Results 1 to 3 of 3
  1. #1
    New Lounger
    Join Date
    Feb 2009
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Help dissecting hijackthis log

    I need help understand the hijackthis log the program generated. Any taker????

    ogfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:56:50 AM, on 2/8/2009
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:Windowssystem32taskeng.exe
    C:Windowssystem32Dwm.exe
    C:WindowsExplorer.EXE
    C:Program FilesTrend MicroInternet SecurityUfSeAgnt.exe
    C:WindowsSystem32rundll32.exe
    C:Program FilesTrend MicroTrendSecureRemoteFileLockFLMain.exe
    C:Program FilesTrend MicroInternet SecurityTMAS_OETMAS_OEMon.exe
    C:Program FilesTrend MicroInternet SecurityUfNavi.exe
    C:Program FilesTrend MicroTrendSecureTSCFCommander.exe
    C:Program FilesTrend MicroTrendSecureTSCFPlatformCOMSvr.exe
    C:Program FilesNovatel WirelessSprintSprint PCS Connection ManagerOSCM3.exe
    C:Program FilesMozilla Firefoxfirefox.exe
    C:Program FilesTrend MicroHijackThisHijackThis.exe

    R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
    R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
    R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_07binssv.dll (file missing)
    O2 - BHO: TransactionProtector BHO - {C1656CCA-D2EA-4A32-94AE-AE0B180E6449} - C:Program FilesTrend MicroTrendSecureTransactionProtectorTSToolbar.dll
    O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:Program FilesTrend MicroTrendSecureTransactionProtectorTSToolbar.dll
    O4 - HKLM..Run: [Windows Defender] %ProgramFiles%Windows DefenderMSASCui.exe -hide
    O4 - HKLM..Run: [UfSeAgnt.exe] "C:Program FilesTrend MicroInternet SecurityUfSeAgnt.exe"
    O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:Windowssystem32NvCpl.dll,NvStartup
    O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:Windowssystem32NvMcTray.dll,NvTaskbarInit
    O4 - HKCU..Run: [OE] "C:Program FilesTrend MicroInternet SecurityTMAS_OETMAS_OEMon.exe"
    O4 - HKUSS-1-5-19..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUSS-1-5-19..Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUSS-1-5-20..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - HKUSS-1-5-21-4157789089-609659471-3603122966-1000..Run: [Sidebar] C:Program FilesWindows Sidebarsidebar.exe /autoRun (User 'Vince')
    O13 - Gopher Prefix:
    O17 - HKLMSystemCCSServicesTcpip..{D5BDF84B-90F5-4FB4-BBA5-7077B990672E}: NameServer = 68.28.146.92 68.28.154.92
    O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:Windowssystem32nvvsvc.exe
    O23 - Service: OSCM Utility Service - Sprint Spectrum, L.L.C - C:Program FilesNovatel WirelessSprintSprint PCS Connection ManagerOSCMUtilityService.exe
    O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:Program FilesTrend MicroInternet SecuritySfCtlCom.exe
    O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:Program FilesTrend MicroBMTMBMSRV.exe
    O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:PROGRA~1TRENDM~1INTERN~1TmPfw.exe
    O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:Program FilesTrend MicroInternet SecurityTmProxy.exe

    --
    End of file - 4335 bytes

  2. #2
    Plutonium Lounger
    Join Date
    Nov 2001
    Posts
    10,550
    Thanks
    0
    Thanked 7 Times in 7 Posts

    Re: Help dissecting hijackthis log

    Woody's Lounge is not the best forum for getting a HijackThis log analyzed. Try posting your log to one of the sites listed in <!post=this post,686207>this post<!/post>.

    StuartR

  3. #3
    3 Star Lounger
    Join Date
    Jun 2001
    Location
    Irvine, California, USA
    Posts
    292
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Help dissecting hijackthis log

    You did not have a successful uninstall of Trend Micro. Some of the TM services are still running. It would appear on first glance that the TM firewall,Change Prevention and proxy service being active is your major issue.You could reinstall TM and try another uninstall attempt. If that failed I would at this point manually remove everything.Boot into Safe Mode and shut off all the TM services if any are running then delete all remaining folders in Program FilesTrend Micro, Common FilesTrend Micro, hidden in Docs and Settings in Application Data as well as Local SettingsApplication Data. Now remove the offending entries in the Registry by deleting the related Trend Micro Keys. Then reboot and run Ccleaner.You will probably need to go back for more Registry cleaning as some of the keys will not delete without changing ownership/permissions. You will also possibly need to run the Windows Installer Clean-up utility. At that point run SFC/scannow and CHKDSK while enjoying a couple of beers. <img src=/S/clapping.gif border=0 alt=clapping width=19 height=23> <img src=/S/cheers.gif border=0 alt=cheers width=30 height=16>

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •