Hello I was wondering if someone could please help me with this. I got infected with this antivirus gold 4 days ago and I have been trying to get it resolved since then. I have spent over 150.00 on antivirus and spyware to no avail. I found your forum and I hope you can help me. Here is my Hijack this log. Thanks in advance for ANY help you can give me.
-------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 3:09:28 AM, on 7/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\skszj.dll/sp.html#37049
Antivirus Gold Has My Computer Hostage
in Malware Removal
Posted
Hello I was wondering if someone could please help me with this. I got infected with this antivirus gold 4 days ago and I have been trying to get it resolved since then. I have spent over 150.00 on antivirus and spyware to no avail. I found your forum and I hope you can help me. Here is my Hijack this log. Thanks in advance for ANY help you can give me.
-------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 3:09:28 AM, on 7/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\skszj.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\skszj.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\skszj.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\skszj.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\skszj.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\skszj.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\skszj.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {8757DCF3-EDCB-AF1D-2A96-1BA99BF8F486} - C:\WINDOWS\sdkza.dll
O2 - BHO: Class - {A91EF599-5AF3-83C2-86F7-5C9793216040} - C:\WINDOWS\atlmu32.dll
O2 - BHO: Class - {E2FF6CD4-8C87-9B6D-3707-80D3C44B04E0} - C:\WINDOWS\apivj32.dll
O2 - BHO: Class - {F813BE06-EC76-A5FE-DD49-14847AD19AAC} - C:\WINDOWS\system32\mfchk32.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [sunKist] C:\Program Files\Digital Media Reader\shwicon2k.exe
O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [crsr.exe] C:\WINDOWS\system32\crsr.exe
O4 - HKLM\..\RunOnce: [sysfu32.exe] C:\WINDOWS\sysfu32.exe
O4 - HKLM\..\RunOnce: [appgx32.exe] C:\WINDOWS\appgx32.exe
O4 - HKLM\..\RunOnce: [sdkxw32.exe] C:\WINDOWS\system32\sdkxw32.exe
O4 - HKLM\..\RunOnce: [apiuf.exe] C:\WINDOWS\apiuf.exe
O4 - HKLM\..\RunOnce: [sysza.exe] C:\WINDOWS\sysza.exe
O4 - HKLM\..\RunOnce: [sysvp32.exe] C:\WINDOWS\system32\sysvp32.exe
O4 - HKLM\..\RunOnce: [apivj32.exe] C:\WINDOWS\apivj32.exe
O4 - HKLM\..\RunOnce: [winbd32.exe] C:\WINDOWS\system32\winbd32.exe
O4 - HKLM\..\RunOnce: [msod.exe] C:\WINDOWS\system32\msod.exe
O4 - HKLM\..\RunOnce: [nttf32.exe] C:\WINDOWS\nttf32.exe
O4 - HKLM\..\RunOnce: [AOLToolbarDirRemoval] cmd.exe /C rd "C:\Program Files\AOL Toolbar"
O4 - HKLM\..\RunOnce: [1] C:\WINDOWS\system32\cmd.exe /c erase "C:\DOCUME~1\Owner\LOCALS~1\Temp\AcsUninstall.exe"
O4 - HKLM\..\RunOnce: [2] C:\WINDOWS\system32\cmd.exe /c erase "C:\DOCUME~1\Owner\LOCALS~1\Temp\AcsUninstallRes.dll"
O4 - HKLM\..\RunOnce: [3] C:\WINDOWS\system32\cmd.exe /c erase "C:\DOCUME~1\Owner\LOCALS~1\Temp\shfolder.dll"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: eFax DllCmd 3.5.lnk = C:\Program Files\eFax Messenger 3.5\J2GDllCmd.exe
O4 - Global Startup: eFax Tray Menu 3.5.lnk = C:\Program Files\eFax Messenger 3.5\J2GTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://www.homesteadhotels.com/minisite/ac...nd/MSSurVid.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\sysfu32.exe" /s (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS