Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

LetGoHome.com problem

Started by fliptophead , Apr 29 2005 06:47 AM

  • Please log in to reply

#1
fliptophead
Posted 29 April 2005 - 06:47 AM

fliptophead

    New Member

  • Member
  • Pip
  • 1 posts
I've done this a few different times on several of my friend's computers but this one seems a LOT more full than the others. It's my dad's computer and it's for work (Ace Hardware store). Anyone know what needs to go?

Logfile of HijackThis v1.99.1
Scan saved at 7:45:34 AM, on 4/29/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.50 (5.50.4134.0600)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\3BWYHL1NWKI4M4THD.EXE
C:\WINDOWS\RunDLL.exe
C:\WINDOWS\SYSTEM\70Y3HNXD3UW.EXE
C:\3APPS\CATAPULT\SCHED.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\3APPS\CATAPULT\POS.EXE
C:\WINDOWS\SYSTEM\P32HELP.EXE
C:\3APPS\CATAPULT\APPIPC.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\MY DOCUMENTS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://letgohome.com/hp.htm?id=632
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.113:6588
O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINDOWS\SYSTEM\2SY3TI~1.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Control handler] C:\WINDOWS\SYSTEM\3BWYHL1NWKI4M4THD.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [romahere3] C:\WINDOWS\SYSTEM\70Y3HNXD3UW.EXE
O4 - Startup: Eagle Scheduler.lnk = C:\3apps\Catapult\Sched.exe
O4 - Startup: Eagle Listener.lnk = C:\3apps\Catapult\3listen.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O15 - Trusted Zone: *.acehardware-acenet.com
O16 - DPF: {24B8CB65-C0D2-11D0-A523-444553540000} (AceExplorer Control) - http://ww1.acehardwa...xpl/AceExpl.cab
O16 - DPF: {275E2FE0-7486-11D0-89D6-00A0C90C9B67} (MCSiMenuCtl Class) - http://ww1.acehardwa...Si/McsiMenu.cab
O16 - DPF: {8BF1A503-001F-11D0-A296-00A0246497B9} (ACENET Control) - http://ww1.acehardwa...ENET/ACECTL.CAB
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://65.173.111.11...sCamControl.cab
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://vparivalka.co...::/ieloader.exe
O16 - DPF: {00EF1987-8F7D-1179-5030-3BEE5D007114} - http://69.50.182.94/1/rdgUS1756.exe
O16 - DPF: {38CF7081-C857-4201-A291-096E2A84F9D0} - http://69.50.182.94/1/rdgUS1756.exe
O16 - DPF: {6F4D1EA7-32A6-20A3-38B8-228F0CBF27F4} - http://69.50.182.94/1/rdgUS1756.exe
O16 - DPF: {028F903F-C88B-0244-3341-4043358DAFB5} - http://69.50.182.94/1/rdgUS1756.exe
O16 - DPF: {1E99B181-DF53-4C9E-539B-25AA308E6642} - http://69.50.182.94/1/rdgUS1756.exe
O16 - DPF: {30A0756A-60E1-39A5-56AC-57C9405DEE80} - http://69.50.182.94/1/rdgUS1756.exe
O16 - DPF: {341DF9A3-4E29-3C26-85EC-373016CA5B2F} - http://69.50.182.94/1/rdgUS1756.exe
O16 - DPF: {3F865880-5C3C-1DC0-AF77-3CF01314B2D3} - http://69.50.182.94/1/rdgUS1756.exe
O16 - DPF: {4C0683F2-816A-75B2-A15F-730720FABD09} - http://69.50.182.94/1/rdgUS1756.exe
O16 - DPF: {4F7FAC44-EBFE-5F34-2F88-041724CE0619} - http://69.50.182.94/1/rdgUS1756.exe
O16 - DPF: {1B48F2E0-B7BD-6F96-468F-2B6E2A8FEFAC} - http://69.50.182.94/1/rdgUS1756.exe
O16 - DPF: {324A19C6-247D-2B7E-9AB7-57262D6A3CA8} - http://69.50.182.94/1/rdgUS1756.exe
O16 - DPF: {58CF9217-9A68-31C7-E504-6C86397CE96B} - http://69.50.182.94/1/rdgUS1756.exe
O16 - DPF: {600C6B26-CC4A-19F8-AAF3-02FD7A3FEA9A} - http://69.50.182.94/1/rdgUS1756.exe
O16 - DPF: {5AD66418-8886-2506-45E8-1BBA4230FEB6} - http://69.50.182.94/1/rdgUS1756.exe
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 65.83.241.181,67.32.118.43

Edited by fliptophead, 29 April 2005 - 09:21 AM.

  • 0

Advertisements

#2
coachwife6
Posted 30 April 2005 - 09:55 PM

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Hi fliptophead. Welcome to GTG. :)

Ace Hardware, huh? Will John Madden come paint my house if we get this fixed? :tazz:

What is your anti-viral? Do you have one, and is it active or do you use it just to scan? If you don't have one, get one immediately.

CheckHere

Internet Explorer is also out of date. Microsoft Update Update IE after we get this fixed. ;)

OK. Let's get this fixed.

You Have a CoolWebSearch Infection.
Please Download CoolWebShredder, from http://www.geekstogo.com/modules.php?modid=5&action=download&id=17 , Extract it & run the program. Click the Next Button & let it scan. Make sure you let it fix all CWS Remnants. Afterwards, Please Post a fresh Hijack This log.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://letgohome.com/hp.htm?id=632

O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINDOWS\SYSTEM\2SY3TI~1.DLL

O4 - HKLM\..\Run: [Control handler] C:\WINDOWS\SYSTEM\3BWYHL1NWKI4M4THD.EXE
O4 - HKCU\..\Run: [romahere3] C:\WINDOWS\SYSTEM\70Y3HNXD3UW.EXE

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://vparivalka.co...::/ieloader.exe
O16 - DPF: {00EF1987-8F7D-1179-5030-3BEE5D007114} - http://69.50.182.94/1/rdgUS1756.exe
O16 - DPF: {38CF7081-C857-4201-A291-096E2A84F9D0} - http://69.50.182.94/1/rdgUS1756.exe
O16 - DPF: {6F4D1EA7-32A6-20A3-38B8-228F0CBF27F4} - http://69.50.182.94/1/rdgUS1756.exe
O16 - DPF: {028F903F-C88B-0244-3341-4043358DAFB5} - http://69.50.182.94/1/rdgUS1756.exe
O16 - DPF: {1E99B181-DF53-4C9E-539B-25AA308E6642} - http://69.50.182.94/1/rdgUS1756.exe
O16 - DPF: {30A0756A-60E1-39A5-56AC-57C9405DEE80} - http://69.50.182.94/1/rdgUS1756.exe
O16 - DPF: {341DF9A3-4E29-3C26-85EC-373016CA5B2F} - http://69.50.182.94/1/rdgUS1756.exe
O16 - DPF: {3F865880-5C3C-1DC0-AF77-3CF01314B2D3} - http://69.50.182.94/1/rdgUS1756.exe
O16 - DPF: {4C0683F2-816A-75B2-A15F-730720FABD09} - http://69.50.182.94/1/rdgUS1756.exe
O16 - DPF: {4F7FAC44-EBFE-5F34-2F88-041724CE0619} - http://69.50.182.94/1/rdgUS1756.exe
O16 - DPF: {1B48F2E0-B7BD-6F96-468F-2B6E2A8FEFAC} - http://69.50.182.94/1/rdgUS1756.exe
O16 - DPF: {324A19C6-247D-2B7E-9AB7-57262D6A3CA8} - http://69.50.182.94/1/rdgUS1756.exe
O16 - DPF: {58CF9217-9A68-31C7-E504-6C86397CE96B} - http://69.50.182.94/1/rdgUS1756.exe
O16 - DPF: {600C6B26-CC4A-19F8-AAF3-02FD7A3FEA9A} - http://69.50.182.94/1/rdgUS1756.exe
O16 - DPF: {5AD66418-8886-2506-45E8-1BBA4230FEB6} - http://69.50.182.94/1/rdgUS1756.exe

O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
(Description: Only appears in MSCONFIG if you have a Display Settings icon in the System Tray allowing resolution changes on the fly. Can also be disabled under Control Panel -> Display -> Settings -> Advanced -> General. Also appears if you have Win95 with the QuickRes "Powertoy" installed. This is unnecessary and can be removed to free up system

Please reboot into safe mode (continually tap the F8 key while your system is starting, select Safe Mode from the menu).
Be sure you're able to view hidden files, and remove the following files in bold (if found):


C:\WINDOWS\SYSTEM\P32HELP.EXE
C:\WINDOWS\SYSTEM\3BWYHL1NWKI4M4THD.EXE
C:\WINDOWS\SYSTEM\70Y3HNXD3UW.EXE
C:\WINDOWS\SYSTEM\2SY3TI~1.DLL

Please delete your temporary files by deleting all files and folders that are in those folders (do not delete the temp folder itself) like for example
C:\WINDOWS\Temp\
C:\Temp\
C:\Documents and Settings\username\Local Settings\Temp\
Also delete your Temporary Internet Files, be sure to also select delete all offline content.

Reboot and post a newlog. ;)

How many times have you had problems with the computers at the store? These are XPs and this one is a 98.

http://www.techsuppo...hp/t-22150.html
http://forums.us.del...message.id=5812
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP