Home > Hijackthis Log > HijackThis Log - Win32/TrojanDropper.agent

HijackThis Log - Win32/TrojanDropper.agent

The resource 'C:\WINDOWS\System32\CTFMON.EXE' does not exist.Event Record #/Type2397 / WarningEvent Submitted/Written: 12/30/2007 00:40:28 AMEvent ID/Source: 1001 / MsiInstallerEvent Description:Detection of product '{90110409-6000-11D3-8CFE-0150048383C9}', feature 'HandWritingFiles' failed during request for component '{E6BFD503-3A35-4B78-BAB5-9570EDDEF81C}'Event Record Regards, Sp0nge--Free Tutorials for Various Applications (eg. For other potential solutions to this problem, see C:\Program Files\Microsoft Office\OFFICE11\1033\SETUP.CHM.-- Security Event Log ----------------------------------------------------------No Errors/Warnings found.-- System Event Log ------------------------------------------------------------Event Record #/Type22721 / ErrorEvent Submitted/Written: 12/30/2007 02:58:10 AMEvent ID/Source: 7000 Jump to content FacebookTwitter Geeks to Go Forum Security Virus, Spyware, Malware Removal Welcome to Geeks to Go - Register now for FREE Geeks To Go is a helpful hub, where have a peek here

Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. That may cause it to stall1. All Rights Reserved. Using the site is easy and fun.

Connect with BullGuard Company About UsPressPartnersContact UsCareersAffiliate program Products Internet SecurityAntivirusPremium ProtectionMobile Security Downloads AntivirusInternet SecurityMobile SecurityPremium Protection Support Help CentreProduct GuidesForumLive Technical Support © 2016 BullGuard. CONTRIBUTE TO OUR LEGAL DEFENSE All unused funds will be donated to the Electronic Frontier Foundation (EFF). Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dllO3 - Toolbar: Yahoo!

scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'Explorer.exe'(5148) c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll c:\acer\Empowering Technology\eDataSecurity\x86\sysenv.dll . This applies only to the original topic starter. Back to top #10 CatByte CatByte bleepin' tiger Malware Response Team 14,664 posts OFFLINE Gender:Not Telling Location:Canada Local time:06:07 PM Posted 16 March 2012 - 04:01 PM yes, the log D: is FIXED (NTFS) - 70 GiB total, 25.709 GiB free.

It has done this 1 time(s). 3/8/2012 5:22:13 PM, Error: Service Control Manager [7034] - The LogMeIn Rescue (c3702aa9-ba0d-4ceb-b944-efd1007dfe24) service terminated unexpectedly. You can change your cookie settings at any time. Register now to gain access to all of our features, it's FREE and only takes one minute. Several functions may not work.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015 Back to top #9 CrunchyChewie CrunchyChewie Topic Starter Members 23 posts OFFLINE Local time:05:07 PM Posted 16 March 2012 - 03:34 I will need you to copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.The text from these files may exceed the maximum The file will be unloaded when it is no longer in use.Event Record #/Type11137 / ErrorEvent Submitted/Written: 01/16/2008 05:29:35 PMEvent ID/Source: 1002 / Application HangEvent Description:Hanging application firefox.exe, version 1.8.20071.12718, hang richbuff 23.06.2009 05:23 Welcome.

scanning hidden autostart entries ...scanning hidden files ... **************************************************************************.--------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]-> C:\WINDOWS\system32\mllmk.dll.Completion time: 2007-12-30 0:11:27 - machine was rebooted.2007-12-22 10:04:59 --- E O F Much thanks 0 Advertisements #2 Rorschach112 Posted 20 January 2008 - 09:29 AM Rorschach112 Ralphie Retired Staff 47,710 posts HelloDon't put the logs in quote boxes as it makes them hard In order to find out what entries are nasty and what are installed by the user, you need some background information.A logfile is not so easy to analyze. Thank you.

This is normal. http://softsystechnologies.com/hijackthis-log/hijackthis-log-for-trojan-psw-win32-vb-kf.html It has done this 1 time(s). 3/8/2012 4:16:04 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\C:\Users\Tasha\AppData\Local\Microsoft\Windows\UsrClass.dat' was corrupted and it has been recovered. Service & Support HijackThis.de Supportforum Deutsch | English Forospyware.com (Spanish) www.forospyware.com Malwarecrypt.com www.malwarecrypt.com Computerhilfen www.computerhilfen.com Log file Show the visitors ratings © 2004 - 2017 Post that log and a HiJackthis log in your next replyNote: Do not mouseclick combofix's window while its running.

With the help of this automatic analyzer you are able to get some additional support. If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. There are currently no users on-line. Check This Out Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates,

When finished, it shall produce a log for you. Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318} Description: PS/2 Compatible Mouse Device ID: ACPI\PNP0F13\3&2B8E0B4B&0 Manufacturer: Microsoft Name: PS/2 Compatible Mouse PNP Device ID: ACPI\PNP0F13\3&2B8E0B4B&0 Service: i8042prt . ==== System Restore Points =================== . When done, two DDS.txt's will open.

A case like this could easily cost hundreds of thousands of dollars.

c:\users\Server\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Seagate Product Registration.lnk - c:\users\Server\AppData\Roaming\Leadertech\PowerRegister\Seagate Product Registration.exe [2011-1-25 1731736] . Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged Please ensure that you allow it permission to do so.-- If you get a warning from your anti-virus while DSS is scanning, please allow DSS to continue as the scan is

You can get help on disabling your protection programs here Double click on ComboFix.exe & follow the prompts.Your desktop may go blank. Sorry bout creating this post I didn't see the other topic that had already discussed this issue. Check the boxes next to ONLY the entries listed below(if present):R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankO2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll (file missing)2. http://softsystechnologies.com/hijackthis-log/hijackthis-log-win32-startpage-68.html scan completed successfully hidden files: 0 **************************************************************************.--------------------- DLLs Loaded Under Running Processes ---------------------PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.2180]C:\Program Files\TortoiseSVN\iconv\_tbl_simple.soC:\Program Files\TortoiseSVN\iconv\windows-1252.soC:\Program Files\TortoiseSVN\iconv\utf-8.so-> C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\DockShellHook.dll.Completion time: 2008-01-20 19:08:17 - machine was rebootedComboFix-quarantined-files.txt 2008-01-20 17:08:16Logfile of Trend

Site Changelog Community Forum Software by IP.Board Sign In Use Facebook Use Twitter Need an account? Back to top Back to Virus, Trojan, Spyware, and Malware Removal Logs 0 user(s) are reading this topic 0 members, 0 guests, 0 anonymous users Reply to quoted postsClear BleepingComputer.com Check the 'Input script manually' option. Save both reports to your desktop.---------------------------------------------------Please include the contents of the following in your next reply:DDS.txtAttach.txt.

Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO4 - HKLM\..\Run: [LaunchApp] AlaunchO4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exeO4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKLM\..\Run: [SkyTel] SkyTel.EXEO4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXEO4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgentO4 scanning hidden autostart entries ...scanning hidden files ... Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. If you accept cookies from this site, you will only be shown this dialog once!You can press escape or click on the X to close this box.

The file will be unloaded when it is no longer in use.Event Record #/Type11141 / WarningEvent Submitted/Written: 01/17/2008 00:04:38 AMEvent ID/Source: 1524 / UserenvEvent Description:Windows cannot unload your classes registry file FF - ProfilePath - c:\users\server\appdata\roaming\mozilla\firefox\profiles\mzvufznf.default\ FF - prefs.js: browser.search.selectedEngine - AVG Secure Search FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B5366aa48-b2bd-4e51-9862-2f254b12ca3a%7D&mid=98c4dd1d1a0e47d6ad56d156a4de50eb-7fd94206b72346a551aba08f70a8d23d541c505e&ds=AVG&v=10.0.0.7&lang=en&pr=fr&d=2011-10-06%2016%3A44%3A01&sap=ku&q= FF - plugin: c:\progra~1\micros~1\office14\NPAUTHZ.DLL FF - plugin: c:\progra~1\micros~1\office14\NPSPWRAP.DLL FF - plugin: c:\program s r.o.) Outdated[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List][HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]-- Environment Variables -------------------------------------------------------ALLUSERSPROFILE=C:\Documents and Settings\All Users.WINDOWSAPPDATA=C:\Documents and Settings\Lucas\Application DataCLASSPATH=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zipCLIENTNAME=ConsoleCommonProgramFiles=C:\Program Files\Common FilesCOMPUTERNAME=BRODERICKComSpec=C:\WINDOWS\system32\cmd.exeFP_NO_HOST_CHECK=NOHOMEDRIVE=C:HOMEPATH=\Documents and Settings\LucasLOGONSERVER=\\BRODERICKNUMBER_OF_PROCESSORS=1OS=Windows_NTPath=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\ATI Technologies\ATI.ACE\;PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSHPROCESSOR_ARCHITECTURE=x86PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntelPROCESSOR_LEVEL=15PROCESSOR_REVISION=0209ProgramFiles=C:\Program FilesPROMPT=$P$GQTJAVA=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zipSESSIONNAME=ConsoleSystemDrive=C:SystemRoot=C:\WINDOWSTEMP=C:\DOCUME~1\Lucas\LOCALS~1\TempTMP=C:\DOCUME~1\Lucas\LOCALS~1\TempUSERDOMAIN=BRODERICKUSERNAME=LucasUSERPROFILE=C:\Documents and Settings\Lucaswindir=C:\WINDOWS-- I am doing this remotely and the remote connection dies whenever I run CF.

Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: (no name) - {fa8d9e8b-60bd-47e4-a07c-7eae63f385e2} - C:\WINDOWS\System32\xuqpdxyt.dll (file missing)O2 - BHO: (no name) - È=B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)O2 - BHO: (no name) - S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - The bad news is that there is currently no tool that will clean these files, so they will be deleted, to remove them from the system.This means that some applications may

The IP address being used is 169.254.5.96.Event Record #/Type10451 / WarningEvent Submitted/Written: 01/19/2008 09:36:36 PMEvent ID/Source: 1007 / DhcpEvent Description:Your computer has automatically configured the IP address for the NetworkCard with Microsoft® Windows Vista™ Business Boot Device: \Device\HarddiskVolume2 Install Date: 7/16/2008 7:06:13 AM System Uptime: 3/8/2012 6:29:16 PM (31 hours ago) . A case like this could easily cost hundreds of thousands of dollars. To view the full version with more information, formatting and images, please click here.

It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. Post that log in your next reply Note: Do not mouseclick combofix's window whilst it's running. Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO4 - HKLM\..\Run: [LaunchApp] AlaunchO4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exeO4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKLM\..\Run: [SkyTel] SkyTel.EXEO4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXEO4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgentO4