1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Pest Problems.

Discussion in 'Business Applications' started by TomMiller, Feb 7, 2005.

Thread Status:
Not open for further replies.
Advertisement
  1. TomMiller

    TomMiller Thread Starter

    Joined:
    Nov 10, 2004
    Messages:
    48
    Hi, I have a PC on a network at work that has a lot of pest problems. I have ran ad-aware, pest patrol and spy bot but there are still some pests on the PC. If I was to post a log using Hijack This! would somebody be kind enough to take a look?

    Thanks.
    Tom. (y)
     
  2. DaveBurnett

    DaveBurnett Account Closed

    Joined:
    Nov 11, 2002
    Messages:
    12,970
  3. TomMiller

    TomMiller Thread Starter

    Joined:
    Nov 10, 2004
    Messages:
    48
    Thanks, ill get up to the PC at some point this afternoon and post the log. Thanks a lot.
     
  4. TomMiller

    TomMiller Thread Starter

    Joined:
    Nov 10, 2004
    Messages:
    48
    The log. Thanks again.

    Logfile of HijackThis v1.97.7
    Scan saved at 13:19:09, on 07/02/2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\MS\SMS\clicomp\apa\Bin\smsapm32.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\igfxtray.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
    C:\Program Files\RightFax\faxctrl.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\RPDFLchr.exe
    C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE
    C:\WINDOWS\MS\SMS\CORE\BIN\LAUNCH32.EXE
    C:\PROGRA~1\CA\ETRUST~1\realmon.exe
    C:\WINDOWS\MS\SMS\CLICOMP\SWDist32\bin\smsmon32.exe
    C:\Program Files\Microsoft Office\Office10\msoffice.exe
    C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
    C:\WINDOWS\msagent\AgentSvr.exe
    C:\rrclient\tcgmain.exe
    C:\Program Files\CA\eTrust Antivirus\InocIT.exe
    Z:\application installation folder\adware_eliminators\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\jlh\LOCALS~1\Temp\sp.dll/sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\jlh\LOCALS~1\Temp\sp.dll/sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://walkermorris
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Walker Morris
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = mailsweeper01:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://freehome.walkermorris.com;www.walkermorrisonline.com;www.walkermorrisonline.co.uk;www.walkermorris.com;reach.walkermorris.com;mre.walkermorris.com;www.walkermorriscollect.com;referrer.walkermorrisonline.com;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    O1 - Hosts: 126.0.0.76 Cantrill
    O1 - Hosts: 126.0.0.1 wm
    O1 - Hosts: 126.0.0.4 Smart
    O1 - Hosts: 126.0.0.19 Crystal01
    O1 - Hosts: 126.0.0.124 SMS03
    O1 - Hosts: 126.0.100.1 Walker
    O1 - Hosts: 126.0.100.6 ITDEV
    O1 - Hosts: 126.0.0.135 MUDD
    O1 - Hosts: 126.0.0.135 Exchange01
    O1 - Hosts: 126.0.100.8 IT
    O1 - Hosts: :126.0.0.7 Scott accounts
    O1 - Hosts: 126.0.0.47 chase1
    O1 - Hosts: 126.0.0.48 chase2
    O1 - Hosts: 126.0.0.49 volsales
    O1 - Hosts: 126.0.0.50 CallXpress
    O1 - Hosts: 126.0.0.60 caisley
    O1 - Hosts: 126.0.0.61 FINANCE
    O1 - Hosts: 126.0.0.61 Knowledge
    O1 - Hosts: 126.0.0.77 Rightfax
    O1 - Hosts: 126.0.0.97 beck
    O1 - Hosts: 126.0.0.99 ITDEVELOPMENT
    O1 - Hosts: 126.0.0.119 IFAX1
    O1 - Hosts: 126.0.0.121 IFAX2
    O1 - Hosts: 126.0.0.123 IFAX3
    O1 - Hosts: 126.0.0.129 FILEPRINT01
    O1 - Hosts: 195.166.13.131 WWW.LRDIRECT.CO.UK
    O1 - Hosts: 126.0.0.110 EXTRANET01
    O1 - Hosts: 126.0.0.157 EXTRANET02
    O1 - Hosts: 126.0.0.156 TMSServer
    O1 - Hosts: 126.0.0.158 SQL02
    O1 - Hosts: 126.0.0.159 INTRANET02
    O1 - Hosts: 126.0.0.159 CaseNet
    O1 - Hosts: 126.0.0.160 ITDev2000
    O1 - Hosts: 126.0.0.135 EXCHANGE01
    O1 - Hosts: 126.0.0.227 Exchange02
    O1 - Hosts: 126.0.0.233 Marketing01
    O1 - Hosts: :added by WZC 24/09/2002
    O1 - Hosts: 126.0.0.110 www.walkermorrisonline.com
    O1 - Hosts: 126.0.0.110 www.walkermorriscollect.com
    O1 - Hosts: 126.0.0.110 www.onestopclaimshop.com
    O1 - Hosts: 126.0.0.110 reach.walkermorris.com
    O1 - Hosts: 126.0.0.110 mre.walkermorris.com
    O1 - Hosts: 126.0.0.110 ippo.walkermorris.com
    O1 - Hosts: 126.0.0.110 freehome.walkermorris.com
    O1 - Hosts: 126.0.0.157 www.walkermorris.com
    O1 - Hosts: 126.0.0.157 www.bosscot.co.uk
    O1 - Hosts: 126.0.0.157 referrer.walkermorrisonline.com
    O1 - Hosts: 126.0.0.157 www.bosscot.co.uk
    O1 - Hosts: 126.0.0.157 www.global.bosscot.co.uk
    O1 - Hosts: 126.0.0.110 www.walkermorrisonline.co.uk
    O1 - Hosts: : ***********************************
    O1 - Hosts: : Latest Host file
    O1 - Hosts: : Added 6/5/03
    O1 - Hosts: : *************************
    O1 - Hosts: : Added
    O1 - Hosts: : -----
    O1 - Hosts: : Cantrill 126.0.0.76 - MAA - 6/5/03
    O1 - Hosts: : SMS03 126.0.0.124 - MAA - 8/5/03
    O1 - Hosts: : 126.0.0.157 www.bosscot.co.uk - MAA - 8/7/03
    O1 - Hosts: :
    O1 - Hosts: : -----------------------------------
    O1 - Hosts: :: Removed
    O1 - Hosts: : -------
    O1 - Hosts: : SMS01 126.0.100.5 - MAA - 8/5/03
    O1 - Hosts: :
    O1 - Hosts: :
    O1 - Hosts: : **********************************
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {E7AB695D-F7C0-43F8-8467-38E7CDEF11AB} - C:\WINDOWS\System32\ebmo.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
    O4 - HKLM\..\Run: [Background Information] c:\windows\bginfo.exe /i:c:\windows\wm.bgi /timer=0
    O4 - HKLM\..\Run: [RightFAX Print-to-Fax Driver] C:\Program Files\RightFax\faxctrl.exe
    O4 - HKLM\..\Run: [RoboPDF] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\RPDFLchr.exe
    O4 - HKLM\..\Run: [ChkAdmin] C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE
    O4 - HKLM\..\Run: [SMS Application Launcher] C:\WINDOWS\MS\SMS\CORE\BIN\LAUNCH32.EXE
    O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
    O4 - Startup: Genesis2.LNK = ?
    O4 - Global Startup: Genesis2.lnk = ?
    O4 - Global Startup: Microsoft Office Shortcut Bar.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Escorted Browsing (HKLM)
    O9 - Extra 'Tools' menuitem: Escorted Browsing (HKLM)
    O9 - Extra button: Send This Page (HKLM)
    O9 - Extra 'Tools' menuitem: Send This Page (HKLM)
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O14 - IERESET.INF: START_PAGE_URL=http://walkermorris
    O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - file://H:\WP\IT\PPE\Macromedia\Full\awswaxf.cab
    O16 - DPF: {20EB4AAE-9330-11D2-B2BE-00600854D84F} (WMTreeViewControl.WMTreeView) - http://knowledge/install/wm/WMTreeView.CAB
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
    O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37867.0931828704
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = walkermorris.co.uk
    O17 - HKLM\Software\..\Telephony: DomainName = walkermorris.co.uk
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = walkermorris.co.uk
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = walkermorris.co.uk
     
  5. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Download but don’t run CWShredder http://www.intermute.com/spysubtract/cwshredder_download.html

    Print this and boot to safe mode

    Open cwshredder.exe then click "Fix" and let it run.

    Fix these with HJT

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\jlh\LOCALS~1\Temp\sp.dll/sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\jlh\LOCALS~1\Temp\sp.dll/sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

    O2 - BHO: (no name) - {E7AB695D-F7C0-43F8-8467-38E7CDEF11AB} - C:\WINDOWS\System32\ebmo.dll

    View Hidden Files
    Open Windows Explorer. Go to Tools, Folder Options and click on the View tab.
    Make sure that "Show hidden files and folders" is checked.
    Also uncheck "Hide protected operating system files".
    Now click "Apply to all folders", Click "Apply" then "OK"

    Delete these files

    C:\WINDOWS\System32\ebmo.dll

    START – RUN – key in %temp% - Edit – Select all – File – Delete
    Empty the recycle bin
    Boot and post a new log
     
  6. TomMiller

    TomMiller Thread Starter

    Joined:
    Nov 10, 2004
    Messages:
    48
    Thank you very much for your help. This has fixed my problems with the user.

    Regards,
    Tom.
     
  7. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Pest Problems
  1. ozziebeanie
    Replies:
    7
    Views:
    329
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/327683

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice