TechSpot

Help with hijackthis log

By Bonehead
Dec 26, 2004
  1. I am a new member here and I need some help removing some spyware. I have run spybot and norton antivirus 2004. I am not able to delete all files found. The ones that I can delete come back all by themselves. I need help if you can. I am trying to attach the hijackthis log. I hope I am doing this right and if not I appologize. Thanks Bonehead.
     
  2. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 8,165

    For anti-virus reasons I will not open any .doc files. Please redo your HJT and attach it as hijackthis.txt
    Thank you
     
  3. Bonehead

    Bonehead TS Rookie Topic Starter

    hijackthis log file ext.change

    I am sending a file ext. change for my log file. Thanks Bonehead.
     
  4. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 8,165

    Bonehead

    For security-sake, you should first go to my thread here: How to remove Begin2Search / Coolwebsearch
    and do exactly what it says.

    Then reboot in Safe Mode and run HJT on its own and let it "fix" (some may be gone already):

    C:\Program Files\CSBB\CSv10P070.exe
    C:\WINDOWS\System32\cidlt1.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.popupsearches.com/sidesearch.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.popupsearches.com/sidesearch.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us10.hpwis.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://shell.windows.com/fileassoc/0409/xml/redir.asp?Ext=wpd
    N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.yahoo.com"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\cyuie7a9.slt\prefs.js)
    O1 - Hosts: 69.20.16.183 auto.search.msn.com
    O1 - Hosts: 69.20.16.183 search.netscape.com
    O1 - Hosts: 69.20.16.183 ieautosearch
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
    O3 - Toolbar: Begin2Search.com Bar - {52FE5233-367C-4EFB-BDD7-0BE4D212C107} - C:\WINDOWS\System32\winb2s32.dll (file missing)
    O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
    O3 - Toolbar: Search Bar - {4E7BD74F-2B8D-469E-A1F6-FC7EB590A97D} - C:\WINDOWS\DOWNLO~1\search3.dll
    O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
    O3 - Toolbar: IEMenuExtension toolbar - {6b95678d-30a4-4ff8-a72f-4208340c1f7f} - C:\Program Files\IEMenuExtension\tbextn.dll
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
    O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
    O4 - HKLM\..\Run: [CSV10P70] C:\Program Files\CSBB\CSv10P070.exe
    O4 - HKLM\..\Run: [ws5T35Q] ckcdo20.exe
    O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
    O4 - HKLM\..\Run: [IE Menu Extension toolbar] rundll32.exe "C:\PROGRA~1\IEMENU~1\tbextn.dll" DllShowTB
    O4 - HKLM\..\Run: [SESync] "C:\Program Files\SED\SED.exe"
    O4 - HKCU\..\Run: [hBu3RRc8i] cidlt1.exe
    O4 - Startup: KISS Country DATEwise.lnk = C:\Program Files\KISS Country DATEwise\DATEwise3.exe
    O4 - Startup: Organize.lnk = ?
    O4 - Startup: PowerReg Scheduler V3.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O10 - Unknown file in Winsock LSP: c:\windows\system32\calsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\calsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\calsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\calsp.dll
    O16 - DPF: {284DAE3C-A691-11D3-AD58-00E0B8107A24} (SISCtrl Class) - http://sef.mlxchange.com/Control/SISC.cab
    O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} (Interealty MultiSelect) - http://sef.mlxchange.com/Control/MultiSelectComboBox.cab
    O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) - http://sef.mlxchange.com/Control/MLXClientUtils.cab
    O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} - http://static.topconverting.com/activex/loader2.ocx
    O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) - http://sef.mlxchange.com/Control/IRCSharc.cab
    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/ps/en/check/qdiagh.cab?322
    O17 - HKLM\System\CCS\Services\Tcpip\..\{7672963E-0434-4137-B7B9-6275BE2EC917}: NameServer = 205.152.144.23 205.152.132.23

    Now, still in Safe mode, delete all this crappy stuff, including the directory and contents when bold:
    C:\Program Files\CSBB\CSv10P070.exe
    C:\WINDOWS\System32\cidlt1.exe
    C:\WINDOWS\DOWNLO~1\search3.dll
    C:\Program Files\IEMenuExtension\tbextn.dll
    C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll
    ckcdo20.exe (wherever that is)
    C:\Program Files\AutoUpdate\AutoUpdate.exe
    C:\Program Files\SED\SED.exe
    C:\Program Files\KISS Country DATEwise\DATEwise3.exe


    To fix O10 - Unknown file in Winsock LSP: c:\windows\system32\calsp.dll
    Download and run LSPFix from http://cexx.org/lspfix.htm
    Use these instructions to remove the bad DLL:
    1. Run LSPFix.
    2. Check 'I know what I'm doing'.
    3. Select 'calsp.dll'.
    4. Click the right-pointing arrow (moves it to the "remove" page).
    5. Click 'Finished'.
    6. Restart your computer in "Safe Mode" (F5 or F8 when starting Windows).
    7. Delete the following file: 'calsp.dll'
    8. Restart your computer and bring it up in normal mode.
     
  5. Bonehead

    Bonehead TS Rookie Topic Starter

    Thank you realblackstuf i will try this
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.