..\Run: [cewmdm] "C:\WINDOWS\system32\cewmdm.exe"
O4 - HKCU\..\Run: [vb5db] "C:\WINDOWS\system32\vb5db.exe"
O4 - HKCU\..\Run: [dpwsock] "C:\WINDOWS\system32\dpwsock.exe"
O4 - HKCU\..\Run: [inetcfg] "C:\WINDOWS\system32\inetcfg.exe"
O4 - HKCU\..\Run: [vmmanager] C:\WINDOWS\system32\vmmanager.exe
O4 - HKCU\..\Run: [mll_hp] C:\WINDOWS\system32\mll_hp.exe
O4 - HKCU\..\Run: [wsock32] C:\WINDOWS\system32\wsock32.exe
O4 - HKCU\..\Run: [pmspl] C:\WINDOWS\system32\pmspl.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://servicecenter.antivirus.com
O15 - Trusted Zone: http://www.ctchouston.org
O15 - Trusted Zone: http://www.hcad.org
O15 - Trusted Zone: http://www.myvaluecentral.com
O15 - Trusted Zone: http://www.woodland-heights.org
O15 - Trusted Zone: http://*.woodland-heights.org
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1129136676109
O16 - DPF: {712362BF-E411-4F43-99D2-EB15F80AF1DB} (MsneDiag Class) - http://entimg.msn.com/client/msnediag3503.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe

BC AdBot (Login to Remove)

 


#2 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:03:07 AM

Posted 23 July 2006 - 04:23 PM

Download the trial version of Ewido Security Suite http://www.ewido.net/en/download/ (W2K/XP Only)
Install ewido.
Run the application
Click on scanner
Click Complete System Scan and the scan will begin.
When the scan is finished, Set all items to delete
Apply all actions
look at the bottom of the screen and click the Save report button.
Save the report to your C: Drive
This will take some time to run!
RE-Boot
Post that log and a new HiJack log
"Nothing could be finer than to be in South Carolina ............"

Member ASAP




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users