Eleasha Posted July 19, 2005 Report Share Posted July 19, 2005 Hello I was wondering if someone could please help me with this. I got infected with this antivirus gold 4 days ago and I have been trying to get it resolved since then. I have spent over 150.00 on antivirus and spyware to no avail. I found your forum and I hope you can help me. Here is my Hijack this log. Thanks in advance for ANY help you can give me. -------------------------------Logfile of HijackThis v1.99.1Scan saved at 3:09:28 AM, on 7/18/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\skszj.dll/sp.html#37049R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\skszj.dll/sp.html#37049R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\skszj.dll/sp.html#37049R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\skszj.dll/sp.html#37049R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\skszj.dll/sp.html#37049R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\skszj.dll/sp.html#37049R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\skszj.dll/sp.html#37049R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/R3 - Default URLSearchHook is missingO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: Class - {8757DCF3-EDCB-AF1D-2A96-1BA99BF8F486} - C:\WINDOWS\sdkza.dllO2 - BHO: Class - {A91EF599-5AF3-83C2-86F7-5C9793216040} - C:\WINDOWS\atlmu32.dllO2 - BHO: Class - {E2FF6CD4-8C87-9B6D-3707-80D3C44B04E0} - C:\WINDOWS\apivj32.dllO2 - BHO: Class - {F813BE06-EC76-A5FE-DD49-14847AD19AAC} - C:\WINDOWS\system32\mfchk32.dllO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXEO4 - HKLM\..\Run: [sunKist] C:\Program Files\Digital Media Reader\shwicon2k.exeO4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exeO4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"O4 - HKLM\..\Run: [crsr.exe] C:\WINDOWS\system32\crsr.exeO4 - HKLM\..\RunOnce: [sysfu32.exe] C:\WINDOWS\sysfu32.exeO4 - HKLM\..\RunOnce: [appgx32.exe] C:\WINDOWS\appgx32.exeO4 - HKLM\..\RunOnce: [sdkxw32.exe] C:\WINDOWS\system32\sdkxw32.exeO4 - HKLM\..\RunOnce: [apiuf.exe] C:\WINDOWS\apiuf.exeO4 - HKLM\..\RunOnce: [sysza.exe] C:\WINDOWS\sysza.exeO4 - HKLM\..\RunOnce: [sysvp32.exe] C:\WINDOWS\system32\sysvp32.exeO4 - HKLM\..\RunOnce: [apivj32.exe] C:\WINDOWS\apivj32.exeO4 - HKLM\..\RunOnce: [winbd32.exe] C:\WINDOWS\system32\winbd32.exeO4 - HKLM\..\RunOnce: [msod.exe] C:\WINDOWS\system32\msod.exeO4 - HKLM\..\RunOnce: [nttf32.exe] C:\WINDOWS\nttf32.exeO4 - HKLM\..\RunOnce: [AOLToolbarDirRemoval] cmd.exe /C rd "C:\Program Files\AOL Toolbar"O4 - HKLM\..\RunOnce: [1] C:\WINDOWS\system32\cmd.exe /c erase "C:\DOCUME~1\Owner\LOCALS~1\Temp\AcsUninstall.exe"O4 - HKLM\..\RunOnce: [2] C:\WINDOWS\system32\cmd.exe /c erase "C:\DOCUME~1\Owner\LOCALS~1\Temp\AcsUninstallRes.dll"O4 - HKLM\..\RunOnce: [3] C:\WINDOWS\system32\cmd.exe /c erase "C:\DOCUME~1\Owner\LOCALS~1\Temp\shfolder.dll"O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exeO4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exeO4 - Global Startup: eFax DllCmd 3.5.lnk = C:\Program Files\eFax Messenger 3.5\J2GDllCmd.exeO4 - Global Startup: eFax Tray Menu 3.5.lnk = C:\Program Files\eFax Messenger 3.5\J2GTray.exeO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTMLO8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.htmlO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cabO16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cabO16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://www.homesteadhotels.com/minisite/ac...nd/MSSurVid.cabO16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cabO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dllO23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\sysfu32.exe" /s (file missing)O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exeO23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS Link to post Share on other sites
therock247uk Posted July 19, 2005 Report Share Posted July 19, 2005 Uninstall your current version of Ewido as I dont know if its up to date.Please download ewido security suite it is a trial version of the program.Install ewido security suiteWhen installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".Launch ewido, there should be an icon on your desktop double-click it.The program will now go to the main screenYou will need to update ewido to the latest definition files.On the left hand side of the main screen click updateThen click on Start UpdateThe update will start and a progress bar will show the updates being installed.If you are having problems with the updater, you can use this link to manually update ewido.ewido manual updatesBoot into safemode to do this keep tapping F8 on your keyboard while your PC is starting up you will get a menu select safemode.Open Ewido againClick on scannerClick on Complete System Scan and the scan will begin.While the scan is in progress you will be prompted to clean files, click OKWhen it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.Once the scan has completed, there will be a button located on the bottom of the screen named Save reportClick Save report.Save the report .txt file to your desktop.Now close ewido security suite.Reboot and Post the report Ewido made and a new Hijackthis log here in a reply. Link to post Share on other sites
Recommended Posts