Home > Hijackthis Log > HijackThis Log - Win32/TrojanDropper.agent

HijackThis Log - Win32/TrojanDropper.agent

Check out the forums and get free advice from the experts. However, the system is configured to not allow interactive services. D: is FIXED (NTFS) - 70 GiB total, 25.709 GiB free. Toolbar --> C:\PROGRA~1\YAHOO!\common\unyt.exeyEnc32 (remove only) --> "C:\Program Files\yEnc32\uninstall.exe"Zune Desktop Theme --> MsiExec.exe /X{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}-- Application Event Log -------------------------------------------------------Event Record #/Type11158 / WarningEvent Submitted/Written: 01/18/2008 02:14:19 AMEvent ID/Source: 1524 / UserenvEvent Description:Windows cannot check over here

Check the boxes next to ONLY the entries listed below(if present):R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankO2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll (file missing)2. Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.0.0.7\AVG Secure Search_toolbar.dll TB: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - c:\program files\coupons.com\prxtbCoup.dll uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRunOnce: Then turn system restore back on, if you wish; this to remove malware from system volume information files. Log is as follows: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 5:07:53 PM, on 3/8/2012 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.19190) Boot mode: Normal

Several functions may not work. Please choose YES. C: is FIXED (NTFS) - 70 GiB total, 20.778 GiB free. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.You must be logged onto an account with administrator privileges when using.Close all applications and windows.Double-click

Even for an advanced computer user. Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015 Back to top #9 CrunchyChewie CrunchyChewie Topic Starter Members 23 posts OFFLINE Local time:05:07 PM Posted 16 March 2012 - 03:34 The information as requested: DDS.TXT: . Jump to content FacebookTwitter Geeks to Go Forum Security Virus, Spyware, Malware Removal Welcome to Geeks to Go - Register now for FREE Geeks To Go is a helpful hub, where

You can change your cookie settings at any time. Here is what im getting from hijackthis.log Logfile of HijackThis v1.99.1 Scan saved at 1:27:37 PM, on 9/7/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running Site Changelog Community Forum Software by IP.Board Sign In Use Facebook Use Twitter Need an account? Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO4 - HKLM\..\Run: [LaunchApp] AlaunchO4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exeO4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKLM\..\Run: [SkyTel] SkyTel.EXEO4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXEO4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgentO4

or read our Welcome Guide to learn how to use this site. Jump to content FacebookTwitter Geeks to Go Forum Security Virus, Spyware, Malware Removal Welcome to Geeks to Go - Register now for FREE Geeks To Go is a helpful hub, where Several functions may not work. Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer -

Motherboard: Acer | | F690GVM Processor: AMD Athlon 64 X2 Dual Core Processor 5000+ | Socket AM2 | 2200/199mhz . ==== Disk Partitions ========================= . E: is CDROM (No Media)F: is Fixed (NTFS) - 232.88 GiB total, 0.4 GiB free. \\.\PHYSICALDRIVE0 - WDC WD800BEVS-22RST0 - 74.53 GiB - 3 partitions \PARTITION0 - Unknown - 4.88 GiB Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing) O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.0.0.7\AVG scanning hidden files ... .

Then press OK at the prompts to reboot your PC. check my blog How to turn it off/on: http://support.kaspersky.com/faq/?qid=208279208thanks This is a "lo-fi" version of our main content. A case like this could easily cost hundreds of thousands of dollars. Right click that file and select Send To>Compressed (zipped) file.

failed to delete.((((((((((((((((((((((((( Files Created from 2007-12-20 to 2008-01-20 ))))))))))))))))))))))))))))))).2008-01-20 18:49 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe2008-01-20 18:04 . 2008-01-20 18:04

d-------- C:\Deckard2008-01-17 01:24 . 2008-01-17 01:24 d-------- C:\Program Jump to content Sign In Create Account Search Advanced Search section: This topic Forums Members Help Files Calendar View New Content Forum Rules BleepingComputer.com Forums Members Tutorials Startup List Please re-enable javascript to access full functionality. this content Several functions may not work.

NEXTGo here to run an online scanner from ESET.Turn off the real time scanner of any existing antivirus program while performing the online scanTick the box next to YES, I accept It has done this 1 time(s). 3/7/2012 6:12:56 PM, Error: Service Control Manager [7034] - The QBCFMonitorService service terminated unexpectedly. Please re-open HiJackThis and choose do a system scan only.

It requires you to manually reboot to restore your normal windows desktop.

Here are the contents of the .txt files as requested.Deckard's System Scanner v20071014.68Run by Shalin Singh on 2008-01-20 18:21:12Computer is in Normal Mode.--------------------------------------------------------------------------------Total Physical Memory: 503 MiB (512 MiB recommended).System Drive catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-03-10 17:45 Windows 6.0.6002 Service Pack 2 NTFS . Username Forum Password I've forgotten my password Remember me This is not recommended for shared computers Sign in anonymously Don't add me to the active users list Privacy Policy

Search It has done this 1 time(s). 3/8/2012 5:36:43 PM, Error: Service Control Manager [7034] - The LogMeIn Rescue (1425292) service terminated unexpectedly.

scanning hidden autostart entries ...scanning hidden files ... **************************************************************************.--------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]-> C:\WINDOWS\system32\mllmk.dll.Completion time: 2007-12-30 0:11:27 - machine was rebooted.2007-12-22 10:04:59 --- E O F Please see the important readme topic, located at top of this forum section. NEXTPlease download aswMBR to your desktop.Double click the aswMBR.exe icon to run itWhen asked if you want to download Avast's virus definitions please select Yes.Click the Scan button to start the have a peek at these guys This service may not function properly. 3/8/2012 5:36:43 PM, Error: Service Control Manager [7034] - The LogMeIn Rescue (90159d5b-9935-42f8-a062-c0362b954218) service terminated unexpectedly.

Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318} Description: PS/2 Compatible Mouse Device ID: ACPI\PNP0F13\3&2B8E0B4B&0 Manufacturer: Microsoft Name: PS/2 Compatible Mouse PNP Device ID: ACPI\PNP0F13\3&2B8E0B4B&0 Service: i8042prt . ==== System Restore Points =================== . Who's online This forum has 37,989 registered members. Everyone else please begin a New Topic. Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO4 - HKLM\..\Run: [LaunchApp] AlaunchO4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exeO4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKLM\..\Run: [SkyTel] SkyTel.EXEO4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgentO4 - HKLM\..\Run: [AME_CSA] rundll32

HijackThis.de Security HijackThis log file analysis HijackThis opens you a possibility to find and fix nasty entries on your computer easier.Therefore it will scan special here is the log richbuff 26.06.2009 01:45 Windows System restore, turn it off > reboot. DDS (Ver_2011-08-26.01) . Photoshop, Flash) Back to top #3 don77 don77 Forum Regular Members 3,212 posts OFFLINE Gender:Male Location:Boston Mass Local time:06:07 PM Posted 02 May 2008 - 09:46 AM Due to the

Back to top Back to Virus, Trojan, Spyware, and Malware Removal Logs 0 user(s) are reading this topic 0 members, 0 guests, 0 anonymous users Reply to quoted postsClear BleepingComputer.com Quote: [table style="MARGIN-LEFT: 15pt; WIDTH: 100%; mso-cellspacing: 0cm; mso-padding-alt: 4.5pt 4.5pt 4.5pt 4.5pt" cellSpacing=0 cellPadding=0 width="100%" border=0] [tr ][td style="BORDER-RIGHT: #ffffff 0.75pt inset; PADDING-RIGHT: 4.5pt; BORDER-TOP: #ffffff 0.75pt inset; PADDING-LEFT: 4.5pt; As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged With the help of this automatic analyzer you are able to get some additional support.

Click here to Register a free account now! This applies only to the original topic starter. Setup cannot find the required files. D: is Fixed (FAT32) - 35.06 GiB total, 1.31 GiB free.

Edited by xAc!d, 29 December 2007 - 10:45 PM. 0 #4 sage5 Posted 29 December 2007 - 10:46 PM sage5 RIP 10/2009 Retired Staff 2,646 posts See if you can copy Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllF2 - REG:system.ini: UserInit=userinit.exe,O2 - BHO: (no name) - rsion - (no file)O2 - BHO: Yahoo!