Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works

CSW.Home Search Assistant (Found my own solution)

  • Please log in to reply



    New Member

  • Member
  • Pip
  • 4 posts
Hi all,

I have recently use spyware doctor and scanned to see that i have been infected by the following:

CSW.Home Search Assistant
Hijack Internet Explorer's about blank

I have attached a screen shot of it. After trying to click the FIX it button, the program would just hang and i have to use CTRL ALT DEL to end the program's task.

I can't seem to get it off my computer even after using Trendmicro scanner and FxAgentB.exe to try remove it but i am still uable to get any infomation about where it may be hiding in my computer. FxAgentB.exe can't find any back door. So far only Spyware doctor has detected this problem.

So far when i launch internet explorer, it has not hijack any pages thus far. So i ain't really sure how to get rid of it.

Please advise.


Attached Thumbnails

  • ssvir.JPG

Edited by vox, 18 June 2005 - 03:18 AM.

  • 0




    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Here is the Log generate by HijackThis:

Logfile of HijackThis v1.99.1
Scan saved at 11:26:22 PM, on 6/17/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
E:\Program Files\Diskeeper\DkService.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
E:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
E:\Program Files\Canon\MultiPASS4\MPDBMgr.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\McAfee\McAfee VirusScan\VsMain.exe
C:\Program Files\McAfee\McAfee VirusScan\AlogServ.exe
C:\Documents and Settings\Edmund Lim\Desktop\New Folder\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.singnet.com.sg
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.acoustica...nverter?PT=cnet
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by SingNet
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - E:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Nwiz] nwiz.exe /install
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - E:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.singnet.com.sg
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab28177.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zon...ry/ZAxRcMgr.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zon...ot.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab30149.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9FDBEF31-F1BC-4B7E-A3B4-06DDB0F03CDB}: NameServer =
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVSync Manager (AvSynMgr) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Diskeeper - Executive Software International, Inc. - E:\Program Files\Diskeeper\DkService.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: McAfee Firewall - Unknown owner - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing)
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: MpService - Canon Inc. - E:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: MySql - Unknown owner - C:\mysql\bin\mysqld-nt.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

Thanks in advance.

Edited by vox, 17 June 2005 - 09:31 AM.

  • 0



    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
I am still scanning my computer with all the programs recommended at the read first section.

Thus far most programs did not detect the problem except for spyware doctor.

Are the anymore CSW cleaners that anyone can recommend?
  • 0



    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Seems that there are too many post......

Anyways I found the answer to my problem, for those using SPYWARE DOCTOR and discovered this CSW item, do check the undermentioned link:


Oh well :tazz: Hav a nice day.
  • 0

Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP