HT Log File...help please!

[Steve05]

I just wanna check my pc for infection.Please analyze my log file...
Thanks

Logfile of HijackThis v1.99.1
Scan saved at 5:52:01 PM, on 6/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Nhksrv.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\WINDOWS\DELLMMKB.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Netropa\OSD.exe
C:\WINDOWS\System32\qttask.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\WINDOWS\system32\epx.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\Program Files\Common Files\Real\Update_OB\realevent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Documents and Settings\Brian Walker\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smbusiness.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://smbusiness.dellnet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.jvhtrhgbdsrbc.net/f8hSem...aSyYWSS_p6.html
O2 - BHO: (no name) - {8B1F6056-7DC8-37CE-FEE6-2EE70630097A} - C:\PROGRA~1\GLUEVI~1\meow barb.exe
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\System32\qttask.exe
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [rect bird] C:\PROGRA~1\AXISIN~1\ford eq window.exe
O4 - HKLM\..\Run: [epx] C:\WINDOWS\system32\epx.exe
O4 - HKLM\..\Run: [GplTypeMemoMeal] C:\Documents and Settings\All Users\Application Data\Pop Jump Gpl Type\Pure Rule.exe
O4 - HKLM\..\Run: [Manager Team Scr Frag] C:\Documents and Settings\All Users\Application Data\Uploadballmanagerteam\jump chin.exe
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://64.124.45.181/downloads/ccpm_0237.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/Sh...bin/AvSniff.cab
O16 - DPF: {435583D3-F647-4943-BB40-B0D64CB02718} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/301e78e80a83a2...tzip/RdxIE2.cab
O16 - DPF: {5763F8E8-0DD7-4A0F-ADB0-9F64C8F2C349} (Pixami/Snapfish Upload UI Control) - http://www.snapfish.com/SnapfishUploader.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/...n/bin/cabsa.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/..._1/axofupld.cab
O16 - DPF: {D2C6BEF3-C41B-446F-B15E-AFD87027C9FD} (DellSoft.Client) - http://inside.us.dell.com/it/enterp...ft/DellSoft.cab

 

[RealBlackStuff]

Have it done for you here:
http://www.hijackthis.de/index.php
They are very much on the ball.

 

[Steve05]

But some experts told me to use that side only as a guide only.

 

[RealBlackStuff]

They showed you exactly what to get rid off.

BTW, strange seeing you help other people with HJT problems, and you can't fix your own?

 

[Steve05]

Is that means you can't analyse my log file?

 

[howard_hopkinso]

Have it done for you here:
http://www.hijackthis.de/index.php
They are very much on the ball.

Hey RBS. What a smashing bit of kit.

Excellent find mate. Page is bookmarked.

Regards Howard

 

[Steve05]

ok guys, thanks for ou efforts, i'll go and try my luck at another forums i guess

 

[Spike]

That is absolutely brilliant!!!

One thing though....

Why does it mark the Download Accelerator Plus executable as a nasty, and not give an explanation of what it is?
It wonders if the cortona vrml viewer control is a possible nasty
and It wonders if my dns servers are a possible nasty (nope! lol)

I know the free DAP verion is ad-supported, so that possibly explains that - but I do wonder whether people with little experience could use this tool. Great if you know what you're doing though.

 

[Steve05]

Hijack This Analysis - A note for Unexperienced! This site provides an online analysis of logs but be warned that it is not to be used soley when checking logs. It gives some false positives and should only be used in conjuction with other resources and tools - as a guide only.

 

[RealBlackStuff]

I just wanna check my pc for infection.Please analyze my log file...

You asked, we answered.
Did you go there at all? If you had, you'd know that you are heavily infected, starting with Kazaa.

Go to this post here first, and follow the instructions EXACTLY, especially about UPDATING and HJT-location.
How to remove Begin2Search/Coolwebsearch and Other Nasties

Then see How to post your Hijackthis log-files as an attachment.

 

[Steve05]

That's not helping...thanks anyway

 

[Spike]

There's probably not a lot of use in asking for help unless you're going to help yourself.

You know you're infected, because you've been told. You should know you're heavily infected by visiting the link you were given. These things alone should help. Youve been given instructions which have been proven time an time again. One of the instructions (how to post your HJT files) you should have read in the sticky at the top of the forum before posting.

It's crazy. Nobody can help you if you're not prepared to take advice and do the work.

 

[howard_hopkinso]

There's probably not a lot of use in asking for help unless you're going to help yourself.

You know you're infected, because you've been told. You should know you're heavily infected by visiting the link you were given. These things alone should help. Youve been given instructions which have been proven time an time again. One of the instructions (how to post your HJT files) you should have read in the sticky at the top of the forum before posting.

It's crazy. Nobody can help you if you're not prepared to take advice and do the work.

Absolutely spot on Spike. I couldn`t agree with you more.

Steve05. Just follow the instructions it`s all there for you. If you can be bothered.

Regards Howard :grinthumb

 

[Steve05]

It's doesn't makes any different isn't it? Even if i attach the log file i bet no one here are able to analyse it...sigh! Now i know why they told me not to ask for help in here...

 

[Spike]

It makes a lot of difference. Firstly, the how to remove begintosearch thread gets rid of a lot of rubbish.

Secondly, attaching the file makes the thread easier and quicker to read, and looks far less untidy.

Many of us even find that it takes less effort to read it in notepad tan on the forum.

If 'they' told you not to come here though, what I want to know is why 'they' haven't analysed it for you. All you've acctually shown here is that you don't want to do anything. If you follow BOTH sets of instructions, we'll do our best to help.

Almost all of those people who have followed them before now have been succesfully helped.

 

[howard_hopkinso]

It's doesn't makes any different isn't it? Even if i attach the log file i bet no one here are able to analyse it...sigh! Now i know why they told me not to ask for help in here...

Originally posted By RBS.

Go to this post here first, and follow the instructions EXACTLY, especially about UPDATING and HJT-location.

Then see How to post your Hijackthis log-files as an attachment.

Does that sound to you like no one is going to look at your log?

It`s upto you whether you follow the advice given. If you don`t want to, then of course, that`s your prerogative.

Regards Howard :suspiciou

 

[RealBlackStuff]

OK, Mr Drama Queen. I have only about 5'000 posts because I don't help anyone, I just love to boost my number of posts. And they only made me a moderator, because I have such good looks.
My post about getting rid of Websearch nasties has only been read well over 50'000 times, because it is so bad, and nobody knows what to do.

i bet no one here are able to analyse it

Really? Then go get your help somewhere else...

 

[Steve05]

OK, Mr Drama Queen. I have only about 5'000 posts because I don't help anyone, I just love to boost my number of posts. And they only made me a moderator, because I have such good looks.
My post about getting rid of Websearch nasties has only been read well over 50'000 times, because it is so bad, and nobody knows what to do.

As expected..
Why don't you just tell me the fixes...i prefer that way instead of reading all those spamming posts.

Really? Then go get your help somewhere else...

heh.. no heart feeling dude...chill, out! It doesn't mean this forum is lousy, it's good actually...just the ettiquette...

 

[RealBlackStuff]

Other than *****, moan and complain, what have you done? Did you get the analysis done at that website I gave you?
As for etiquette, you getz advise, you followz up. If not, you sufferz...

 

[Spike]

Spamming posts? 50,000 people didn't think so! (nor the people of this board!)

You don't like the way we do things? well, you have your options - take it or leave it.

If you'd followed the advise in the first place, you'd have it all done and dusted by now. I could sit here replying for hours. Doesn't bother me - I'm not the one with an infected machine, and neither is Howard or RBS.

 

[Steve05]

Other than *****, moan and complain, what have you done? Did you get the analysis done at that website I gave you?
As for etiquette, you getz advise, you followz up. If not, you sufferz...

C:\WINDOWS\DELLMMKB.EXE - This is a unknown process.
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe - This is a unknown process.
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.jvhtrhgbdsrbc.net/f8hSem...aSyYWSS_p6.html - This is safe? :dead:
O2 - BHO: (no name) - {8B1F6056-7DC8-37CE-FEE6-2EE70630097A} - C:\PROGRA~1\GLUEVI~1\meow barb.exe - Unknown too??? :bounce:
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://64.124.45.181/downloads/ccpm_0237.cab - Possibly nasty huh?

c'mon! You can do better than that can't you?

 

[shimmer]

steve05 if you didnt have any intentions of using the advice you got here then why bother asking and wasting others ppls time ..oh and as for you real black stuff good lookin huh

 

[Steve05]

shimmer, you don't have to flattering for the promoted, i understand your situation. This is my thread and i really don't need your spamming in here. Save your friendly advise for another pal.And i already attached the log file...still waiting for the response...

 

[shimmer]

reply

magentayikes what side of the bed did you get out off ..who says anything about spamming get your facts right before you reply to me and as for flattering the promoter i couldnt give a monkeys toss cos hes got nothing id want lol..well ok maybe some advice

 

[RealBlackStuff]

This is turning into a farce.

Steve05, please take your bad attitude somewhere else.

Thread closed.