Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:34:09 PM , on 2/28/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Startup Faster\sfAgent.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\PROGRAM FILES\POP PEEPER\POPPEEPER.EXE
C:\PROGRAM FILES\MSGTAG\MSGTAG.EXE
C:\Program Files\Avant Browser\avant.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Ronnell Copeland
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\Windows\System32\TwcToolbarIe7.dll
O4 - HKLM\..\Run: [StartupFaster] "C:\Program Files\Startup Faster\startuploader.exe" -run SFAURUN SFCURUN SFAUSTARTUP SFCUSTARTUP
O4 - HKLM\..\Run: [LXCJCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCJtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\opnnm.dll,#1
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - Startup: StartupFaster
O4 - Global Startup: StartupFaster
O8 - Extra context menu item: &Create sURL - C:\Program Files\Avant Browser\Extensions\Misc\lusURL.htm
O8 - Extra context menu item: Add to Restricted sites - C:\Program Files\Avant Browser\Extensions\Misc\msZones_R.htm
O8 - Extra context menu item: Add to Trusted sites - C:\Program Files\Avant Browser\Extensions\Misc\msZones_T.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Copy as HTML - C:\Program Files\Avant Browser\Extensions\Misc\msCopyAsHTML.htm
O8 - Extra context menu item: Copy Image URL - C:\Program Files\Avant Browser\Extensions\Misc\msCopyImageURL.htm
O8 - Extra context menu item: Create sURL - C:\Program Files\Avant Browser\Extensions\Misc\lusURL_text.htm
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Dictionary Lookup - C:\Program Files\Avant Browser\Extensions\Lookup\luDictionary.htm
O8 - Extra context menu item: Dissect Selected Link - C:\Program Files\Avant Browser\Extensions\Misc\msDissect.html
O8 - Extra context menu item: Dissect Selected Text - C:\Program Files\Avant Browser\Extensions\Misc\luDissect_text.htm
O8 - Extra context menu item: Dissect this page - C:\Program Files\Avant Browser\Extensions\Misc\luDissect.htm
O8 - Extra context menu item: Dogpile Lookup - C:\Program Files\Avant Browser\Extensions\Lookup\luDogpile.htm
O8 - Extra context menu item: Encarta Lookup - C:\Program Files\Avant Browser\Extensions\Lookup\luEncarta.htm
O8 - Extra context menu item: Exalead (Beta) Lookup - C:\Program Files\Avant Browser\Extensions\Lookup\luExalead.htm
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Get The Referer! - C:\Program Files\Avant Browser\Extensions\Misc\Get The Referer!.url
O8 - Extra context menu item: Google Lookup - C:\Program Files\Avant Browser\Extensions\Lookup\luGoogle.htm
O8 - Extra context menu item: Hyperdictionary Lookup - C:\Program Files\Avant Browser\Extensions\Lookup\luHyperdictionary.htm
O8 - Extra context menu item: Info Lookup - C:\Program Files\Avant Browser\Extensions\Lookup\luInfo.htm
O8 - Extra context menu item: Is this domain HOST'ed? - C:\Program Files\Avant Browser\Extensions\Lookup\luHPHO.htm
O8 - Extra context menu item: Is this link HOST'ed? - C:\Program Files\Avant Browser\Extensions\Lookup\luHPHO_link.htm
O8 - Extra context menu item: Is this site HOST'ed? - C:\Program Files\Avant Browser\Extensions\Lookup\luHPHO_text.htm
O8 - Extra context menu item: Lookup link on SiteAdvisor - C:\Program Files\Avant Browser\Extensions\Lookup\luSA_link.htm
O8 - Extra context menu item: Lookup site on SiteAdvisor - C:\Program Files\Avant Browser\Extensions\Lookup\luSA_text.htm
O8 - Extra context menu item: Merriam-Webster Lookup - C:\Program Files\Avant Browser\Extensions\Lookup\luMWeb.htm
O8 - Extra context menu item: Microsoft Lookup - C:\Program Files\Avant Browser\Extensions\Lookup\luMicrosoft.htm
O8 - Extra context menu item: MSN Lookup - C:\Program Files\Avant Browser\Extensions\Lookup\luMSN.htm
O8 - Extra context menu item: MultiSearch - C:\Program Files\Avant Browser\Extensions\Lookup\MultiSearch.htm
O8 - Extra context menu item: Open frame in new window - C:\Program Files\Avant Browser\Extensions\Misc\msBOOF.htm
O8 - Extra context menu item: Open URL - C:\Program Files\Avant Browser\Extensions\Misc\OpenURL.htm
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Save Open Browser Windows - C:\Program Files\Avant Browser\Extensions\Misc\mSaveOpenWindows.htm
O8 - Extra context menu item: Search AB Forums - C:\Program Files\Avant Browser\Extensions\Lookup\luABF.htm
O8 - Extra context menu item: Send To Notepad - C:\Program Files\Avant Browser\Extensions\Misc\SendToNotepad.htm
O8 - Extra context menu item: SiteAdvisor Lookup - C:\Program Files\Avant Browser\Extensions\Lookup\luSA.htm
O8 - Extra context menu item: TagJag (Gada) Lookup - C:\Program Files\Avant Browser\Extensions\Lookup\luGada.htm
O8 - Extra context menu item: Translate page with Babelfish - C:\Program Files\Avant Browser\Extensions\Translators\tBFish.htm
O8 - Extra context menu item: Translate selected text with Babelfish - C:\Program Files\Avant Browser\Extensions\Translators\tBFish_text.htm
O8 - Extra context menu item: Translate selected text with Google - C:\Program Files\Avant Browser\Extensions\Translators\tGoogle_text.htm
O8 - Extra context menu item: Translate URL with Babelfish - C:\Program Files\Avant Browser\Extensions\Translators\tBFish_URL.htm
O8 - Extra context menu item: Translate URL with Google - C:\Program Files\Avant Browser\Extensions\Translators\tGoogle_URL.htm
O8 - Extra context menu item: Translate with Google - C:\Program Files\Avant Browser\Extensions\Translators\tGoogle.htm
O8 - Extra context menu item: Verify Webpage Location - C:\Program Files\Avant Browser\Extensions\Misc\Verify Webpage Location.url
O8 - Extra context menu item: Wikipedia Lookup - C:\Program Files\Avant Browser\Extensions\Lookup\luWikipedia.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra 'Tools' menuitem: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - http://h20270.www2.h...ctDetection.cab
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds...ransferCtrl.cab
O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: lxcj_device - - C:\Windows\system32\lxcjcoms.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
--
End of file - 12205 bytes