Major virus problems

Gman101112

New Member
Reaction score
6
Sup guys this is DarkChaosElf at Gmans house.

So his laptop is pretty effed up. Apparently since he got it in December, he has used it to fulfill his "man needs" which we should know what that is. But! Not taking advice he has had no anti-virus or anything of the sort, and his laptop is now completely messed up.

He does not want to do a system restore, and when i try to go into safe mode and run S&D and AVG the laptop shuts itself down.

I found Zango, along with CyberDefender, along with a plerora of other crap and i have no idea on how to get rid of it, and the laptop has been slowed by more than half of its original/specified speed.

Any ideas?
 

Gman101112

New Member
Reaction score
6

Yea, thanks for link, i tried googling it which made the laptop freeze, ill run it and post results

Results:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:30:37, on 10/19/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16757)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - ~00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - ~EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: MyIdentityDefender - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Users\Gary\AppData\LocalLow\CyberDefender\cdmyidd.dll (file missing)
O1 - Hosts: ::1 localhost
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\5.bin\MWSSRCAS.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\5.bin\MWSBAR.DLL
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: McAfee Phishing Filter - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Gamevance Text - {7370F91F-6994-4595-9949-601FA2261C8D} - C:\Program Files\Gamevance\gvtl.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: MyIdentityDefender - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Users\Gary\AppData\LocalLow\CyberDefender\cdmyidd.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.1852\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\5.bin\MWSBAR.DLL
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: MyIdentityDefender - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Users\Gary\AppData\LocalLow\CyberDefender\cdmyidd.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [HWSetup] \HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Gamevance] C:\Program Files\Gamevance\gamevance32.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\5.bin\mwsoemon.exe
O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\5.bin\m3SrchMn.exe" /m=0
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\RunOnce: [SpybotDeletingA1070] command /c del "C:\Program Files\Zango\bin\10.3.65.0\CoreSrv.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC979] cmd /c del "C:\Program Files\Zango\bin\10.3.65.0\CoreSrv.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1509] command /c del "C:\Program Files\Zango\bin\10.3.65.0\CntntCntr.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3174] cmd /c del "C:\Program Files\Zango\bin\10.3.65.0\CntntCntr.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1597] command /c del "C:\Program Files\Zango\bin\10.3.65.0\arrow.ico"
O4 - HKLM\..\RunOnce: [SpybotDeletingC138] cmd /c del "C:\Program Files\Zango\bin\10.3.65.0\arrow.ico"
O4 - HKLM\..\RunOnce: [SpybotDeletingA559] command /c del "C:\Program Files\Zango\bin\10.3.65.0\copyright.txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5252] cmd /c del "C:\Program Files\Zango\bin\10.3.65.0\copyright.txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9620] command /c del "C:\Program Files\Zango\bin\10.3.65.0\HostOE.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8845] cmd /c del "C:\Program Files\Zango\bin\10.3.65.0\HostOE.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3031] command /c del "C:\Program Files\Zango\bin\10.3.65.0\link.ico"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1566] cmd /c del "C:\Program Files\Zango\bin\10.3.65.0\link.ico"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2059] command /c del "C:\Program Files\Zango\bin\10.3.65.0\OEAddOn.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7284] cmd /c del "C:\Program Files\Zango\bin\10.3.65.0\OEAddOn.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4497] command /c del "C:\Program Files\Zango\bin\10.3.65.0\Srv.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6427] cmd /c del "C:\Program Files\Zango\bin\10.3.65.0\Srv.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4041] command /c del "C:\Program Files\Zango\bin\10.3.65.0\Weather.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6459] cmd /c del "C:\Program Files\Zango\bin\10.3.65.0\Weather.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2607] command /c del "C:\Program Files\Zango\bin\10.3.65.0\WeSkin.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2507] cmd /c del "C:\Program Files\Zango\bin\10.3.65.0\WeSkin.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3174] command /c del "C:\Program Files\Zango\bin\10.3.65.0\ZangoSA.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC652] cmd /c del "C:\Program Files\Zango\bin\10.3.65.0\ZangoSA.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6710] command /c del "C:\Program Files\Zango\bin\10.3.65.0\Toolbar.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4175] cmd /c del "C:\Program Files\Zango\bin\10.3.65.0\Toolbar.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8879] command /c del "C:\Program Files\Zango\bin\10.3.65.0\ZangoSADF.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5055] cmd /c del "C:\Program Files\Zango\bin\10.3.65.0\ZangoSADF.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2015] command /c del "C:\Program Files\Zango\bin\10.3.65.0\ZangoSAHook.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9108] cmd /c del "C:\Program Files\Zango\bin\10.3.65.0\ZangoSAHook.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5547] command /c del "C:\Program Files\Zango\bin\10.3.65.0\ZangoUninstaller.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2225] cmd /c del "C:\Program Files\Zango\bin\10.3.65.0\ZangoUninstaller.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8629] command /c del "C:\Program Files\Zango\bin\10.3.65.0\firefox\extensions\install.rdf"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6780] cmd /c del "C:\Program Files\Zango\bin\10.3.65.0\firefox\extensions\install.rdf"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8447] command /c del "C:\Program Files\Zango\bin\10.3.65.0\firefox\extensions\components\npclntax.xpt"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5480] cmd /c del "C:\Program Files\Zango\bin\10.3.65.0\firefox\extensions\components\npclntax.xpt"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5850] command /c del "C:\Program Files\Zango\bin\10.3.65.0\firefox\extensions\plugins\npclntax_ZangoSA.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6545] cmd /c del "C:\Program Files\Zango\bin\10.3.65.0\firefox\extensions\plugins\npclntax_ZangoSA.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5050] command /c del "C:\Program Files\Zango\bin\10.3.65.0\Wallpaper.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7194] cmd /c del "C:\Program Files\Zango\bin\10.3.65.0\Wallpaper.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3650] command /c del "C:\Program Files\Zango\bin\10.3.65.0\HostIE.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6266] cmd /c del "C:\Program Files\Zango\bin\10.3.65.0\HostIE.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4607] command /c del "C:\Program Files\Zango\bin\10.3.65.0\HostOL.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC800] cmd /c del "C:\Program Files\Zango\bin\10.3.65.0\HostOL.dll"
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\5.bin\mwsoemon.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [PlayNC Launcher] C:\Program Files\NCSoft\Launcher\NCLauncher.exe /Minimized
O4 - HKCU\..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB1281] command /c del "C:\Program Files\Zango\bin\10.3.65.0\CoreSrv.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8741] cmd /c del "C:\Program Files\Zango\bin\10.3.65.0\CoreSrv.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB760] command /c del "C:\Program Files\Zango\bin\10.3.65.0\CntntCntr.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8160] cmd /c del "C:\Program Files\Zango\bin\10.3.65.0\CntntCntr.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB634] command /c del "C:\Program Files\Zango\bin\10.3.65.0\arrow.ico"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8141] cmd /c del "C:\Program Files\Zango\bin\10.3.65.0\arrow.ico"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3254] command /c del "C:\Program Files\Zango\bin\10.3.65.0\copyright.txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6108] cmd /c del "C:\Program Files\Zango\bin\10.3.65.0\copyright.txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3599] command /c del "C:\Program Files\Zango\bin\10.3.65.0\HostOE.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4185] cmd /c del "C:\Program Files\Zango\bin\10.3.65.0\HostOE.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8803] command /c del "C:\Program Files\Zango\bin\10.3.65.0\link.ico"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1105] cmd /c del "C:\Program Files\Zango\bin\10.3.65.0\link.ico"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7291] command /c del "C:\Program Files\Zango\bin\10.3.65.0\OEAddOn.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3719] cmd /c del "C:\Program Files\Zango\bin\10.3.65.0\OEAddOn.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9396] command /c del "C:\Program Files\Zango\bin\10.3.65.0\Srv.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7841] cmd /c del "C:\Program Files\Zango\bin\10.3.65.0\Srv.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1084] command /c del "C:\Program Files\Zango\bin\10.3.65.0\Weather.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4653] cmd /c del "C:\Program Files\Zango\bin\10.3.65.0\Weather.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4954] command /c del "C:\Program Files\Zango\bin\10.3.65.0\WeSkin.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5897] cmd /c del "C:\Program Files\Zango\bin\10.3.65.0\WeSkin.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9297] command /c del "C:\Program Files\Zango\bin\10.3.65.0\ZangoSA.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8119] cmd /c del "C:\Program Files\Zango\bin\10.3.65.0\ZangoSA.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1517] command /c del "C:\Program Files\Zango\bin\10.3.65.0\Toolbar.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1564] cmd /c del "C:\Program Files\Zango\bin\10.3.65.0\Toolbar.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1889] command /c del "C:\Program Files\Zango\bin\10.3.65.0\ZangoSADF.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5486] cmd /c del "C:\Program Files\Zango\bin\10.3.65.0\ZangoSADF.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB640] command /c del "C:\Program Files\Zango\bin\10.3.65.0\ZangoSAHook.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9436] cmd /c del "C:\Program Files\Zango\bin\10.3.65.0\ZangoSAHook.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8140] command /c del "C:\Program Files\Zango\bin\10.3.65.0\ZangoUninstaller.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD109] cmd /c del "C:\Program Files\Zango\bin\10.3.65.0\ZangoUninstaller.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6156] command /c del "C:\Program Files\Zango\bin\10.3.65.0\firefox\extensions\install.rdf"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7509] cmd /c del "C:\Program Files\Zango\bin\10.3.65.0\firefox\extensions\install.rdf"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4296] command /c del "C:\Program Files\Zango\bin\10.3.65.0\firefox\extensions\components\npclntax.xpt"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7292] cmd /c del "C:\Program Files\Zango\bin\10.3.65.0\firefox\extensions\components\npclntax.xpt"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2184] command /c del "C:\Program Files\Zango\bin\10.3.65.0\firefox\extensions\plugins\npclntax_ZangoSA.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4564] cmd /c del "C:\Program Files\Zango\bin\10.3.65.0\firefox\extensions\plugins\npclntax_ZangoSA.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2527] command /c del "C:\Program Files\Zango\bin\10.3.65.0\Wallpaper.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3544] cmd /c del "C:\Program Files\Zango\bin\10.3.65.0\Wallpaper.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6102] command /c del "C:\Program Files\Zango\bin\10.3.65.0\HostIE.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6529] cmd /c del "C:\Program Files\Zango\bin\10.3.65.0\HostIE.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB813] command /c del "C:\Program Files\Zango\bin\10.3.65.0\HostOL.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5816] cmd /c del "C:\Program Files\Zango\bin\10.3.65.0\HostOL.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7693] command /c del "C:\Users\Gary\AppData\Roaming\WeatherDPA\Weather\WeatherStartup.xml"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1904] cmd /c del "C:\Users\Gary\AppData\Roaming\WeatherDPA\Weather\WeatherStartup.xml"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Digsby.lnk = C:\Program Files\Digsby\digsby.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZK
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcr_device - - C:\Windows\system32\lxcrcoms.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\5.bin\mwssvc.exe
O23 - Service: pinger - Unknown owner - C:\TOSHIBA\IVP\ISM\pinger.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\Windows\system32\rpcnet.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 22518 bytes
 

Prometheus

Everything is mutable; nothing is sacred
Reaction score
591
A quick google tells my Cyberdefender is a POS and possibly a virus itself.
Remove it and try a boot-time scan with Avast.
(Check my programs thread in this forum for a link.)
 

Gman101112

New Member
Reaction score
6
A quick google tells my Cyberdefender is a POS and possibly a virus itself.
Remove it and try a boot-time scan with Avast.
(Check my programs thread in this forum for a link.)

Alright, running AVG, S&D, and Avast, ill update with results later.
 

Prometheus

Everything is mutable; nothing is sacred
Reaction score
591
It isn't suggested to run two or more antiviruses at once, same with anti-spyware.
 

Gman101112

New Member
Reaction score
6
Well i ran them, and my computer shuts itself down when S&D gets about 3/4 through.

Avast had too run overnight and was only 20% done.

Zango apparently keeps installing itself or using registry keys to do that.

No idea what to do from here.
 

Prometheus

Everything is mutable; nothing is sacred
Reaction score
591
With avast, scan a known virus spot. When it pops up saying there is a virus you need to click schedule a boot-time virus scan. Then restart the computer and see if it crashes.
 

rover2341

Is riding a roller coaster...Wee!
Reaction score
114
when you ment...your freinds laptop...you relly ment...your laptop right. lol.

Anyway, ill help if your still stuck. :)
 
General chit-chat
Help Users
  • No one is chatting at the moment.

      The Helper Discord

      Members online

      No members online now.

      Affiliates

      Hive Workshop NUON Dome World Editor Tutorials

      Network Sponsors

      Apex Steel Pipe - Buys and sells Steel Pipe.
      Top