Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Lost Run, Reboot, Registry, Trend Micro

  • This topic is locked This topic is locked
4 replies to this topic

#1 Halara


  • Members
  • 3 posts
  • Local time:02:12 PM

Posted 18 July 2007 - 07:36 AM

Last night I had a pop up telling me that Trend Micro Anti Virus had updated and was in need of a reboot. So I ran the reboot before heading off for the night. Now this morning I've found that the run and reboot options are gone from my start menu. As well, Trend is not loading after the reboot and if I try to access the registry I'm told it's been disabled by the administrator.

I found your site after running hijack this. Here is the log it created, any help would be greatly appreciated! Thanks in advance...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:31:44 AM, on 7/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6061004
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6061004
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O4 - HKLM\..\Run: [ehTray] -C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [IAAnotif] -C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [DMXLauncher] -C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [pccguide.exe] -"C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] -"C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] -"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [EPSON Stylus CX4600 Series] -C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P26 "EPSON Stylus CX4600 Series" /O6 "USB002" /M "Stylus CX4600"
O4 - HKLM\..\Run: [SunJavaUpdateSched] -"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] -RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] -RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] -nwiz.exe /install
O4 - HKLM\..\Run: [SigmatelSysTrayApp] -stsystra.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] -"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] -"C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] -"C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [OE_OEM] -"C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Start WingMan Profiler] -"C:\Program Files\Logitech\Profiler\lwemon.exe" /noui
O4 - HKCU\..\Run: [igndlm.exe] -C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [updateMgr] -"C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NETGEAR WG311T Wireless Assistant.lnk = C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\..\{F7E4493E-1CC8-486E-898C-022F472C5A93}: NameServer =
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Unknown owner - -"C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe" (file missing)
O23 - Service: Intel® Quick Resume technology (ELService) - Unknown owner - -C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe (file missing)
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Unknown owner - -C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - -"C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" (file missing)
O23 - Service: iPod Service - Unknown owner - -"C:\Program Files\iPod\bin\iPodService.exe" (file missing)
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: Machine Debug Manager (MDM) - Unknown owner - -"C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE" (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Unknown owner - -C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - -C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (file missing)
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Unknown owner - -C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe (file missing)
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Unknown owner - -C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe (file missing)
O23 - Service: Trend Micro Proxy Service (tmproxy) - Unknown owner - -C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe (file missing)
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - -"C:\Program Files\Windows Media Player\WMPNetwk.exe" (file missing)

End of file - 7974 bytes

BC AdBot (Login to Remove)



#2 Halara

  • Topic Starter

  • Members
  • 3 posts
  • Local time:02:12 PM

Posted 18 July 2007 - 09:27 AM

I know we're not supposed to bump the topic, I just thought of a few extra bits of information I forgot to add originally that might be helpful.

1. I don't know what type of infection is going on. I saw the comment saying I should say the type of infection but I never got an indication of what that is.

2. When I Ctrl-Alt-Del I'm told that the task manager rights were removed by the administrator.

I'll be running home over the lunch hour to run a sysclean on the box hoping to weed out any virus' while in safe mode.

Sorry for the second post, just thought the more information for you guys the better. Thanks again, I appreciate the great service ya'll provide for those of us that don't have a clue :thumbsup:

#3 Halara

  • Topic Starter

  • Members
  • 3 posts
  • Local time:02:12 PM

Posted 18 July 2007 - 10:40 AM

By now you probably realize that I'm new to Bleeping Computer. I just read the post on on the prep work before posting a log. I have not been through any of the steps yet, so I will do that and post back to this thread with the results. Sorry to have posted early before going through the various prereqs.

#4 amateur


    Malware Fighter

  • Malware Response Team
  • 2,775 posts
  • Gender:Female
  • Local time:02:12 PM

Posted 01 August 2007 - 06:01 AM

Hello and welcome to BC.

Sorry for the delay in response. Please post a fresh HijackThis log if you still need help and I'll be happy to assist you.

#5 amateur


    Malware Fighter

  • Malware Response Team
  • 2,775 posts
  • Gender:Female
  • Local time:02:12 PM

Posted 05 August 2007 - 01:53 PM

Due to lack of response, this thread will now be closed. If you need this topic reopened, please PM me with the address of the thread.and we will reopen it for you. This applies only to the original topic starter. Everyone else please begin a New Topic.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users