Bullguard Antivirus Forum Download A Free Copy Of Bullguard Antivirus Software
Free Antivirus Forum - Learn about antivirus, firewalls and personal security Free Antivirus Forum - Learn about antivirus, firewalls and personal security
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
Combo Fix & Hijackthis
   
BullGuard Antivirus Forum > General Security > Spyware > Combo Fix & Hijackthis  
Forum Quick Jump
 
New Topic Post reply to : Combo Fix & Hijackthis Printable version of : Combo Fix & Hijackthis
[ << Previous Thread | Next Thread >> ]

Mosca
New Member


Date Joined Apr 2008
Total Posts : 1
  		   Posted 4-2-2008 7:09 (GMT +2)    Quote: Combo Fix & HijackthisAlert an admin about: Combo Fix & Hijackthis
Hello,
 
I wanted to know how to read this both ComboFix and Hijackthis log.  I attempted to remove spyware/virus with Ad-aware, but no success.  Your assistance and knowledge are VERY appreciated.  Here are both outputs:
 
COMBOFIX output:
 
ComboFix 08-04-01.2 - casa 2008-04-01 21:47:17.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.2489 [GMT -7:00]
Running from: C:\Documents and Settings\casa\Local Settings\Temporary Internet Files\Content.IE5\AP3KLWZM\ComboFix[1].exe
 * Resident AV is active

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\braviax.exe
.
(((((((((((((((((((((((((   Files Created from 2008-03-02 to 2008-04-02  )))))))))))))))))))))))))))))))
.
2008-03-29 16:02 . 2008-04-01 21:31 <DIR> d-------- C:\Program Files\Winamp Toolbar
2008-03-29 16:02 . 2008-03-29 16:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Winamp Toolbar
2008-03-29 14:59 . 2008-03-29 14:59 <DIR> d-------- C:\Program Files\DVD Shrink
2008-03-29 14:59 . 2008-03-29 15:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-03-29 14:56 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-03-28 23:24 . 2008-03-28 23:24 <DIR> d-------- C:\Program Files\Crack
2008-03-28 22:50 . 2008-03-28 22:50 <DIR> d-------- C:\Program Files\Common Files\supportsoft
2008-03-28 22:50 . 2007-07-30 14:44 3,518,464 --a------ C:\WINDOWS\system32\cdintf300.dll
2008-03-28 22:50 . 2007-06-28 14:09 1,843,200 --a------ C:\WINDOWS\system32\acXMLParser.dll
2008-03-28 22:48 . 2008-03-28 23:44 <DIR> d-------- C:\Program Files\Intuit
2008-03-28 22:46 . 2008-03-28 22:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\COMMON FILES
2008-03-28 22:33 . 2008-03-28 22:33 <DIR> d-------- C:\Program Files\Common Files\SWF Studio
2008-03-26 23:18 . 2008-03-26 23:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ACT
2008-03-26 23:16 . 2008-03-26 23:16 848 --ahs---- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
2008-03-26 23:16 . 2008-03-26 23:16 88 -r-hs---- C:\Documents and Settings\All Users\Application Data\CA478D5442.sys
2008-03-26 23:15 . 2008-03-26 23:15 <DIR> d-------- C:\Documents and Settings\casa\Application Data\IsolatedStorage
2008-03-26 23:15 . 2003-08-28 14:08 536,576 --a------ C:\WINDOWS\system32\msvcr70d.dll
2008-03-26 23:15 . 2007-10-23 21:07 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
2008-03-26 23:15 . 2003-08-28 14:06 94,208 --a------ C:\WINDOWS\system32\msvci70d.dll
2008-03-26 23:14 . 2008-03-26 23:14 <DIR> d-------- C:\Program Files\Common Files\Protexis
2008-03-26 23:10 . 2008-03-26 23:10 <DIR> d-------- C:\Documents and Settings\casa\Application Data\ACT
2008-03-26 23:09 . 2008-03-26 23:11 <DIR> d-------- C:\Program Files\Microsoft SQL Server
2008-03-26 23:09 . 2008-03-26 23:09 <DIR> d-------- C:\Program Files\ACT
2008-03-26 07:06 . 2008-03-26 07:06 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-03-26 07:04 . 2008-03-26 07:04 118 --a------ C:\WINDOWS\system32\MRT.INI
2008-03-25 22:26 . 2008-03-25 22:26 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-03-25 20:55 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-03-25 20:55 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-03-25 20:55 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-03-25 20:55 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-03-24 22:52 . 2008-03-24 22:52 <DIR> d-------- C:\Program Files\Lavasoft
2008-03-24 22:52 . 2008-03-24 22:52 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-24 22:52 . 2008-03-24 22:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-24 22:49 . 2008-04-01 21:47 <DIR> d-------- C:\quarantine
2008-03-24 22:48 . 2008-03-24 22:48 59,904 --a------ C:\fvsyct.exe
2008-03-24 22:48 . 2008-03-24 22:48 58,368 --a------ C:\axmfr.exe
2008-03-24 22:48 . 2008-03-24 22:48 15,872 --a------ C:\tfgpk.exe
2008-03-24 22:30 . 2008-03-24 22:30 <DIR> d-------- C:\WINDOWS\Sun
2008-03-24 21:30 . 2008-03-24 21:30 <DIR> d-------- C:\Program Files\Microsoft Virtual PC
2008-03-20 06:40 . 2008-03-26 23:28 <DIR> d-------- C:\Program Files\RinjaniSoft
2008-03-20 06:40 . 2008-03-20 06:40 1,162,240 --a------ C:\WINDOWS\rapidui.exe
2008-03-19 23:08 . 2008-03-19 23:19 <DIR> d-------- C:\Documents and Settings\casa\Application Data\Intuit
2008-03-19 23:07 . 2008-03-31 21:12 <DIR> d-------- C:\Program Files\TurboTax
2008-03-19 23:07 . 2008-03-28 22:49 <DIR> d-------- C:\Program Files\Common Files\Intuit
2008-03-19 23:07 . 2008-03-28 23:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Intuit
2008-03-19 23:07 . 2007-11-09 13:51 1,721,712 --------- C:\WINDOWS\system32\InetClnt.dll
2008-03-18 22:19 . 2008-03-18 22:19 <DIR> d-------- C:\Program Files\QuickPar
2008-03-16 20:59 . 2008-03-16 20:59 <DIR> d-------- C:\Documents and Settings\casa\Application Data\Ahead
2008-03-16 20:45 . 2008-03-29 15:39 116 --a------ C:\WINDOWS\NeroDigital.ini
2008-03-16 20:40 . 2004-10-11 00:23 2,277,376 --------- C:\WINDOWS\UNNMP.exe
2008-03-16 20:40 . 2004-12-09 02:56 47,645 --------- C:\WINDOWS\UNNMP.cfg
2008-03-16 20:39 . 2001-07-09 10:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-03-16 20:36 . 2004-12-01 06:57 2,465,792 --------- C:\WINDOWS\UNNeroVision.exe
2008-03-16 20:36 . 2004-12-09 02:56 137,588 --------- C:\WINDOWS\UNNeroVision.cfg
2008-03-16 20:36 . 2001-03-08 18:30 24,064 --------- C:\WINDOWS\system32\msxml3a.dll
2008-03-16 20:35 . 2008-03-16 20:38 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-03-16 20:35 . 2008-03-16 20:40 <DIR> d-------- C:\Program Files\Ahead
2008-03-16 20:35 . 2008-03-16 20:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2008-03-16 20:35 . 2004-07-26 16:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2008-03-16 20:35 . 2004-07-26 16:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2008-03-16 20:35 . 2004-07-26 16:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2008-03-16 20:35 . 2004-07-09 08:43 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2008-03-16 20:35 . 2004-07-26 16:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2008-03-16 20:35 . 2000-06-26 10:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2008-03-16 20:35 . 2001-06-26 07:15 38,912 --------- C:\WINDOWS\system32\picn20.dll
2008-03-15 10:14 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-03-15 10:14 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-03-13 22:37 . 2008-03-13 22:37 <DIR> d-------- C:\Program Files\Giganews Accelerator
2008-03-13 20:52 . 2008-03-13 21:34 <DIR> d-------- C:\Program Files\NewsBin
2008-03-13 20:52 . 2008-03-31 23:06 <DIR> d-------- C:\Documents and Settings\casa\Application Data\NewsBin
2008-03-13 20:52 . 2008-03-13 20:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NewsBin
2008-03-10 22:09 . 2008-03-10 22:09 <DIR> d---s---- C:\Documents and Settings\casa\UserData
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-27 06:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-27 06:11 --------- d-----w C:\Program Files\Microsoft.NET
2008-03-11 05:06 --------- d-----w C:\Program Files\FileNET
2008-03-11 05:04 --------- d-----w C:\Program Files\CCapps
2008-03-11 05:03 --------- d-----w C:\Program Files\UHTDATA
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2006-10-06 20:13 114688]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2006-10-06 20:10 94208]
"PMX Daemon"="ICO.EXE" [2006-11-08 16:01 49152 C:\WINDOWS\system32\ico.exe]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 11:07 843776]
"AClntUsr"="C:\Program Files\Altiris\AClient\AClntUsr.EXE" [2008-04-01 21:29 180224]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2005-09-27 03:06 139320]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-09-22 07:00 94208]
"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 08:48 147514]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"braviax"="C:\WINDOWS\system32\braviax.exe" [ ]
"Act.Outlook.Service"="C:\Program Files\ACT\Act for Windows\Act.Outlook.Service.exe" [2007-10-23 20:55 9728]
"Act! Preloader"="C:\Program Files\ACT\Act for Windows\ActSage.exe" [2007-10-23 21:13 393216]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [ ]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Giganews Accelerator.lnk - C:\Program Files\Giganews Accelerator\GiganewsAccelerator.exe [2007-12-18 08:49:40 757760]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-09-11 08:38:44 972064]
QuickBooks Web Connector.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBWebConnector\QBWebConnector.exe [2007-09-10 14:45:42 288032]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-02-09 11:13:10 106560]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1113471798-4009987756-1516591974-1412\Scripts\Logon\[u]0[/u]\[u]0[/u]]
"Script"=\\rxsol.PHS.COM\SysVol\rxsol.phs.com\scripts\CMUsers.VBS
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1113471798-4009987756-1516591974-3178\Scripts\Logon\[u]0[/u]\[u]0[/u]]
"Script"=\\rxsol.PHS.COM\SysVol\rxsol.phs.com\scripts\CMUsers.VBS
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Intuit\\QuickBooks Enterprise Solutions 8.0\\QBDBMgrN.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R2 MSSQL$ACT7;SQL Server (ACT7);"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sACT7 []
R2 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 05:29]
S2 ACT! Scheduler;ACT! Scheduler;"C:\Program Files\ACT\Act for Windows\Act.Scheduler.exe" [2007-10-23 21:00]
S3 pmxmouse;PMXMOUSE;C:\WINDOWS\system32\DRIVERS\pmxmouse.sys [2006-04-24 11:57]
S3 pmxusblf;PMXUSBLF;C:\WINDOWS\system32\DRIVERS\pmxusblf.sys [2006-04-24 11:59]
S3 qcapdrv;qcapdrv;C:\WINDOWS\system32\DRIVERS\qcapdrv.sys [2006-08-02 19:52]
Start Pending2 PSI_SVC_2;Protexis Licensing V2;c:\program files\common files\protexis\license service\psiservice_2.exe [2007-04-12 11:56]
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-01 21:48:43
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-04-01 21:49:11
ComboFix-quarantined-files.txt  2008-04-02 04:49:08
Pre-Run: 46,793,932,800 bytes free
Post-Run: 46,783,303,680 bytes free
.
2008-03-26 14:07:33 --- E O F --- 
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
=========================================================================
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
=========================================================================
 
 
Hijackthis output:
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:49:57 PM, on 4/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Altiris\AClient\AClient.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\common files\protexis\license service\psiservice_2.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Altiris\AClient\AClntUsr.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\ACT\Act for Windows\Act.Outlook.Service.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Giganews Accelerator\GiganewsAccelerator.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBWebConnector\QBWebConnector.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\casa\Local Settings\Temporary Internet Files\Content.IE5\0BBN2CT9\HiJackThis[1].exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O1 - Hosts: 161.249.115.36 rxweb
O1 - Hosts: 161.249.114.61 rxsnt01 #File server - Costa Mesa
O1 - Hosts: 161.249.118.88 rxsnt03 #File server - Costa Mesa
O1 - Hosts: 161.249.100.32 kcapp03 #File server - Overland Park
O1 - Hosts: 161.249.126.25 irvfile01 #File server - Irvine
O1 - Hosts: 149.111.16.20 cbntsp01 #File server - Carlsbad
O1 - Hosts: 161.249.118.182 cmem02 #Exchange - Costa Mesa
O1 - Hosts: 161.249.118.180 cmembh01 #Exchange - Costa Mesa Bridgehead
O1 - Hosts: 149.111.17.9 cbem01 #Exchange - Carlsbad
O1 - Hosts: 149.111.17.10 cbem02 #Exchange - Carlsbad
O1 - Hosts: 161.249.126.29 irvem02 #Exchange - Irvine
O1 - Hosts: 161.249.101.21 opkem01 #Exchange - Overland Park
O1 - Hosts: 161.249.101.23 opkem02 #Exchange - Overland Park
O1 - Hosts: 161.249.118.47 rxscosadn1 #RXSOL DC - Costa Mesa
O1 - Hosts: 161.249.118.48 rxscosadn2 #RXSOL DC - Costa Mesa
O1 - Hosts: 149.111.18.5 rxscaradn1 #RXSOL DC - Carlsbad
O1 - Hosts: 149.111.18.6 rxscaradn2 #RXSOL DC - Carlsbad
O1 - Hosts: 161.249.126.23 rxsirvadn1 #RXSOL DC - Irvine
O1 - Hosts: 161.249.101.31 rxsopkadn1 #RXSOL DC - Overland Park
O1 - Hosts: 161.249.101.32 rxsopkadn2 #RXSOL DC - Overland Park
O1 - Hosts: 161.249.118.63 cmapps03a
O1 - Hosts: 161.249.126.61 cmapps04 #Micro Strategy - Stage
O1 - Hosts: 161.249.118.85 cmapps05
O1 - Hosts: 161.249.118.49 cmapps08
O1 - Hosts: 161.249.126.65 cmapps17
O1 - Hosts: 161.249.126.66 cmapps18
O1 - Hosts: 161.249.118.124 cmapps19
O1 - Hosts: 161.249.118.84 cmapps20
O1 - Hosts: 161.249.126.62 cmapps21 #Micro Strategy - Dev
O1 - Hosts: 161.249.118.78 cmapps22
O1 - Hosts: 161.249.118.128 cmapps24
O1 - Hosts: 161.249.118.44 cmppatrol01
O1 - Hosts: 161.249.118.45 cmppatrol02
O1 - Hosts: 161.249.118.46 cmppatrol03
O1 - Hosts: 161.249.118.82 cmppatrol04
O1 - Hosts: 161.249.113.162 rxsnucbnapp1.rxipcc.phs.com rxsnucbnapp1
O1 - Hosts: 161.249.113.163 rxsnucbnvs1.rxipcc.phs.com rxsnucbnvs1
O1 - Hosts: 161.249.113.164 rxsnucbnvs2.rxipcc.phs.com rxsnucbnvs2
O1 - Hosts: 161.249.113.165 rxsnucbngw1.rxipcc.phs.com rxsnucbngw1
O1 - Hosts: 161.249.113.166 rxsnucbngwac1.rxipcc.phs.com rxsnucbngwac1
O1 - Hosts: 161.249.113.167 rxsnucbngw2.rxipcc.phs.com rxsnucbngw2
O1 - Hosts: 161.249.113.168 rxsnucbngwac2.rxipcc.phs.com rxsnucbngwac2
O1 - Hosts: 161.249.113.171 rxsnucbnvs3.rxipcc.phs.com rxsnucbnvs3
O1 - Hosts: 161.249.113.172 rxsnucbngw3.rxipcc.phs.com rxsnucbngw3
O1 - Hosts: 161.249.113.173 rxsnucbngwac3.rxipcc.phs.com rxsnucbngwac3
O1 - Hosts: 161.249.113.178 rxsnucmnapp1.rxipcc.phs.com rxsnucmnapp1
O1 - Hosts: 161.249.113.179 rxsnucmnvs1.rxipcc.phs.com rxsnucmnvs1
O1 - Hosts: 161.249.113.180 rxsnucmngw1.rxipcc.phs.com rxsnucmngw1
O1 - Hosts: 161.249.113.182 rxsnucmngw2.rxipcc.phs.com rxsnucmngw2
O1 - Hosts: 161.249.113.183 rxsnucmngwac2.rxipcc.phs.com rxsnucmngwac2
O1 - Hosts: 161.249.113.184 rxsnucmnvs2.rxipcc.phs.com rxsnucmnvs2
O1 - Hosts: 161.249.113.198 rxsnucmhapp1.rxipcc.phs.com rxsnucmhapp1
O1 - Hosts: 161.249.113.200 rxsnucmhdb1.rxipcc.phs.com rxsnucmhdb1
O1 - Hosts: 161.249.113.194 rxsnucmhdb1v.rxipcc.phs.com rxsnucmhdb1v
O1 - Hosts: 161.249.113.201 rxsnucmhdb2.rxipcc.phs.com rxsnucmhdb2
O1 - Hosts: 161.249.113.195 rxsnucmhdb2v.rxipcc.phs.com rxsnucmhdb2v
O1 - Hosts: 161.249.113.204 rxsnucmhmail1.rxipcc.phs.com rxsnucmhmail1
O1 - Hosts: 161.249.113.205 rxsnucmhrpt1.rxipcc.phs.com rxsnucmhrpt1
O1 - Hosts: 161.249.113.206 rxsnucmhspare1.rxipcc.phs.com rxsnucmhspare1
O1 - Hosts: 161.249.113.204 rxsnucmhmail1.rxipcc.phs.com rxsnucmhmail1
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [AClntUsr] C:\Program Files\Altiris\AClient\AClntUsr.EXE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe
O4 - HKLM\..\Run: [Act.Outlook.Service] "C:\Program Files\ACT\Act for Windows\Act.Outlook.Service.exe"
O4 - HKLM\..\Run: [Act! Preloader] "C:\Program Files\ACT\Act for Windows\ActSage.exe" -preload
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Giganews Accelerator.lnk = C:\Program Files\Giganews Accelerator\GiganewsAccelerator.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: QuickBooks Web Connector.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBWebConnector\QBWebConnector.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Attach Web page to ACT! contact - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra 'Tools' menuitem: Attach Web page to ACT! contact... - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {18BC0811-C645-4903-8DFF-264129A28321} (KACommControlFTC.StudentControl) - http://apsw8074/knowlagent/aps/webui/KACommControlFTC.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1170892872890
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks Enterprise Solutions 8.0\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Altiris Client Service (AClient) - Altiris, Inc. - C:\Program Files\Altiris\AClient\AClient.exe
O23 - Service: ACT! Scheduler - Sage Software, Inc. - C:\Program Files\ACT\Act for Windows\Act.Scheduler.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\program files\common files\protexis\license service\psiservice_2.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
--
End of file - 10721 bytes
 
Back to Top
 
New Topic Post reply to : Combo Fix & Hijackthis Printable version of : Combo Fix & Hijackthis
 
Forum Information
Currently it is Saturday, October 11, 2008 12:26 AM (GMT +2)
There are a total of 62.715 posts in 15.645 threads.
In the last 3 days there were 40 new threads and 108 reply posts. View Active Threads
Who's Online
This forum has 26697 registered members. Please welcome our newest member, summe.
23 Guest(s), 0 Registered Member(s) are currently online.  Details
5 Latest Threads
Computer problem (4)10-10-2008 21:56:23 (sher87)
Sony Ericsson w350i is infected with New Folder.exe virus (0)10-10-2008 19:49:00 (sreenath22)
Wholesale jordan1-23 shoes,shirt,polo,evisu,duck,ugg,gucci,coogi,coach handbag (0)10-10-2008 19:20:31 (mytrader)
Joran shoes (0)10-10-2008 19:18:09 (mytrader)
Wholesale jordan,nike,ugg,gucci,coogi,evisu,polo,duck,shoes,jeans,clothes (0)10-10-2008 19:10:36 (mytrader)


Need Support? Write to: | Forum Help Manual

Download free trial version of Bullguard