Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

SIXA? [CLOSED]

Started by roddiestimmings , Aug 06 2005 02:10 PM

  • This topic is locked This topic is locked

#1
roddiestimmings
Posted 06 August 2005 - 02:10 PM

roddiestimmings

    New Member

  • Member
  • Pip
  • 2 posts
I was reading over a previous post where someone had the same issue. My issue being that I continually get a prompt saying "SIXA" is connected down where my normal internet connection icon is located. The an internet explorer window will pop up and attempt to load a page. Could you help? I posted the HijackThis log below..and thanks in advance.


Logfile of HijackThis v1.99.1
Scan saved at 4:04:43 PM, on 8/6/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\WINDOWS\lhbbfa.exe
C:\WINDOWS\svchost.exe
C:\Program Files\Time Sync\time.exe
C:\WINDOWS\iisvers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\wsrv32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\iTunes\iTunes.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\robyanes\Local Settings\Temp\Temporary

Directory 1 for HijackThis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.new-access.biz
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497}

- (no file)
R3 - URLSearchHook: UB Class - {00000000-15D9-4736-AB29-131578A45F2B} -

C:\WINDOWS\System32\wsrchc3.dll
O2 - BHO: (no name) - {DECE0509-CBC7-E83E-BAF9-E19B68DF3CE0} -

C:\WINDOWS\System32\dud.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -

C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} -

C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common

Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [Display Driver] C:\WINDOWS\System32\MS_VXD
O4 - HKLM\..\Run: [fash] C:\WINDOWS\fash.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program

Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [aqadcup] C:\WINDOWS\aqadcup.exe
O4 - HKLM\..\Run: [CTS] C:\WINDOWS\ktgkg.exe
O4 - HKLM\..\Run: [Ymdhfyi] C:\WINDOWS\lhbbfa.exe
O4 - HKLM\..\Run: [Jawa322] C:\WINDOWS\jawa32.exe
O4 - HKLM\..\Run: [Svgpg] C:\WINDOWS\irufma.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Rzvdnu] C:\WINDOWS\svchost.exe
O4 - HKLM\..\Run: [MSNSysRestore] C:\WINDOWS\System32\pc32.exe bg
O4 - HKLM\..\Run: [Time Sync] C:\Program Files\Time Sync\time.exe
O4 - HKLM\..\Run: [OPSE reminder] "C:\Program

Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program

Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"
O4 - HKLM\..\Run: [iisvers] C:\WINDOWS\iisvers.exe
O4 - HKLM\..\Run: [wnddrv] C:\WINDOWS\svchost.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program

Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [wsrv32] C:\WINDOWS\wsrv32.exe
O4 - HKLM\..\Run: [Olympic] C:\Documents and

Settings\robyanes\Application Data\sgrunt\IE4321.exe
O4 - HKCU\..\Run: [Jawa32] C:\WINDOWS\jawa32.exe
O4 - HKCU\..\Run: [Jawa322] C:\WINDOWS\jawa32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"

/background
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common

Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List -

res://C:\Program

Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print -

res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program

Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program

Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -

C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -

(no file)
O9 - Extra button: @Home - {324EDE9A-0ED4-4AA9-8784-60D02255BC1B} -

http://www/ (file missing) (HKCU)
O15 - Trusted Zone: www.contentcooler.biz
O15 - Trusted Zone: www.new-access.biz
O15 - Trusted Zone: www.sgrunt.biz
O17 -

HKLM\System\CCS\Services\Tcpip\..\{64EA4952-D39F-49EB-9E1F-7D5D5533C66A

}: NameServer = 151.203.0.84 151.202.0.84
O17 -

HKLM\System\CCS\Services\Tcpip\..\{DBD493F6-493F-4610-8D7A-FEEC8CA95A24

}: NameServer = 192.168.1.1
O23 - Service: Adobe LM Service - Unknown owner - C:\Program

Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. -

C:\Program Files\iPod\bin\iPodService.exe
  • 0

Advertisements

#2
roddiestimmings
Posted 09 August 2005 - 10:41 PM

roddiestimmings

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
I've run Ewido & AdAware, but still continue to get this SIXA prompt connecting to my internet service? Help, please! Here's my new HijackThis log. :tazz:

Logfile of HijackThis v1.99.1
Scan saved at 12:35:28 AM, on 8/10/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Time Sync\time.exe
C:\WINDOWS\iisvers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\wsrv32.exe
C:\PROGRA~1\AIM\aim.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\robyanes\Local Settings\Temp\Temporary Directory 2 for HijackThis-1.zip\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: UB Class - {00000000-15D9-4736-AB29-131578A45F2B} - C:\WINDOWS\System32\wsrchc3.dll
O2 - BHO: (no name) - {DECE0509-CBC7-E83E-BAF9-E19B68DF3CE0} - C:\WINDOWS\System32\dud.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [Display Driver] C:\WINDOWS\System32\MS_VXD
O4 - HKLM\..\Run: [fash] C:\WINDOWS\fash.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CTS] C:\WINDOWS\ktgkg.exe
O4 - HKLM\..\Run: [Jawa322] C:\WINDOWS\jawa32.exe
O4 - HKLM\..\Run: [Svgpg] C:\WINDOWS\irufma.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MSNSysRestore] C:\WINDOWS\System32\pc32.exe bg
O4 - HKLM\..\Run: [Time Sync] C:\Program Files\Time Sync\time.exe
O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"
O4 - HKLM\..\Run: [iisvers] C:\WINDOWS\iisvers.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [wsrv32] C:\WINDOWS\wsrv32.exe
O4 - HKCU\..\Run: [Jawa32] C:\WINDOWS\jawa32.exe
O4 - HKCU\..\Run: [Jawa322] C:\WINDOWS\jawa32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: @Home - {324EDE9A-0ED4-4AA9-8784-60D02255BC1B} - http://www/ (file missing) (HKCU)
O16 - DPF: {16E166F9-35E8-4CA5-B50D-5CEFABF45B09} - http://www.sgrunt.biz/dialer_b.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{64EA4952-D39F-49EB-9E1F-7D5D5533C66A}: NameServer = 151.203.0.84 151.202.0.84
O17 - HKLM\System\CCS\Services\Tcpip\..\{DBD493F6-493F-4610-8D7A-FEEC8CA95A24}: NameServer = 192.168.1.1
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
  • 0

#3
Excal
Posted 09 August 2005 - 11:49 PM

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
We can definitely help you, but first you need to help us. The first step in this process is to apply Service Pack 1a for Windows XP. Without this update, you're wide open to re-infection, and we're both just wasting our time. Click here: http://www.microsoft...p1/default.mspx Apply the update, reboot, and post a fresh Hijack This log.
(DO NOT INSTALL SP2)
  • 0

#4
Excal
Posted 26 August 2005 - 01:27 AM

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP