possible iexplore.exe virus….
I think I may have this "iexplore.exe" virus….
Well anyways here’s my HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:02:25 AM, on 12/3/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\WINDOWS\system32\taskmagr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Symantec AntiVirus\SmcGui.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/enterprise/s…onse/index.jsp
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/enterprise/s…onse/index.jsp
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O1 – Hosts: 216.107.250.194 nprotect.lineage2.com
O1 – Hosts: 69.16.243.105 l2testauthd.lineage2.com
O1 – Hosts: 69.16.243.105 L2authd.lineage2.com
O1 – Hosts: 69.16.243.105 l2auth.lineage2.ph
O2 – BHO: Adobe PDF Reader Link Helper – {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} – C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 – BHO: Ask Search Assistant BHO – {0A94B111-4504-4e26-AB05-E61E474AA38B} – C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 – BHO: flashget urlcatch – {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} – C:\PROGRA~1\FlashGet\jccatch.dll
O2 – BHO: Java(tm) Plug-In SSV Helper – {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} – C:\Program Files\Java\jre6\bin\ssv.dll
O2 – BHO: Java(tm) Plug-In 2 SSV Helper – {DBC80044-A445-435b-BC74-9C25C1C588A9} – C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 – BHO: JQSIEStartDetectorImpl – {E7E6F031-17CE-4C07-BC86-EABFE594F69C} – C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 – BHO: ZoneAlarm Spy Blocker BHO – {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} – C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O2 – BHO: FlashGet GetFlash Class – {F156768E-81EF-470C-9057-481BA8380DBA} – C:\Program Files\FlashGet\getflash.dll
O2 – BHO: Ask Toolbar BHO – {F4D76F01-7896-458a-890F-E1F05C46069F} – C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 – Toolbar: Ask Toolbar – {F4D76F09-7896-458a-890F-E1F05C46069F} – C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 – Toolbar: Easy-WebPrint – {327C2873-E90D-4c37-AA9D-10AC9BABA46C} – C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 – Toolbar: ZoneAlarm Spy Blocker – {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} – C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 – HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 – HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 – HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 – HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 – HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 – HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 – HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 – HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 – HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 – HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 – HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 – HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 – HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 – HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 – HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 – HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User ‘SYSTEM’)
O4 – HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User ‘Default user’)
O4 – Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O8 – Extra context menu item: &Download All with FlashGet – C:\PROGRA~1\FlashGet\jc_all.htm
O8 – Extra context menu item: &Download with FlashGet – C:\PROGRA~1\FlashGet\jc_link.htm
O9 – Extra button: Research – {92780B25-18CC-41C8-B9BE-3C9C571A8263} – C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 – Extra button: AIM – {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} – C:\Program Files\AIM\aim.exe
O9 – Extra button: FlashGet – {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} – C:\Program Files\FlashGet\FlashGet.exe
O9 – Extra ‘Tools’ menuitem: FlashGet – {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} – C:\Program Files\FlashGet\FlashGet.exe
O9 – Extra button: (no name) – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 – Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 – Extra button: Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra ‘Tools’ menuitem: Windows Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O16 – DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) – http://upload.facebook.com/controls/…oUploader3.cab
O16 – DPF: {C190FF32-96D0-445F-9F60-5CF288FD3D0F} (ActiveFormX Control) – https://register.resnet.stonybrook.edu/CAT/CNICAT.cab
O16 – DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) – http://fpdownload2.macromedia.com/ge…sh/swflash.cab
O23 – Service: Lavasoft Ad-Aware Service (aawservice) – Lavasoft – C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 – Service: Apple Mobile Device – Apple, Inc. – C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 – Service: Bonjour Service – Apple Inc. – C:\Program Files\Bonjour\mDNSResponder.exe
O23 – Service: Symantec Event Manager (ccEvtMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 – Service: Symantec Settings Manager (ccSetMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 – Service: hpqwmiex – Hewlett-Packard Development Company, L.P. – C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 – Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) – Intel Corporation – C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 – Service: InstallDriver Table Manager (IDriverT) – Unknown owner – C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
O23 – Service: iPod Service – Apple Inc. – C:\Program Files\iPod\bin\iPodService.exe
O23 – Service: Java Quick Starter (JavaQuickStarterService) – Sun Microsystems, Inc. – C:\Program Files\Java\jre6\bin\jqs.exe
O23 – Service: LiveUpdate – Symantec Corporation – C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 – Service: Pml Driver HPZ12 – HP – C:\WINDOWS\system32\HPZipm12.exe
O23 – Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) – CACE Technologies – C:\Program Files\WinPcap\rpcapd.exe
O23 – Service: Symantec Management Client (SmcService) – Symantec Corporation – C:\Program Files\Symantec AntiVirus\Smc.exe
O23 – Service: Symantec Network Access Control (SNAC) – Symantec Corporation – C:\Program Files\Symantec AntiVirus\SNAC.EXE
O23 – Service: Symantec Endpoint Protection (Symantec AntiVirus) – Symantec Corporation – C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 – Service: TrueVector Internet Monitor (vsmon) – Zone Labs, LLC – C:\WINDOWS\system32\ZoneLabs\vsmon.exe
–
End of file – 10065 bytes
Any help is appreciated thanks!