Need Some One To Analyze My Hijackthis-note Pad

kevinandjordan
kevinandjordan
in Malware talk

I have been keeping up and trying to follow along with others who have the adware pop ups eac time the visit any site or open IE. Would some one mind looking at the data from hijackthis for me. thank you


Logfile of Trend Micro HijackThis v2.0.2


Scan saved at 12:48:28 AM, on 12/29/2007


Platform: Windows XP SP2 (WinNT 5.01.2600)


MSIE: Internet Explorer v7.00 (7.00.6000.16574)


Boot mode: Normal


Running processes:


C:\WINDOWS\System32\smss.exe


C:\WINDOWS\system32\winlogon.exe


C:\WINDOWS\system32\services.exe


C:\WINDOWS\system32\lsass.exe


C:\WINDOWS\system32\svchost.exe


C:\Program Files\AdwareAlert\AdwareAlertSrv.srv.exe


C:\WINDOWS\System32\svchost.exe


C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe


C:\WINDOWS\system32\brsvc01a.exe


C:\WINDOWS\system32\brss01a.exe


C:\WINDOWS\system32\spoolsv.exe


C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe


C:\WINDOWS\system32\DVDRAMSV.exe


C:\Program Files\Intel\Wireless\Bin\EvtEng.exe


C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe


C:\WINDOWS\System32\svchost.exe


C:\WINDOWS\System32\svchost.exe


C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


C:\WINDOWS\system32\svchost.exe


C:\WINDOWS\system32\Tablet.exe


C:\WINDOWS\System32\svchost.exe


C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe


C:\WINDOWS\SYSTEM32\WISPTIS.EXE


C:\WINDOWS\System32\tabbtnu.exe


C:\WINDOWS\Explorer.EXE


C:\WINDOWS\system32\ctfmon.exe


C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe


C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe


C:\Program Files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe


C:\WINDOWS\system32\igfxtray.exe


C:\WINDOWS\system32\hkcmd.exe


C:\WINDOWS\system32\igfxpers.exe


C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe


C:\Program Files\HP\HP Software Update\HPWuSchd2.exe


C:\Program Files\QuickTime\qttask.exe


C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe


C:\Program Files\Visioneer OneTouch\OneTouchMon.exe


C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe


C:\Program Files\TomTom HOME 2\HOMERunner.exe


C:\Program Files\Brother\ControlCenter3\brccMCtl.exe


C:\Program Files\Uniblue\RegistryBooster2\RegistryBooster.exe


C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe


C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe


C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe


C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe


C:\Program Files\Internet Explorer\iexplore.exe


C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe


C:\WINDOWS\system32\igfxsrvc.exe


C:\WINDOWS\system32\taskmgr.exe


C:\WINDOWS\system32\wuauclt.exe


C:\Program Files\Trend Micro\HijackThis\HijackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896


R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157


R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =


R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =


O2 - BHO: (no name) - MRI_DISABLED - (no file)


O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)


O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll


O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll


O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)


O4 - HKLM\..\Run: [TabletWizard] C:\WINDOWS\help\SplshWrp.exe


O4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume


O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe


O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe


O4 - HKLM\..\Run: [TosRotation] "C:\Program Files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe"


O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe


O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe


O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe


O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient


O4 - HKLM\..\Run: [soundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray


O4 - HKLM\..\Run: [Notebook Maximizer] C:\Program Files\Notebook Maximizer\maximizer_startup.exe


O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe


O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe


O4 - HKLM\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler


O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime


O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot


O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe


O4 - HKLM\..\Run: [indexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe


O4 - HKLM\..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe


O4 - HKLM\..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN


O4 - HKLM\..\Run: [setDefPrt] C:\Program Files\Brother\Brmfl06b\BrStDvPt.exe


O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun


O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s


O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe


O4 - HKCU\..\Run: [uniblue Registry Booster2] C:\Program Files\Uniblue\RegistryBooster2\RegistryBooster.exe /S


O4 - HKUS\S-1-5-19\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'LOCAL SERVICE')


O4 - HKUS\S-1-5-20\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'NETWORK SERVICE')


O4 - HKUS\S-1-5-18\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'SYSTEM')


O4 - HKUS\.DEFAULT\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'Default user')


O4 - Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe


O4 - Global Startup: MRI_DISABLED


O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll


O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll


O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL


O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll


O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe


O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe


O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe


O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe


O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart


O23 - Service: AdwareAlert Scanning Engine (AdwareAlertSrv) - Unknown owner - C:\Program Files\AdwareAlert\AdwareAlertSrv.srv.exe


O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe


O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe


O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe


O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe


O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe


O24 - Desktop Component 0: (no name) - http://www.aircombatusa.com/images/transparent2.gif


--


End of file - 8286 bytes

Comments

  • farbar
    farbar

    Hi kevjor01,


    I see nobody has replied to your post yet. I am not sure if you are still checking this thread. At the first glance I see no suspicious items on your HJT log. There are some miner things, a few items to remove, a very long list of startup items which makes the boot time (unnecessarily) long, and a security risk with older versions of JRT on your system, but no infection. If you have reoccurring pop-up issue, or you wanted a close look at HJT post back. I would be glad to assist you.

  • farbar
    farbar
    Hi kevjor01,


    ... and a security risk with older versions of JRT ...


    Sorry I meant JRE. That is definitely a security issue to be taken seriously.

All Time Leaders

Categories

Defenders of the month - March