Hijackthis log
- Thread starter jeffp42
- Start date
- Status
tomrca
Posts: 924 +3
this is a clip from, http://www.greatis.com/appdata/dz.htm
"zango.exe
Zango.exe is Adware.
Kill the process zango.exe and remove zango.exe from Windows startup".
"zango.exe
Zango.exe is Adware.
Kill the process zango.exe and remove zango.exe from Windows startup".
That's not the only problem here, unfortunately.
I'm not feeling too great at the moment with a bit of a stomach cramp which I've had all morning (you probably didn't need to know that, but hey. lol). If nobody else does, I shall take a closer look when I'm feeling a bit better.
I'm not feeling too great at the moment with a bit of a stomach cramp which I've had all morning (you probably didn't need to know that, but hey. lol). If nobody else does, I shall take a closer look when I'm feeling a bit better.
tomrca
Posts: 924 +3
i am a novice on hjt's, but there is a number of adware files in your pc. if i were you run ewido, and select the setting 'scan every file'. then re-post hjt. i am sure that if i am wrong, it won't be long before the big boys have something to say.
if you have more than one anti-spyware/adware remover, run them, but not at the same time.
if you have more than one anti-spyware/adware remover, run them, but not at the same time.
paranoid guy
Posts: 408 +0
Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html
Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html
Run a full system scan and delete whatever it finds. It may well be that the infection is resident in one of your restore points. No antivirus programme can delete anything in a restore point. Turning off system restore will delete all your restore points and any infections that are in them.
Once you`ve done that, follow the instructions below.
Open task manager and end the following processes (if there)
thiselt.exe
ms04378011311.exe
win3208113113780.exe
zango.exe
CCZoop05.exe
Ssk.exe
svchostsys.exe
Click start/run and type regsvr32 /u "C:\Program Files\SurfSideKick 3\SskBho.dll"
Click start/run and type regsvr32 /u "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll"
Note the space between the 2 and the forward slash and again between the u and ".
Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
O4 - HKLM\..\Run: [PD0630 STISvc] RunDLL32.exe P0630Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [pop06apelt] C:\WINNT\thiselt.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINNT\CCZoop05.exe
O4 - HKLM\..\Run: [ms04378011311] C:\WINNT\ms04378011311.exe
O4 - HKLM\..\Run: [win3208113113780] C:\WINNT\win3208113113780.exe
O4 - HKLM\..\Run: [zango] "c:\program files\zango\zango.exe"
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [sys_up1] C:\Program Files\Common Files\svchostsys\svchostsys.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O20 - AppInit_DLLs: repairs303169584.dll
Reboot into normal mode and turn system restore back on.
Post a fresh HJT log.
Regards Howard :haha: -- Howard will be pleased. lol. ...Spike.
Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html
Run a full system scan and delete whatever it finds. It may well be that the infection is resident in one of your restore points. No antivirus programme can delete anything in a restore point. Turning off system restore will delete all your restore points and any infections that are in them.
Once you`ve done that, follow the instructions below.
Open task manager and end the following processes (if there)
thiselt.exe
ms04378011311.exe
win3208113113780.exe
zango.exe
CCZoop05.exe
Ssk.exe
svchostsys.exe
Click start/run and type regsvr32 /u "C:\Program Files\SurfSideKick 3\SskBho.dll"
Click start/run and type regsvr32 /u "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll"
Note the space between the 2 and the forward slash and again between the u and ".
Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
O4 - HKLM\..\Run: [PD0630 STISvc] RunDLL32.exe P0630Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [pop06apelt] C:\WINNT\thiselt.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINNT\CCZoop05.exe
O4 - HKLM\..\Run: [ms04378011311] C:\WINNT\ms04378011311.exe
O4 - HKLM\..\Run: [win3208113113780] C:\WINNT\win3208113113780.exe
O4 - HKLM\..\Run: [zango] "c:\program files\zango\zango.exe"
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [sys_up1] C:\Program Files\Common Files\svchostsys\svchostsys.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O20 - AppInit_DLLs: repairs303169584.dll
Reboot into normal mode and turn system restore back on.
Post a fresh HJT log.
Regards Howard :haha: -- Howard will be pleased. lol. ...Spike.
- Status
