Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

« previous next »
Pages: [1]   Go Down

Author Topic: Zwangie is affecting my PC!!! I need help please. I got a hijackthis log  (Read 7198 times)

0 Members and 1 Guest are viewing this topic.

lolopop81

    Topic Starter


    Rookie

    Thanked: 1
    Zwangie is affecting my PC!!! I need help please. I got a hijackthis log
    « on: March 25, 2010, 06:22:31 PM »
    I have Windows Vista. I have a problem with Zwangie. I deleted it from Uninstall Programs but the effects are still here. It doesn't let me Open ANYTHING IE based. This post by Yahoo says the effects: http://answers.yahoo.com/question/index?qid=20100216232817AARd40T

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 5:12:42 PM, on 3/25/2010
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.18882)
    Boot mode: Normal

    Running processes:
    C:\Program Files\Defender Pro\Defender Pro\bdagent.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\RelevantKnowledge\rlvknlg.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Netscape\Navigator 9\navigator.exe
    C:\Windows\system32\wuauclt.exe
    C:\PROGRA~1\MYWEBS~1\bar\7.bin\m3SrchMn.exe
    C:\Program Files\Defender Pro\Defender Pro\seccenter.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

    http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vb32&d=1007&m=el1200-07w
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?

    LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?

    LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?

    LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!

    \Companion\Installs\cpn2\yt.dll
    R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program

    Files\MyWebSearch\bar\7.bin\MWSSRCAS.DLL
    O1 - Hosts: ::1 localhost
    O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program

    Files\MyWebSearch\bar\7.bin\MWSSRCAS.DLL
    O2 - BHO: CashBackAssistant - {00F5B5BA-E3C2-4b70-BF51-42A557914FAD} - C:\Program Files\Nice

    Prosper\CashBackAssistant\CashBackAssistantIE.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!

    \Companion\Installs\cpn2\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

    Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program

    Files\MyWebSearch\bar\7.bin\MWSBAR.DLL
    O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - (no file)
    O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program

    Files\AskBarDis\bar\bin\askBar.dll
    O2 - BHO: PCCBHO.CPCCBHO - {22FC6CE8-7D47-479F-B74A-BFBB04ADB9AF} - C:\Program Files\Winferno\PC

    Confidential\PCCBHO.dll
    O2 - BHO: NP Helper Class - {35B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Internet Saving

    Optimizer\2.2.0.2880\NPIEAddOn.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program

    Files\AVG\AVG9\avgssie.dll (file missing)
    O2 - BHO: Smart-Shopper - {4A7C84E2-E95C-43C6-8DD3-03ABCD0EB60E} - C:\Program Files\Smart-

    Shopper\Bin\2.5.1\Smrt-Shpr.dll
    O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI

    RoboForm\roboform.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program

    Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Seekmo - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program

    Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program

    Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
    O2 - BHO: Gamevance Text - {BEAC7DC8-E106-4C6A-931E-5A42E7362883} - C:\Program Files\Gamevance\gvtl.dll

    (file missing)
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program

    Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O2 - BHO: System Search Dispatcher - {CDBFB47B-58A8-4111-BF95-06178DCE326D} - C:\Program Files\System

    Search Dispatcher\1.2.0.750\ssd.dll
    O2 - BHO: Lexmark Printable Web - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark

    Printable Web\bho.dll
    O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program

    Files\MSN\Toolbar\3.0.1303.0\msneshellx.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program

    Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!

    \Companion\Installs\cpn2\YTSingleInstance.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!

    \Companion\Installs\cpn2\yt.dll
    O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program

    Files\MyWebSearch\bar\7.bin\MWSBAR.DLL
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI

    RoboForm\roboform.dll
    O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program

    Files\AskBarDis\bar\bin\askBar.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google

    Toolbar\GoogleToolbar.dll
    O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program

    Files\MSN\Toolbar\3.0.1303.0\msneshellx.dll
    O3 - Toolbar: Seekmo - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - (no file)
    O3 - Toolbar: Defender Pro Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\Defender

    Pro\Defender Pro\IEToolbar.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe"

    /startup
    O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe"

    "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe"

    "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1236710346\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\7.bin\M3PLUGIN.DLL,UPF
    O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\7.bin\mwsoemon.exe
    O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection

    Service\Bin\ACDaemon.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
    O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1

    \bar\7.bin\m3SrchMn.exe" /m=2 /w /h
    O4 - HKLM\..\Run: [Defender Pro Antiphishing Helper] "C:\Program Files\Defender Pro\Defender Pro\IEShow.exe"
    O4 - HKLM\..\Run: [DPAgent] "C:\Program Files\Defender Pro\Defender Pro\bdagent.exe"
    O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
    O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
    O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto

    Update\RIMAutoUpdate.exe /background
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0

    \SharedCOM\RoxWatchTray9.exe"
    O4 - HKLM\..\Run: [lxdumon.exe] "C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe"
    O4 - HKLM\..\Run: [lxduamon] "C:\Program Files\Lexmark 5600-6600 Series\lxduamon.exe"
    O4 - HKLM\..\Run: [Lexmark 5600-6600 Series Fax Server] "C:\Program Files\Lexmark 5600-6600 Series\fm3032.exe"

    /s
    O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
    O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\7.bin\mwsoemon.exe
    O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    O4 - HKCU\..\Run: [SystemCop] C:\Program Files\SystemCop Software\SystemCop\SystemCop.exe -min
    O4 - HKCU\..\Run: [My Faster PC] c:\program files\consumersoft\my faster pc\mfpchelper.exe
    O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
    O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL

    SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL

    SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK

    SERVICE')
    O4 - Startup: AOL Desktop.lnk = C:\Program Files\Common Files\AOL\Launch\aollaunch.exe
    O4 - Startup: Kuma_Tray.lnk = C:\Program Files\Kuma Games\kgsystray\Kuma_tray.exe
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12

    \ONENOTEM.EXE
    O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare

    software\bin\EasyShare.exe
    O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZRfox000
    O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI

    RoboForm\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12

    \EXCEL.EXE/3000
    O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI

    RoboForm\RoboFormComFillForms.html
    O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI

    RoboForm\RoboFormComShowToolbar.html
    O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI

    RoboForm\RoboFormComSavePass.html
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2

    \Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1

    \MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber

    Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program

    Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI

    RoboForm\RoboFormComSavePass.html
    O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program

    Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: SmartShopper - Compare product prices - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEBF} -

    C:\Program Files\Smart-Shopper\Bin\2.5.1\Smrt-Shpr.dll
    O9 - Extra button: SmartShopper - Compare travel rates - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} -

    C:\Program Files\Smart-Shopper\Bin\2.5.1\Smrt-Shpr.dll
    O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk

    Messenger\Paltalk.exe
    O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Program Files\Winferno\PC

    Confidential\PCConfidential.exe
    O9 - Extra 'Tools' menuitem: PC Confidential - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Program

    Files\Winferno\PC Confidential\PCConfidential.exe
    O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber

    Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program

    Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra button: PC Confidential - {925DAB62-F9AC-4221-806A-057BFB1014AA} - C:\Program Files\Winferno\PC

    Confidential\PCConfidential.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12

    \REFIEBAR.DLL
    O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} -

    C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
    O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} -

    C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
    O13 - Gopher Prefix:
    O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%

    20Files/Escape%20Rosecliff%20Island/Images/stg_drm.ocx
    O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%

    20Files/Mystery%20P.I.%20-%20Lost%20in%20Los%20Angeles/Images/armhelper.ocx
    O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google

    Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common

    Files\ArcSoft\Connection Service\Bin\ACService.exe
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32

    \agrsmsvc.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common

    Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device

    Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Defender Pro Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program

    Files\Common Files\Defender Pro\Defender Pro Arrakis Server\bin\arrakis3.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - c:\Program

    Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program

    Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\eMachines Games\eMachines Game

    Console\GameConsoleService.exe
    O23 - Service: Google Desktop Manager 5.9.909.30391 (GoogleDesktopManager-093009-130223) - Google -

    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Update Service (gupdate1c9a1e0b0d3f1a0) (gupdate1c9a1e0b0d3f1a0) - Google Inc. -

    C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google

    Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common

    Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner -

    C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Defender Pro Update Service (LIVESRV) - Defender Pro - C:\Program Files\Common Files\Defender

    Pro\Defender Pro Update Service\livesrv.exe
    O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
    O23 - Service: lxdu_device -   - C:\Windows\system32\lxducoms.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: RelevantKnowledge - TMRG, Inc. - C:\Program Files\RelevantKnowledge\rlservice.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program

    Files\CyberLink\Shared files\RichVideo.exe
    O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9

    \RoxioUPnPRenderer9.exe
    O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9

    \RoxioUpnpService9.exe
    O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio

    Shared\9.0\SharedCOM\RoxLiveShare9.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0

    \SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio

    Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: Seekapp Service - Unknown owner - C:\ProgramData\Seekapp\seekapp132.exe
    O23 - Service: SeekappSrch Service - Unknown owner - C:\ProgramData\SeekappSrch\seekapp163.exe (file missing)
    O23 - Service: Defender Pro Virus Shield (VSSERV) - Defender Pro - C:\Program Files\Defender Pro\Defender

    Pro\vsserv.exe
    O23 - Service: Wyyo Service - Unknown owner - C:\ProgramData\Wyyo\wyyo127.exe (file missing)
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!

    \SoftwareUpdate\YahooAUService.exe

    --
    End of file - 18768 bytes
    « Last Edit: March 25, 2010, 06:33:51 PM by lolopop81 »
    Logged

    Dr Jay

    • Malware Removal Specialist


      • Specialist
    • Moderator emeritus
      • Thanked: 119
    • Experience: Guru
    • OS: Windows 10
    Re: Zwangie is affecting my PC!!! I need help please. I got a hijackthis log
    « Reply #1 on: March 26, 2010, 08:44:15 PM »
    Please download ComboFix from BleepingComputer.com

    Alternate link: GeeksToGo.com

    Alternate link: Forospyware.com

    Rename ComboFix.exe to commy.exe before you save it to your Desktop
    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
    • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

    Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


    • Click on Yes, to continue scanning for malware.
    • When finished, it shall produce a log for you.  Please include the contents of C:\ComboFix.txt in your next reply.
    Logged
    ~Dr Jay

    Dr Jay

    • Malware Removal Specialist


      • Specialist
    • Moderator emeritus
      • Thanked: 119
    • Experience: Guru
    • OS: Windows 10
    Re: Zwangie is affecting my PC!!! I need help please. I got a hijackthis log
    « Reply #2 on: April 05, 2010, 08:40:08 PM »
    Due to lack of feedback, this topic is now closed. If you need the topic re-opened, PM a moderator and they shall unlock it.

    =>CLOSED
    Logged
    ~Dr Jay
    Pages: [1]   Go Up
    « previous next »