Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I Need Help Reading My Hijackthis Log


  • Please log in to reply
1 reply to this topic

#1 Kissa_Dawn

Kissa_Dawn

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 21 November 2007 - 02:07 AM

last night my computer started acting funny and with in an hour this security box was popping up saying it was shutting down unless i clicked download now... I did not click on it and it shut down I did this like 10 times then i decided to click but not install it... that worked but it still poped up like every 4 minutes.. there was this windows security red circle with a line slashed thru it... a balloon was poppin up saying i was infected with maleware. I continued to bypass the shutting down as a installed spyware and adware protection... I tried like 10 things and finally got those two things to stop. I have deleted most of the things i have installed but I have now installed asquared anti maleware 3.0... It is showing 10 things on my computer and i have quarantined them:

Scan start: 11/21/2007 12:49:52 AM

Value: HKEY_CLASSES_ROOT\CLSID\{8C11E411-860C-4BAE-A0F4-CBE8DAE6B84C}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Blubster
Value: HKEY_CLASSES_ROOT\CLSID\{9583E033-1CCC-446E-A858-317A0620EE66}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Blubster
Value: HKEY_CLASSES_ROOT\CLSID\{9E6A5B24-1FBC-42D9-870D-07D5C5738075}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Blubster
Value: HKEY_CLASSES_ROOT\CLSID\{EA6DA0D5-1021-4F55-ACBA-D1D8BA7EAB2C}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Blubster
Value: HKEY_CLASSES_ROOT\CLSID\{EE12598F-BD9F-4BAD-BB13-D49829A024FE}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Blubster
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C11E411-860C-4BAE-A0F4-CBE8DAE6B84C}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Blubster
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9583E033-1CCC-446E-A858-317A0620EE66}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Blubster
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9E6A5B24-1FBC-42D9-870D-07D5C5738075}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Blubster
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EA6DA0D5-1021-4F55-ACBA-D1D8BA7EAB2C}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Blubster
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE12598F-BD9F-4BAD-BB13-D49829A024FE}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Blubster
C:\Documents and Settings\a\Cookies\a@adserver[1].txt detected: Trace.TrackingCookie
C:\Documents and Settings\a\Cookies\a@advertising[1].txt detected: Trace.TrackingCookie
C:\Documents and Settings\a\Cookies\a@atdmt[2].txt detected: Trace.TrackingCookie
C:\Documents and Settings\a\Cookies\a@bluestreak[1].txt detected: Trace.TrackingCookie
C:\Documents and Settings\a\Cookies\a@commission-junction[2].txt detected: Trace.TrackingCookie
C:\Documents and Settings\a\Cookies\a@com[1].txt detected: Trace.TrackingCookie
C:\Documents and Settings\a\Cookies\a@doubleclick[1].txt detected: Trace.TrackingCookie
C:\Documents and Settings\a\Cookies\a@media.adrevolver[1].txt detected: Trace.TrackingCookie
C:\Documents and Settings\a\Cookies\a@questionmarket[2].txt detected: Trace.TrackingCookie
C:\Documents and Settings\a\Cookies\a@server.iad.liveperson[1].txt detected: Trace.TrackingCookie
C:\Documents and Settings\a\Cookies\a@statse.webtrendslive[1].txt detected: Trace.TrackingCookie
C:\Program Files\NoAdware5.0\nutils.dll detected: Riskware.FraudTool.Win32.NoAdware.a

Scanned

Files: 12512
Traces: 341317
Cookies: 78
Processes: 23

Found

Files: 1
Traces: 10
Cookies: 11
Processes: 0
Registry keys: 0

Scan end: 11/21/2007 1:07:41 AM



anyway with all of that said.... I have downloaded the hijackthis and here is my log can you help me read it... it says something is missing and i am all confused now... Thank you VERY much

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:01:43 AM, on 11/21/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\a-squared Anti-Malware\a2guard.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\a-squared Anti-Malware\a2start.exe

O20 - AppInit_DLLs: C:\WINDOWS\system32\sol455.txt
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: RPC Service (RpcSss) - Unknown owner - C:\WINDOWS\rundll32.exe (file missing)
O23 - Service: Windows Notification Service (Winaltet) - Unknown owner - C:\WINDOWS\System32\winaltet.exe (file missing)

--
End of file - 1941 bytes

BC AdBot (Login to Remove)

 


#2 CalamityJane

CalamityJane

  • Security Colleague
  • 107 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:03 AM

Posted 27 November 2007 - 08:39 PM

Wow, that's a very incomplete HijackThis log - have you been "fixing" stuff on your own?

Also, your machine is very vulnerable to malware exploit due to that fact that you do NOT have SP2 for XP installed? Is there some reason for that?

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
  • Close all applications and windows.
  • Double-click on dss.exe to run it, and follow the prompts.
  • When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post. in your reply

Microsoft MVP Windows-Security 2003-2008
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users