Trend Micro Unauthorized Change Detected
On
- Trend Micro Worry Free Unauthorized Change Detected
- Trend Micro Unauthorized Change Detected Windows 10
Issue: The Trend Micro Unauthorized Change Prevention Service uses up a large amount of CPU resources. Solution: This hotfix updates the Behavior Monitoring module to resolve the issue. Hotfix 1721 (JIRA 12552) Issue: The OfficeScan manual scan exclusion feature may not work properly while the suspected malware process is still running. Apr 18, 2018 - 'An unauthorized change was made to your license.' Trend Micro PC-cillin Internet Security (versions earlier than 14.56); Trend Micro.
Hi there!I'm trying to help a friend with her computer. Therefore, I didn't install the DDS application on my machine. I hope this doesn't present a problem in getting assistance for her.
While helping her, I had her download Malwarebytes, since all of the hits on google seemed to suggest this tool for removal. The problem she's encountering is that the program won't even install for her. She's scanned her machine with TrendMicro, yet, can't get the program to update, due to the virus. I'm attaching her hijackthis log for analysis.
Thank you in advance for your time.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:32:06 PM, on 3/22/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:Windowssystem32taskeng.exe
C:Windowssystem32Dwm.exe
C:WindowsExplorer.EXE
C:Program FilesTrend MicroInternet SecurityUfSeAgnt.exe
C:Program FilesWindows Media Playerwmpnscfg.exe
C:Program FilesSynapticsSynTPSynTPEnh.exe
C:WindowsWindowsMobilewmdc.exe
Trend Micro Worry Free Unauthorized Change Detected
C:WindowsSystem32WLTRAY.EXE
C:Program FilesTrend MicroInternet SecurityTMAS_OETMAS_OEMon.exe
C:Program FilesDellMediaDirectPCMService.exe
C:Program FilesiTunesiTunesHelper.exe
C:Windowsehomeehtray.exe
C:Program FilesWindows LiveMessengermsnmsgr.exe
C:Program FilesAWSWeatherBugWeather.exe
C:Program FilesDigital Line DetectDLG.exe
C:Program FilesATI TechnologiesATI.ACECore-StaticMOM.EXE
C:Program FilesTrend MicroTrendSecureTSCFCommander.exe
C:Windowsehomeehmsas.exe
C:Program FilesATI TechnologiesATI.ACECore-StaticCCC.exe
C:Program FilesTrend MicroHijackThisHijackThis.exe
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page =
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Internet Explorer provided by Dell
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = actsvr.comcast:8100
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 - BHO: Trend Micro Toolbar BHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:Program FilesTrend MicroTrendSecureTISProToolbarTSToolbar.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:PROGRA~1COMCAS~1COMCAS~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:Program FilesJavajre1.6.0binssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:Program FilesWindows Live Toolbarmsntb.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:Program FilesDellBAEBAE.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:Program FilesWindows Live Toolbarmsntb.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:PROGRA~1COMCAS~1COMCAS~1.DLL
O3 - Toolbar: Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:Program FilesTrend MicroTrendSecureTISProToolbarTSToolbar.dll
O4 - HKLM..Run: [Windows Defender] %ProgramFiles%Windows DefenderMSASCui.exe -hide
O4 - HKLM..Run: [ECenter] C:DellE-CenterEULALauncher.exe
O4 - HKLM..Run: [SynTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe
O4 - HKLM..Run: [Windows Mobile Device Center] %windir%WindowsMobilewmdc.exe
O4 - HKLM..Run: [StartCCC] C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe
O4 - HKLM..Run: [Broadcom Wireless Manager UI] C:Windowssystem32WLTRAY.exe
O4 - HKLM..Run: [ISUSScheduler] 'C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe' -start
O4 - HKLM..Run: [PCMService] 'C:Program FilesDellMediaDirectPCMService.exe'
O4 - HKLM..Run: [dscactivate] C:Program FilesDell Support Centergs_agentcustomdsca.exe
O4 - HKLM..Run: [iolo Startup] 'C:Program FilesioloCommonLibioloLManager.exe'
O4 - HKLM..Run: [AppleSyncNotifier] C:Program FilesCommon FilesAppleMobile Device SupportbinAppleSyncNotifier.exe
O4 - HKLM..Run: [iTunesHelper] 'C:Program FilesiTunesiTunesHelper.exe'
O4 - HKLM..Run: [UfSeAgnt.exe] 'C:Program FilesTrend MicroInternet SecurityUfSeAgnt.exe'
O4 - HKCU..Run: [ehTray.exe] C:WindowsehomeehTray.exe
O4 - HKCU..Run: [MsnMsgr] 'C:Program FilesWindows LiveMessengerMsnMsgr.Exe' /background
O4 - HKCU..Run: [Weather] C:Program FilesAWSWeatherBugWeather.exe 1
O4 - HKCU..Run: [OE] C:Program FilesTrend MicroInternet SecurityTMAS_OETMAS_OEMon.exe
O4 - HKCU..Run: [WMPNSCFG] C:Program FilesWindows Media PlayerWMPNSCFG.exe
O4 - HKUSS-1-5-19..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUSS-1-5-19..Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
Trend Micro Unauthorized Change Detected Windows 10
O4 - HKUSS-1-5-19..Run: [OE] C:Program FilesTrend MicroInternet SecurityTMAS_OETMAS_OEMon.exe (User 'LOCAL SERVICE')
O4 - HKUSS-1-5-20..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUSS-1-5-18..Run: [msnmsgr] 'C:Program FilesWindows LiveMessengermsnmsgr.exe' /background (User 'SYSTEM')
O4 - HKUS.DEFAULT..Run: [msnmsgr] 'C:Program FilesWindows LiveMessengermsnmsgr.exe' /background (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:Program FilesMicrosoft OfficeOffice12ONENOTEM.EXE
O4 - Global Startup: Digital Line Detect.lnk = C:Program FilesDigital Line DetectDLG.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:Program FilesJavajre1.6.0binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:Program FilesJavajre1.6.0binssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~3Office12ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~3Office12ONBttnIE.dll
O9 - Extra button: @C:WindowsWindowsMobileINetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:WindowsWindowsMobileINetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:WindowsWindowsMobileINetRepl.dll
O9 - Extra 'Tools' menuitem: @C:WindowsWindowsMobileINetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:WindowsWindowsMobileINetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~3Office12REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Little%20Shop%20-%20Memories/Images/stg_drm.ocx
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://ak.imgag.com/imgag/cp/install/Crusher.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Mystery%20Stories%20-%20Island%20of%20Hope/Images/armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
O17 - HKLMSystemCCSServicesTcpip..{F81936B3-BFD0-4713-81E1-B19B2F7B8A45}: NameServer = 85.255.112.61,85.255.112.172
O17 - HKLMSystemCCSServicesTcpip..{FFEECAD9-DC1E-4E98-9152-5684ED79B3A4}: NameServer = 85.255.112.61,85.255.112.172
O17 - HKLMSystemCS1ServicesTcpipParameters: NameServer = 85.255.112.61,85.255.112.172
O17 - HKLMSystemCCSServicesTcpipParameters: NameServer = 85.255.112.61,85.255.112.172
O18 - Protocol: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:Program FilesTrend MicroTrendSecureTISProToolbarTSToolbar.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:Windowssystem32aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:Windowssystem32Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:Program FilesBonjourmDNSResponder.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:Program FilesWildGamesGame Console - WildGamesGameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver1050Intel 32IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:Program FilesiolocommonlibioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:Program FilesiolocommonlibioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:Program FilesCommon FilesRoxio Shared9.0SharedCOMRoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:Program FilesCommon FilesRoxio Shared9.0SharedCOMRoxWatch9.exe
O23 - Service: Security Activity Dashboard Service - Trend Micro Inc. - C:Program FilesTrend MicroTrendSecureSecurityActivityDashboardtmarsvc.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:Program FilesTrend MicroInternet SecuritySfCtlCom.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:Windowssystem32STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:Program FilesCommon FilesSureThing Sharedstllssvr.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:Program FilesTrend MicroBMTMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:Program FilesTrend MicroInternet SecurityTmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:Program FilesTrend MicroInternet SecurityTmProxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:Program FilesViewpointCommonViewpointService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:WindowsSystem32WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:Windowssystem32DRIVERSxaudio.exe
--
End of file - 11641 bytes