Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

LetGoHome.com problem


  • Please log in to reply

#1
fliptophead

fliptophead

    New Member

  • Member
  • Pip
  • 1 posts
I've done this a few different times on several of my friend's computers but this one seems a LOT more full than the others. It's my dad's computer and it's for work (Ace Hardware store). Anyone know what needs to go?

Logfile of HijackThis v1.99.1
Scan saved at 7:45:34 AM, on 4/29/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.50 (5.50.4134.0600)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\3BWYHL1NWKI4M4THD.EXE
C:\WINDOWS\RunDLL.exe
C:\WINDOWS\SYSTEM\70Y3HNXD3UW.EXE
C:\3APPS\CATAPULT\SCHED.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\3APPS\CATAPULT\POS.EXE
C:\WINDOWS\SYSTEM\P32HELP.EXE
C:\3APPS\CATAPULT\APPIPC.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\MY DOCUMENTS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://letgohome.com/hp.htm?id=632
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.113:6588
O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINDOWS\SYSTEM\2SY3TI~1.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Control handler] C:\WINDOWS\SYSTEM\3BWYHL1NWKI4M4THD.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [romahere3] C:\WINDOWS\SYSTEM\70Y3HNXD3UW.EXE
O4 - Startup: Eagle Scheduler.lnk = C:\3apps\Catapult\Sched.exe
O4 - Startup: Eagle Listener.lnk = C:\3apps\Catapult\3listen.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O15 - Trusted Zone: *.acehardware-acenet.com
O16 - DPF: {24B8CB65-C0D2-11D0-A523-444553540000} (AceExplorer Control) - http://ww1.acehardwa...xpl/AceExpl.cab
O16 - DPF: {275E2FE0-7486-11D0-89D6-00A0C90C9B67} (MCSiMenuCtl Class) - http://ww1.acehardwa...Si/McsiMenu.cab
O16 - DPF: {8BF1A503-001F-11D0-A296-00A0246497B9} (ACENET Control) - http://ww1.acehardwa...ENET/ACECTL.CAB
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://65.173.111.11...sCamControl.cab
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://vparivalka.co...::/ieloader.exe
O16 - DPF: {00EF1987-8F7D-1179-5030-3BEE5D007114} - http://69.50.182.94/1/rdgUS1756.exe
O16 - DPF: {38CF7081-C857-4201-A291-096E2A84F9D0} - http://69.50.182.94/1/rdgUS1756.exe
O16 - DPF: {6F4D1EA7-32A6-20A3-38B8-228F0CBF27F4} - http://69.50.182.94/1/rdgUS1756.exe
O16 - DPF: {028F903F-C88B-0244-3341-4043358DAFB5} - http://69.50.182.94/1/rdgUS1756.exe
O16 - DPF: {1E99B181-DF53-4C9E-539B-25AA308E6642} - http://69.50.182.94/1/rdgUS1756.exe
O16 - DPF: {30A0756A-60E1-39A5-56AC-57C9405DEE80} - http://69.50.182.94/1/rdgUS1756.exe
O16 - DPF: {341DF9A3-4E29-3C26-85EC-373016CA5B2F} - http://69.50.182.94/1/rdgUS1756.exe
O16 - DPF: {3F865880-5C3C-1DC0-AF77-3CF01314B2D3} - http://69.50.182.94/1/rdgUS1756.exe
O16 - DPF: {4C0683F2-816A-75B2-A15F-730720FABD09} - http://69.50.182.94/1/rdgUS1756.exe
O16 - DPF: {4F7FAC44-EBFE-5F34-2F88-041724CE0619} - http://69.50.182.94/1/rdgUS1756.exe
O16 - DPF: {1B48F2E0-B7BD-6F96-468F-2B6E2A8FEFAC} - http://69.50.182.94/1/rdgUS1756.exe
O16 - DPF: {324A19C6-247D-2B7E-9AB7-57262D6A3CA8} - http://69.50.182.94/1/rdgUS1756.exe
O16 - DPF: {58CF9217-9A68-31C7-E504-6C86397CE96B} - http://69.50.182.94/1/rdgUS1756.exe
O16 - DPF: {600C6B26-CC4A-19F8-AAF3-02FD7A3FEA9A} - http://69.50.182.94/1/rdgUS1756.exe
O16 - DPF: {5AD66418-8886-2506-45E8-1BBA4230FEB6} - http://69.50.182.94/1/rdgUS1756.exe
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 65.83.241.181,67.32.118.43

Edited by fliptophead, 29 April 2005 - 09:21 AM.

  • 0

Advertisements


#2
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Hi fliptophead. Welcome to GTG. :)

Ace Hardware, huh? Will John Madden come paint my house if we get this fixed? :tazz:

What is your anti-viral? Do you have one, and is it active or do you use it just to scan? If you don't have one, get one immediately.

CheckHere

Internet Explorer is also out of date. Microsoft Update Update IE after we get this fixed. ;)

OK. Let's get this fixed.

You Have a CoolWebSearch Infection.
Please Download CoolWebShredder, from http://www.geekstogo.com/modules.php?modid=5&action=download&id=17 , Extract it & run the program. Click the Next Button & let it scan. Make sure you let it fix all CWS Remnants. Afterwards, Please Post a fresh Hijack This log.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://letgohome.com/hp.htm?id=632

O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINDOWS\SYSTEM\2SY3TI~1.DLL

O4 - HKLM\..\Run: [Control handler] C:\WINDOWS\SYSTEM\3BWYHL1NWKI4M4THD.EXE
O4 - HKCU\..\Run: [romahere3] C:\WINDOWS\SYSTEM\70Y3HNXD3UW.EXE

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://vparivalka.co...::/ieloader.exe
O16 - DPF: {00EF1987-8F7D-1179-5030-3BEE5D007114} - http://69.50.182.94/1/rdgUS1756.exe
O16 - DPF: {38CF7081-C857-4201-A291-096E2A84F9D0} - http://69.50.182.94/1/rdgUS1756.exe
O16 - DPF: {6F4D1EA7-32A6-20A3-38B8-228F0CBF27F4} - http://69.50.182.94/1/rdgUS1756.exe
O16 - DPF: {028F903F-C88B-0244-3341-4043358DAFB5} - http://69.50.182.94/1/rdgUS1756.exe
O16 - DPF: {1E99B181-DF53-4C9E-539B-25AA308E6642} - http://69.50.182.94/1/rdgUS1756.exe
O16 - DPF: {30A0756A-60E1-39A5-56AC-57C9405DEE80} - http://69.50.182.94/1/rdgUS1756.exe
O16 - DPF: {341DF9A3-4E29-3C26-85EC-373016CA5B2F} - http://69.50.182.94/1/rdgUS1756.exe
O16 - DPF: {3F865880-5C3C-1DC0-AF77-3CF01314B2D3} - http://69.50.182.94/1/rdgUS1756.exe
O16 - DPF: {4C0683F2-816A-75B2-A15F-730720FABD09} - http://69.50.182.94/1/rdgUS1756.exe
O16 - DPF: {4F7FAC44-EBFE-5F34-2F88-041724CE0619} - http://69.50.182.94/1/rdgUS1756.exe
O16 - DPF: {1B48F2E0-B7BD-6F96-468F-2B6E2A8FEFAC} - http://69.50.182.94/1/rdgUS1756.exe
O16 - DPF: {324A19C6-247D-2B7E-9AB7-57262D6A3CA8} - http://69.50.182.94/1/rdgUS1756.exe
O16 - DPF: {58CF9217-9A68-31C7-E504-6C86397CE96B} - http://69.50.182.94/1/rdgUS1756.exe
O16 - DPF: {600C6B26-CC4A-19F8-AAF3-02FD7A3FEA9A} - http://69.50.182.94/1/rdgUS1756.exe
O16 - DPF: {5AD66418-8886-2506-45E8-1BBA4230FEB6} - http://69.50.182.94/1/rdgUS1756.exe

O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
(Description: Only appears in MSCONFIG if you have a Display Settings icon in the System Tray allowing resolution changes on the fly. Can also be disabled under Control Panel -> Display -> Settings -> Advanced -> General. Also appears if you have Win95 with the QuickRes "Powertoy" installed. This is unnecessary and can be removed to free up system

Please reboot into safe mode (continually tap the F8 key while your system is starting, select Safe Mode from the menu).
Be sure you're able to view hidden files, and remove the following files in bold (if found):


C:\WINDOWS\SYSTEM\P32HELP.EXE
C:\WINDOWS\SYSTEM\3BWYHL1NWKI4M4THD.EXE
C:\WINDOWS\SYSTEM\70Y3HNXD3UW.EXE
C:\WINDOWS\SYSTEM\2SY3TI~1.DLL

Please delete your temporary files by deleting all files and folders that are in those folders (do not delete the temp folder itself) like for example
C:\WINDOWS\Temp\
C:\Temp\
C:\Documents and Settings\username\Local Settings\Temp\
Also delete your Temporary Internet Files, be sure to also select delete all offline content.

Reboot and post a newlog. ;)

How many times have you had problems with the computers at the store? These are XPs and this one is a 98.

http://www.techsuppo...hp/t-22150.html
http://forums.us.del...message.id=5812
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP