Question:
is there anything wrong with this log file from hijackthis?
2008-04-12 01:31:01 UTC
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:44:10 PM, on 27/03/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_SL.exe
C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe
C:\Windows\OEM05Mon.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\Dell AIO 810\DLCGmon.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"
O4 - HKLM\..\Run: [OEM05Mon.exe] C:\Windows\OEM05Mon.exe
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [DLCGCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlcgmon.exe] "C:\Program Files\Dell AIO 810\dlcgmon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Scott\AppData\Local\Temp\ljhec.dll,#1
O4 - HKCU\..\Run: [d43f50c9] rundll32.exe "C:\Users\Scott\AppData\Local\Temp\lwuiynxe.dll",b
O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\Users\Scott\AppData\Local\Temp\djwqlwax.dll",run
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Scott\AppData\Local\Temp\jkkhf.dll,c
O4 - HKCU\..\Run: [BMd70c6355] Rundll32.exe "C:\Users\Scott\AppData\Local\Temp\wrcdpejf.dll",s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.safeiegate.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.safeiegate.com/redirect.php (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O13 - Gopher Prefix:
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlcg_device - - C:\Windows\system32\dlcgcoms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

--
End of file - 10143 bytes
Four answers:
chezzrob
2008-04-12 01:54:53 UTC
Ok I agree with Sergio



basic pc trend is an internet securty program to stop hackers and virus. It not really a program to control spyware.



keep your hijack log then, run these three programs.

Afterwards run the hijack and compare the difference. That way you get to learn what to look for in subsequent reports.



From my notes

Also while your computer is in good nick you should download and install Superantispyware and Spybot –Search and Destroy because when malware gets going you will not be able to access the net.





Clean Up Computer

Superantispyware

===============

http://www.superantispyware.com

Has a stop homepage from being altered which is good

Can reset windows defaults in various parts



Download and run superantispyware. I was put onto this program because of an annoying popup (XP or Vista plus all OS preceding)



Install it and set the preferences to monitor your home page.

Set up tick boxes that you want in the other tabs as you require.

You don’t need to run it at startup unless you want the antispyware protection 24/7.



Note Superantispyware has powerful reset tools that will set stuff back to windows defaults.

To use these tools click preferences >repairs. This may be handy to reset IE URLS if you have annoying pop ups.

Superantispyware is a good program and remember to update it before scanning. A scan may take 45mins. Just run a scan for the first attack.



Spybot – Search and Destroy

=====================

Download spybot search and destroy. Through its immunize page and link to javacools spyblaster, spybot can manage activex problems which is extremely difficult for antispyware programs to find. Also just run the scan for first attack.

http://www.spybot.info/en/download/index.html

.



Windows Live Onecare

===================

Onecare safety scan fixes registry and finds temp files that nothing else seems to find.

Choose the Beta Edition link for vista users.

It does registry, spyware , virus , disk clean up and defrag



XP Users http://onecare.live.com/site/en-ca/defau...

Vista Users

http://onecare.live.com/site/en-ca/center/whatsnew.htm



Run the full safety scanner, it takes a few seconds to install the scanning files but when you start the scan, it takes 2 hours or more. Let it load the scanning tools, then start the Safety Scan. So once it starts to load the safety scans' x file of x , you can leave the computer and go to bed etc.



Then at the end of the scan it asks you to set it running full time.



Think twice about setting it to run in the background as it could be another thing to slow you down. However, it may be worth while if you have no other security programs running.



Consider the following options:

I personally run Norton 360 which is full internet security and run superantispyware when I want to.



So if you don’t have a decent internet security program then perhaps run the superantispyware with your antivirus in the background.



If you sick of antivirus programs that don’t work perhaps run onecare full time and run superantispyware whenever.



Now you should be flying and Onecare has even set up a new system restore point for you.

Note onecare does other stuff as well. Click on the menus on the LHS column., but all of this is done if you click Safety Scan.

add onecare to your favourites



IE7

=======

Over time IE7 seems to set its own (or programs do) tick boxes in the advance tab.

In IE7 Tools >Internet Options >Advance Tab

Click Restore advance settings defaults button.

Then scroll the listings down to near the bottom and:

Tick empty temp files when browser closes (this empties the cache, which if not empty, will stop you from going online).

Bullet disable phishing filter (optional. Leave it on if you want that type of protection, usually for financial data like internet banking)

Delete Browser History, cookies, add ons, the whole lot regularly.

Close the browser to set the settings.

.

NOTE: 2008 will be the year of add on malware and spyware. I advise NOT to install active x when asked to on unknown websites. If you allow an active x install and it contains adware or such, no antivirus or anti-spyware will find it, because you have given permission to install it. The cleanup programs think that you want it installed. It will be very difficult to remove.



Phishing Filter

When first released, phishing filter slowed IE7. Apparently, Microsoft has fixed this through the windows updates. If you like you could try to run it - bullet the enable.

Only run one phishing filter program, and only run one firewall program.

.

Fixing Your Computer

Run the scans of the three programs above. If your computer is still faulty then you have to go deeper with the features mentioned.
2016-04-08 05:34:27 UTC
First it appears you have more than one av. I'm not refering to your malware scanners. Those are all fine in conjunction with your av. I noticed that you have Trend security suite and Avast. Avast is an excellent choice but you need to get rid of one of them. Other than that I dont see any problems.
Sergio G
2008-04-12 01:43:17 UTC
Never mind everything looks ok, but definitely run Trojan Remover it will find anything hidden also A-Squared.



Below is a list of top rated security programs below.

I recommend installing each program and running the updates to get the latest protection. Also try AVG anti-virus, they update their definitions constantly. (I use it as well)



CCleaner

http://filehippo.com/download_ccleaner/

(A system optimization and privacy tool. It removes unused and temporary files from your system etc.)



Trojan Remover

http://www.simplysup.com/

(Aids in the removal of Malware - Trojan Horses, Worms, Adware, Spyware, and it will remove registry entries as well)



A-Squared

http://filehippo.com/download_asquared/

(Aids in the removal of Malware - Trojan Horses, Worms, Adware, Spyware)



SpywareBlaster

http://filehippo.com/download_spywarebla...

(Aids in the blocking of spyware/malware web sites)



Spybot Search & Destroy

http://filehippo.com/download_spybot_sea...

(Aids in the removal and blocks spyware/malware)



Ad-Aware

http://filehippo.com/download_ad-aware/

(Aids in the removal of spyware/malware)



SUPERAntiSpyware

http://filehippo.com/download_superantis...

(Aids in the removal of spyware/malware



AVG Antispyware

http://filehippo.com/download_avg_antisp...

(Aids in the removal of spyware/malware)



Anti-virus

AVG Anti-Virus Free Edition

http://filehippo.com/download_avg_antivirus/

(A well-known anti-virus protection tool)





Cheers!
zoomjet
2008-04-12 01:46:50 UTC
There are sites where you can paste your log to have it analyzed:

http://www.hijackthis.de/index.php?langselect=english

http://hjt.networktechs.com/



you can get some indication of what may be wrong but it is dangerous to delete stuff just because it is flagged as potential malware; your best bet is to post to a hijackthis support forum such as this one

http://www.techsupportforum.com/security-center/hijackthis-log-help/



but read this first before you do:

http://www.techsupportforum.com/security-center/hijackthis-log-help/15968-important-read-before-posting-malware-removal-help.html


This content was originally posted on Y! Answers, a Q&A website that shut down in 2021.
Loading...