TechSpot

Help with hijackthis log

By Bonehead
Dec 26, 2004
  1. I am a new member here and I need some help removing some spyware. I have run spybot and norton antivirus 2004. I am not able to delete all files found. The ones that I can delete come back all by themselves. I need help if you can. I am trying to attach the hijackthis log. I hope I am doing this right and if not I appologize. Thanks Bonehead.
     
  2. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    For anti-virus reasons I will not open any .doc files. Please redo your HJT and attach it as hijackthis.txt
    Thank you
     
  3. Bonehead

    Bonehead TS Rookie Topic Starter

    hijackthis log file ext.change

    I am sending a file ext. change for my log file. Thanks Bonehead.
     
  4. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    Bonehead

    For security-sake, you should first go to my thread here: How to remove Begin2Search / Coolwebsearch
    and do exactly what it says.

    Then reboot in Safe Mode and run HJT on its own and let it "fix" (some may be gone already):

    C:\Program Files\CSBB\CSv10P070.exe
    C:\WINDOWS\System32\cidlt1.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.popupsearches.com/sidesearch.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.popupsearches.com/sidesearch.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us10.hpwis.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://shell.windows.com/fileassoc/0409/xml/redir.asp?Ext=wpd
    N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.yahoo.com"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\cyuie7a9.slt\prefs.js)
    O1 - Hosts: 69.20.16.183 auto.search.msn.com
    O1 - Hosts: 69.20.16.183 search.netscape.com
    O1 - Hosts: 69.20.16.183 ieautosearch
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
    O3 - Toolbar: Begin2Search.com Bar - {52FE5233-367C-4EFB-BDD7-0BE4D212C107} - C:\WINDOWS\System32\winb2s32.dll (file missing)
    O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
    O3 - Toolbar: Search Bar - {4E7BD74F-2B8D-469E-A1F6-FC7EB590A97D} - C:\WINDOWS\DOWNLO~1\search3.dll
    O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
    O3 - Toolbar: IEMenuExtension toolbar - {6b95678d-30a4-4ff8-a72f-4208340c1f7f} - C:\Program Files\IEMenuExtension\tbextn.dll
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
    O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
    O4 - HKLM\..\Run: [CSV10P70] C:\Program Files\CSBB\CSv10P070.exe
    O4 - HKLM\..\Run: [ws5T35Q] ckcdo20.exe
    O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
    O4 - HKLM\..\Run: [IE Menu Extension toolbar] rundll32.exe "C:\PROGRA~1\IEMENU~1\tbextn.dll" DllShowTB
    O4 - HKLM\..\Run: [SESync] "C:\Program Files\SED\SED.exe"
    O4 - HKCU\..\Run: [hBu3RRc8i] cidlt1.exe
    O4 - Startup: KISS Country DATEwise.lnk = C:\Program Files\KISS Country DATEwise\DATEwise3.exe
    O4 - Startup: Organize.lnk = ?
    O4 - Startup: PowerReg Scheduler V3.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O10 - Unknown file in Winsock LSP: c:\windows\system32\calsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\calsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\calsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\calsp.dll
    O16 - DPF: {284DAE3C-A691-11D3-AD58-00E0B8107A24} (SISCtrl Class) - http://sef.mlxchange.com/Control/SISC.cab
    O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} (Interealty MultiSelect) - http://sef.mlxchange.com/Control/MultiSelectComboBox.cab
    O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) - http://sef.mlxchange.com/Control/MLXClientUtils.cab
    O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} - http://static.topconverting.com/activex/loader2.ocx
    O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) - http://sef.mlxchange.com/Control/IRCSharc.cab
    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/ps/en/check/qdiagh.cab?322
    O17 - HKLM\System\CCS\Services\Tcpip\..\{7672963E-0434-4137-B7B9-6275BE2EC917}: NameServer = 205.152.144.23 205.152.132.23

    Now, still in Safe mode, delete all this crappy stuff, including the directory and contents when bold:
    C:\Program Files\CSBB\CSv10P070.exe
    C:\WINDOWS\System32\cidlt1.exe
    C:\WINDOWS\DOWNLO~1\search3.dll
    C:\Program Files\IEMenuExtension\tbextn.dll
    C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll
    ckcdo20.exe (wherever that is)
    C:\Program Files\AutoUpdate\AutoUpdate.exe
    C:\Program Files\SED\SED.exe
    C:\Program Files\KISS Country DATEwise\DATEwise3.exe


    To fix O10 - Unknown file in Winsock LSP: c:\windows\system32\calsp.dll
    Download and run LSPFix from http://cexx.org/lspfix.htm
    Use these instructions to remove the bad DLL:
    1. Run LSPFix.
    2. Check 'I know what I'm doing'.
    3. Select 'calsp.dll'.
    4. Click the right-pointing arrow (moves it to the "remove" page).
    5. Click 'Finished'.
    6. Restart your computer in "Safe Mode" (F5 or F8 when starting Windows).
    7. Delete the following file: 'calsp.dll'
    8. Restart your computer and bring it up in normal mode.
     
  5. Bonehead

    Bonehead TS Rookie Topic Starter

    Thank you realblackstuf i will try this
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...