Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

SIXA DIALER


  • Please log in to reply
1 reply to this topic

#1 arpod

arpod

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:39 PM

Posted 11 August 2005 - 07:53 PM

recently i have gotten a dialer named sixa which disconnects my dsl connection and tries to connect to sixa, then my dsl connection disconnects. It does this everytime i try to run my dsl connection.

Ive searched google and read around and see a lot of ppl having the sixa problem. So here is my hijackthis log file. Please help!!



Logfile of HijackThis v1.99.1
Scan saved at 8:50:49 PM, on 8/11/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\NORTON~1\Cfgwiz.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Norton Internet Security\IAMAPP.EXE
C:\WINDOWS\System32\dxdmain.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton Internet Security\SymProxySvc.exe
C:\WINDOWS\vsmom.exe
C:\Program Files\Norton Internet Security\NISSERV.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Norton Internet Security\ATRACK.EXE
C:\Documents and Settings\Nhan\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sympatico.ca/homepage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50245
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www1.sympatico.ca/
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5437D1E0-FA38-41EF-816B-D9F299E767CA} - C:\WINDOWS\System32\irdD028.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Msxml32DOMDocument Class - {6E28339B-7A2A-47B6-AEB2-46BA53782379} - C:\WINDOWS\System32\dllcache\msxml32.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [rund1132] C:\WINDOWS\System32\rund1132.exe
O4 - HKLM\..\Run: [Norton Antivirus 7.0a] C:\dns2.exe
O4 - HKLM\..\Run: [msxct] msxct.exe
O4 - HKLM\..\Run: [Microsoft Support] sys32ms.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [System CSRSS Patch] scrtkfg.exe
O4 - HKLM\..\Run: [Windows CPU host] winbog32.exe
O4 - HKLM\..\Run: [VIEW POINT DRIVERS] phqghum.EXE
O4 - HKLM\..\Run: [VID INTERNET WEB DRIVERS FOR WIN32] phqghu.exe
O4 - HKLM\..\Run: [VCXD Settings] phqg.EXE
O4 - HKLM\..\Run: [LOCAL INTERNET WEB DRIVERS FOR WIN32] phqghume.exe
O4 - HKLM\..\Run: [ibin] C:\wdns.exe
O4 - HKLM\..\Run: [Microsoft Update Loaders 2005] winusers.exe
O4 - HKLM\..\Run: [Windows AutomaticUpdater] runddls.exe
O4 - HKLM\..\Run: [Optional Web Drivers For WIN32] phqghume.exe
O4 - HKLM\..\Run: [WEB DRIVERS FOR WIN32] phqgh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [KYM Control Settings] phqghum.EXE
O4 - HKLM\..\Run: [KYK Control Settings] KYSVCXD.EXE
O4 - HKLM\..\Run: [Eupkjbk] C:\Program Files\Yiylw\Qsvnr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [NAV CfgWiz] C:\PROGRA~1\NORTON~1\Cfgwiz.exe /R
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Internet Security\IAMAPP.EXE
O4 - HKLM\..\Run: [bpqmyyc] C:\WINDOWS\System32\vmxpaw.exe r
O4 - HKLM\..\RunServices: [Microsoft Update] Wudates.exe
O4 - HKLM\..\RunServices: [System CSRSS Patch] scrtkfg.exe
O4 - HKLM\..\RunServices: [KYK Control Settings] KYSVCXD.EXE
O4 - HKLM\..\RunServices: [Veritas Patch] veritas.exe
O4 - HKLM\..\RunServices: [KYM Control Settings] phqghum.EXE
O4 - HKLM\..\RunServices: [Microsoft Support] sys32ms.exe
O4 - HKLM\..\RunServices: [VCXD Settings] phqg.EXE
O4 - HKLM\..\RunServices: [VIEW POINT DRIVERS] phqghum.EXE
O4 - HKLM\..\RunServices: [Windows CPU host] winbog32.exe
O4 - HKLM\..\RunServices: [LOCAL INTERNET WEB DRIVERS FOR WIN32] phqghume.exe
O4 - HKLM\..\RunServices: [WEB DRIVERS FOR WIN32] phqgh.exe
O4 - HKLM\..\RunServices: [VID INTERNET WEB DRIVERS FOR WIN32] phqghu.exe
O4 - HKLM\..\RunServices: [Microsoft Update Loaders 2005] winusers.exe
O4 - HKLM\..\RunServices: [Windows AutomaticUpdater] runddls.exe
O4 - HKLM\..\RunServices: [Optional Web Drivers For WIN32] phqghume.exe
O4 - HKLM\..\RunServices: [Microsoft Update 32] C:\WINDOWS\system32\wininit.exe
O4 - HKCU\..\Run: [rund1132] C:\WINDOWS\System32\rund1132.exe
O4 - HKCU\..\Run: [hww2RRaqR] wkslass.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [KYM Control Settings] phqghum.EXE
O4 - HKCU\..\Run: [Microsoft Support] sys32ms.exe
O4 - HKCU\..\Run: [VIEW POINT DRIVERS] phqghum.EXE
O4 - HKCU\..\Run: [VID INTERNET WEB DRIVERS FOR WIN32] phqghu.exe
O4 - HKCU\..\Run: [VCXD Settings] phqg.EXE
O4 - HKCU\..\Run: [LOCAL INTERNET WEB DRIVERS FOR WIN32] phqghume.exe
O4 - HKCU\..\Run: [Optional Web Drivers For WIN32] phqghume.exe
O4 - HKCU\..\Run: [KYK Control Settings] KYSVCXD.EXE
O4 - HKCU\..\Run: [WEB DRIVERS FOR WIN32] phqgh.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunServices: [Microsoft Support] sys32ms.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O14 - IERESET.INF: START_PAGE_URL=http://www.sympatico.ca/homepage.html
O17 - HKLM\System\CCS\Services\Tcpip\..\{03D10F6E-EBEC-47F7-A9C9-0393C49121DD}: NameServer = 206.47.199.154 207.164.234.43
O17 - HKLM\System\CS1\Services\Tcpip\..\{03D10F6E-EBEC-47F7-A9C9-0393C49121DD}: NameServer = 206.47.199.154 207.164.234.43
O17 - HKLM\System\CS2\Services\Tcpip\..\{03D10F6E-EBEC-47F7-A9C9-0393C49121DD}: NameServer = 206.47.199.154 207.164.234.43
O20 - Winlogon Notify: iexplore - C:\WINDOWS\SYSTEM32\4a2rf.dll
O23 - Service: DirectX Graphics (dxdmain) - Unknown owner - C:\WINDOWS\System32\dxdmain.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Service (NISSERV) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISSERV.EXE
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: Norton Internet Security Proxy Service (SymProxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\SymProxySvc.exe
O23 - Service: Tango Service (TangoService) - Unknown owner - C:\Program Files\Bell\Access Manager\app\TangoService.exe
O23 - Service: AntiSpyUltra (Zonelaps) - Unknown owner - C:\WINDOWS\vsmom.exe

BC AdBot (Login to Remove)

 


#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:08:39 PM

Posted 14 August 2005 - 06:14 PM

Hello arpod and welcome to the BC HijackThis forum. After reviewing your log I see a few items that require our attention. Please print these directions and then proceed with the following steps in order.

Step #1

Download and install ewido security suite. Update the program and then close it. Do not run it yet.

Download nailfix.zip and unzip it to its own folder.

Step #2

Now we need to remove some services.

Open Notepad and Copy/Paste the contents of the quote box below into the new document:

 
Const title = "Service Removal Tool"

Set oWS = CreateObject("Wscript.Shell")
sService = inputbox("Removing Service:",title,"dxdmain")

If sService = "" then
msgbox "Script halted. No changes were made.", vbInformation, title
wscript.quit
End If

strComputer = "."
Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colListOfServices = objWMIService.ExecQuery _
("Select * from Win32_Service Where Name = '" & sService & "' or displayName = '" & sService & "'")
If colListOfServices.count > 0 Then
For Each objService In colListOfServices
objService.StopService()
wscript.Sleep 5000
objService.ChangeStartMode("Disabled")
wscript.Sleep 2000
objService.Delete()
Msgbox "The " & sService & " service has been removed or marked for deletion.", vbInformation, title
Next
Else
Msgbox "The " & sService & " service was not found.", vbInformation, title
End If


Save the file to your desktop as remsvc.vbs and close Notepad. Locate the remsvc.vbs file on your desktop and double-click on it to run it. Click the Ok button and wait for a messge box saying the service has been removed or marked for deletion.

Now start remsvc.vbs again and type the service name below into the editbox before clicking the Ok button:Zonelaps
Step #3

Start in Safe Mode Using the F8 method:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
  • Use the arrow keys to select the Safe Mode menu item.
  • Press the Enter key.
Step #4

Navigate to the folder you unzipped nailfix.zip into and double-click on nailfix.cmd. Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.

Step #5

Start ewido and do the following:
  • Click on the Scanner button.
  • Click on the Complete System Scan.
  • If anything is found you will be prompted to clean the first infected file found. Choose Clean and put a checkmark in the checkbox for Perform action on all infections and click the Ok button to continue the scan.
  • When the scan is complete close ewido and reboot the computer normally.
Step #6

Start HijackThis and click the Scan button to perform a scan. Look for the following items and click in the checkbox in front of each item to select it:R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50245
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: (no name) - {5437D1E0-FA38-41EF-816B-D9F299E767CA} - C:\WINDOWS\System32\irdD028.dll
O2 - BHO: Msxml32DOMDocument Class - {6E28339B-7A2A-47B6-AEB2-46BA53782379} - C:\WINDOWS\System32\dllcache\msxml32.dll
O4 - HKLM\..\Run: [rund1132] C:\WINDOWS\System32\rund1132.exe
O4 - HKLM\..\Run: [Norton Antivirus 7.0a] C:\dns2.exe
O4 - HKLM\..\Run: [msxct] msxct.exe
O4 - HKLM\..\Run: [Microsoft Support] sys32ms.exe
O4 - HKLM\..\Run: [System CSRSS Patch] scrtkfg.exe
O4 - HKLM\..\Run: [Windows CPU host] winbog32.exe
O4 - HKLM\..\Run: [VIEW POINT DRIVERS] phqghum.EXE
O4 - HKLM\..\Run: [VID INTERNET WEB DRIVERS FOR WIN32] phqghu.exe
O4 - HKLM\..\Run: [VCXD Settings] phqg.EXE
O4 - HKLM\..\Run: [LOCAL INTERNET WEB DRIVERS FOR WIN32] phqghume.exe
O4 - HKLM\..\Run: [ibin] C:\wdns.exe
O4 - HKLM\..\Run: [Microsoft Update Loaders 2005] winusers.exe
O4 - HKLM\..\Run: [Windows AutomaticUpdater] runddls.exe
O4 - HKLM\..\Run: [Optional Web Drivers For WIN32] phqghume.exe
O4 - HKLM\..\Run: [WEB DRIVERS FOR WIN32] phqgh.exe
O4 - HKLM\..\Run: [KYM Control Settings] phqghum.EXE
O4 - HKLM\..\Run: [KYK Control Settings] KYSVCXD.EXE
O4 - HKLM\..\Run: [Eupkjbk] C:\Program Files\Yiylw\Qsvnr.exe
O4 - HKLM\..\Run: [bpqmyyc] C:\WINDOWS\System32\vmxpaw.exe r
O4 - HKLM\..\RunServices: [Microsoft Update] Wudates.exe
O4 - HKLM\..\RunServices: [System CSRSS Patch] scrtkfg.exe
O4 - HKLM\..\RunServices: [KYK Control Settings] KYSVCXD.EXE
O4 - HKLM\..\RunServices: [Veritas Patch] veritas.exe
O4 - HKLM\..\RunServices: [KYM Control Settings] phqghum.EXE
O4 - HKLM\..\RunServices: [Microsoft Support] sys32ms.exe
O4 - HKLM\..\RunServices: [VCXD Settings] phqg.EXE
O4 - HKLM\..\RunServices: [VIEW POINT DRIVERS] phqghum.EXE
O4 - HKLM\..\RunServices: [Windows CPU host] winbog32.exe
O4 - HKLM\..\RunServices: [LOCAL INTERNET WEB DRIVERS FOR WIN32] phqghume.exe
O4 - HKLM\..\RunServices: [WEB DRIVERS FOR WIN32] phqgh.exe
O4 - HKLM\..\RunServices: [VID INTERNET WEB DRIVERS FOR WIN32] phqghu.exe
O4 - HKLM\..\RunServices: [Microsoft Update Loaders 2005] winusers.exe
O4 - HKLM\..\RunServices: [Windows AutomaticUpdater] runddls.exe
O4 - HKLM\..\RunServices: [Optional Web Drivers For WIN32] phqghume.exe
O4 - HKLM\..\RunServices: [Microsoft Update 32] C:\WINDOWS\system32\wininit.exe
O4 - HKCU\..\Run: [rund1132] C:\WINDOWS\System32\rund1132.exe
O4 - HKCU\..\Run: [hww2RRaqR] wkslass.exe
O4 - HKCU\..\Run: [KYM Control Settings] phqghum.EXE
O4 - HKCU\..\Run: [Microsoft Support] sys32ms.exe
O4 - HKCU\..\Run: [VIEW POINT DRIVERS] phqghum.EXE
O4 - HKCU\..\Run: [VID INTERNET WEB DRIVERS FOR WIN32] phqghu.exe
O4 - HKCU\..\Run: [VCXD Settings] phqg.EXE
O4 - HKCU\..\Run: [LOCAL INTERNET WEB DRIVERS FOR WIN32] phqghume.exe
O4 - HKCU\..\Run: [Optional Web Drivers For WIN32] phqghume.exe
O4 - HKCU\..\Run: [KYK Control Settings] KYSVCXD.EXE
O4 - HKCU\..\Run: [WEB DRIVERS FOR WIN32] phqgh.exe
O4 - HKCU\..\RunServices: [Microsoft Support] sys32ms.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{03D10F6E-EBEC-47F7-A9C9-0393C49121DD}: NameServer = 206.47.199.154 207.164.234.43
O17 - HKLM\System\CS1\Services\Tcpip\..\{03D10F6E-EBEC-47F7-A9C9-0393C49121DD}: NameServer = 206.47.199.154 207.164.234.43
O17 - HKLM\System\CS2\Services\Tcpip\..\{03D10F6E-EBEC-47F7-A9C9-0393C49121DD}: NameServer = 206.47.199.154 207.164.234.43
O20 - Winlogon Notify: iexplore - C:\WINDOWS\SYSTEM32\4a2rf.dll

Now close ALL open windows except HijackThis and click the Fix Checked button to finish the repair.

Step #7

We need to make sure all hidden files are showing so please:
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View tab.
  • Under the Hidden files and folders heading select Show hidden files and folders.
  • Uncheck the Hide file extensions for known types option.
  • Uncheck the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.
  • Click OK.
Find the following files/folders and delete them (don't worry if they are already gone):C:\PROGRAM FILES\Toolbar\ <--folder
C:\Program Files\Yiylw\ <--folder
C:\WINDOWS\System32\irdD028.dll
C:\WINDOWS\System32\dllcache\msxml32.dll
C:\WINDOWS\System32\rund1132.exe (those are 2 one's and not 2 L's)
C:\WINDOWS\System32\vmxpaw.exe
C:\WINDOWS\system32\wininit.exe
C:\WINDOWS\SYSTEM32\4a2rf.dll
C:\WINDOWS\System32\dxdmain.exe
C:\WINDOWS\vsmom.exe
C:\dns2.exe
C:\wdns.exe

Now search for these files and delete all instances. Windows XP's search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that Search system folders, Search hidden files and folders, and Search subfolders are checked.msxct.exe
sys32ms.exe
scrtkfg.exe
winbog32.exe
phqghum.EXE
phqghu.exe
phqg.EXE
phqghume.exe
winusers.exe
runddls.exe
phqgh.exe
KYSVCXD.EXE
Wudates.exe
veritas.exe
wkslass.exe

Step #8

Reboot your computer normally and update the operating system.

Your operating system is extremely out of date. By not keeping the OS updated the computer is vulnerable to every infection on the net and in emails today and trying to repair an unpatched system is virtually impossible. For update purposes, Microsoft has even stopped supporting a system that is this far out of date. Go to the Windows Update site and install Service Pack 2. Once that is done, go back to the Windows Update site and install all available Critical Updates. This will patch the system with the most current security fixes and plug all the known holes which are present on this system.

After all of the updates have been performed post a new HijackThis log back here using the Add Reply button and I will review it when it comes in.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users