Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works

cannot remove "letgohome" & "here4search"

  • Please log in to reply




  • Member
  • PipPip
  • 40 posts
My browser has been hijacked. I've read the archives and tried the directions for removal but it didn't take it out.

I ran ad-aware, after using the settings I saw on another post. It said it removed the spyware, but as soon as I reconnected to the net, it was back. Here is my log:

Logfile of HijackThis v1.98.2
Scan saved at 7:31:29 AM, on 4/15/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Microsoft AntiSpyware\GIANTAntiSpywareMain.exe
C:\Documents and Settings\Dana\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://letgohome.com/hp.htm?id=9
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINDOWS\System32\75626K~1.DLL
O3 - Toolbar: (no name) - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - (no file)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\RunOnce: [MicrosoftAntiSpywareCleaner] C:\Program Files\Microsoft AntiSpyware\gcASCleaner.exe
O4 - HKLM\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Microsoft AntiSpyware helper - {9EEF50AD-63C2-4EA0-B6B7-F41F692B70F2} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {9EEF50AD-63C2-4EA0-B6B7-F41F692B70F2} - (no file) (HKCU)
O9 - Extra button: (no name) - {BE2F2769-8A63-4bc7-8A99-06C2C4AD7B9B} - (no file) (HKCU)
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} (PopCapLoaderCtrl Class) - http://zone.msn.com/...pcaploader1.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai....23/cpbrkpie.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab32846.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://anu.popcap.co...aploader_v6.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot....ownload/kdx.cab
O20 - AppInit_DLLs: orzd8nyirv8mx7.dll

Here is one object that always remain after I hit "fix" of HJT:

O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINDOWS\System32\75626K~1.DLL

This BHO's name changes almost everytime. I've tried Killbox, it just changed its name and came back. My computer won't restart in safe mode at all.

One more thing. This is the message that popped up on my desktop last night:

"Security Warning. A fatal error has occured at 0028:C0011E36 in VXD VMM(01)+ 00010E36. Error caused by Trojan-Spy. HTML.Smitfraud. System cannot function in normal mode.

If anyone can help, I'd be grateful. I've been pulling my hair out. If only there was a way to reach through computer monitors and throttle these people!!
  • 0




    Member 1K

  • Retired Staff
  • 1,411 posts
Hi there,

You have a new infection that has shown to be difficult to remove.

First things first, let's disable your protection programs that may interfere with the fix. We will reenable them later.

Right click on the Microsoft AntiSpyware icon (looks like a target) and click on Security Agents Status (Enabled) and click on Disable Real-time Protection.

You may have a CoolWebSearch infection.

Download CWShredder here to its own folder.

Update and Run CWShredder

* Open CWShredder and click I AGREE
* Click Check For Update
* Run CWShredder
* Click I Agree, then Fix and then Next, let it fix everything it asks about.
* Reboot your computer


Please run a free online virus scan here (tick the "Auto Clean" checkbox):

And a free trojan scan here:

Go here and get your Windows Updates. You need to get Service Pack 1, or else us helping you is just a waste as the infection will come right back.

Finally, post a new HijackThis log with the latest version of HijackThis, 1.99.1, which can be downloaded here.

One last thing, what happens when you try to boot into safe mode?
  • 0



    New Member

  • Member
  • Pip
  • 2 posts
:tazz: I had the same problem with letgohome and here4search. I followed your instructions and used the software you indicated and it cleand it out. I am going to wait a bit before I turn my System Restore back on, but everything looks good now. Thanks

Edited by chip4par, 29 April 2005 - 11:51 AM.

  • 0

Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP