0

I can't go to control panel to delete what i think started everything ZANGO!!!!!
I tried using adware 2007 pro but error 1810 come ups
this is my hijack this log file please help:Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:10:41 PM, on 11/21/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\WildTangent\Apps\GameChannel.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\System32\winter.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\America Online 8.0b\aoltray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\System32\rundll32.exe
c:\Program Files\AWS\WeatherBug\Weather.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner.NEDD.001\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us8.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us8.hpwis.com/
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\System32\proper.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: MSVPS System - {B35BBAFB-6C86-4EC4-919C-C3FFF30A6CA2} - C:\WINDOWS\popnetgdv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {D27987B8-7244-4DE0-AE10-39B826B492F1} - C:\WINDOWS\System32\bronto.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: The jokwmp - {1C56ED66-9488-4D8F-B028-8BBABABB8361} - C:\WINDOWS\jokwmp.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NAV CfgWiz] c:\PROGRA~1\NORTON~1\Cfgwiz.exe /R
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Undefined] C:\WINDOWS\System32\winter.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Undefined] C:\WINDOWS\System32\winter.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Weather] c:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: infos.exe
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0b\aoltray.exe
O4 - Global Startup: autos.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O21 - SSODL: sapnet - {3FD62490-3CB8-4249-BF08-1294551BF999} - C:\WINDOWS\sapnet.dll
O21 - SSODL: rmvgor - {29B00B54-C39F-4E44-A63E-C3F24B0CE6D3} - C:\WINDOWS\rmvgor.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 8113 bytes

3
Contributors
2
Replies
3
Views
9 Years
Discussion Span
Last Post by Zango Support
0

---------------------------------------------------------
C:\WINDOWS\System32\winter.exe

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\System32\proper.exe

O2 - BHO: (no name) - {D27987B8-7244-4DE0-AE10-39B826B492F1} - C:\WINDOWS\System32\bronto.dll

O3 - Toolbar: The jokwmp - {1C56ED66-9488-4D8F-B028-8BBABABB8361} - C:\WINDOWS\jokwmp.dll

O4 - HKCU\..\Run: [Undefined] C:\WINDOWS\System32\winter.exe

O4 - Startup: infos.exe

O4 - Global Startup: autos.exe

O21 - SSODL: sapnet - {3FD62490-3CB8-4249-BF08-1294551BF999} - C:\WINDOWS\sapnet.dll
O21 - SSODL: rmvgor - {29B00B54-C39F-4E44-A63E-C3F24B0CE6D3} - C:\WINDOWS\rmvgor.dll

---------------------------------------------------------
You are well infected with a number of trojans as you see from the list above. Removal of the SMITFRAUD class can be effected by refeence to this site: http://www.bleepingcomputer.com/forums/topic17258.html

The others can be removed via tortuous processes that can be found in the foru in posts talked through by Crunchie.

If you can get your data off to DVD or USB drive, I promise you that wiping your disk and reinstalling everything is the shortest route to recovery. Otherwise you'll spend days on this.

0

In your post you have listed Zango as a threat.
We would like to correct this listing.

Zango is a safe and secure program which will not harm users’ computer.

We are certainly aware of the ever-growing number of harmful applications that have surfaced on the Web.
Please be assured that Zango, unlike such applications, will always make the user’s privacy our top priority. Zango is a safe and secure program which installs itself only upon user's download and does nothing without the user's consent.

Following are some clarifications on the function of Zango's software:

1. Zango does not build personal profiles.
2. Zango does not gather any data you enter in online forms.
3. Zango does not access any sensitive information entered while surfing, such as account details, passwords, credit card information, products you purchase online, etc.
4. Zango’s installation does not install any third party applications. In addition, Zango can be installed only through a standard download process initiated by the user from Zango's websites and is easy to uninstall.

Unfortunately, it appears that some scanning applications have mistakenly included Zango on their lists. We are aware of this situation and our legal team is contacting these companies in order to be removed from their lists.

Zango is a user friendly program, and it is of paramount importance to us that our program will function properly and will be easily removed and installed.

To remove Zango from your computer, please do the following:

1. Close all open applications/programs/windows
2. Go to: 'Start' - 'Settings' - 'Control Panel' - 'Add\Remove Programs'
3. Click on 'Zango Browser and Wowpapers Tools'
4. Click 'Change/Remove' button
5. Check the components you wish to remove, click 'Next' and follow the on-screen instructions.
6. Restart your computer

Alternatively, you can use our uninstaller:
1. Click on the following link - http://installs.zango.com/downloads/Uninstaller/Uninstaller.exe
2. Click 'Run' and follow on-screen instructions
3. Restart your computer.

Zango support team can be easily contacted through our help site: http://catalog.zango.com/destination/corporate/supportform.aspx
or directly at: zangosustomersupport@zango.com

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.