Hi Deeth,
A newer version of service pack is available. Service packs increase the safety of your system. Visit Microsoft's windowsupdate site to download the newest version of the service pack.Furthermore we didn't detect any active process of a firewall on your system. Reasons maybe:
(1.) You are using the windows firewall or a hardware firewall.
(2.) You are using a firewall of an unknown vendor.
(3.) You are using a firewall, but for unknown reasons it is disabled
(4.) You don't use any firewall at all.
We recommend you to use a firewall. Download and install one or activate windows xp´s own one. In case you got questions or you want us to add the firewall you use to our database, contact us at our forum.
O4 - HKLM\..\Run: [pxikal] C:\WINDOWS\system32\sgjfxf.exe r Unknown application.
Check sgifxf.exe at virustotal.com, but I think this one is legit...
O4 - HKLM\..\Run: [MSN] wkssvr.exe WORM_RBOT.R. Nasty fix this entry using HJT
O4 - HKLM\..\Run: [ZangoSA] "C:\Program Files\Zango\bin\10.3.37.0\ZangoSA.exe" Neutral (3.16 / 5.00) Fix using HJT undesirable program..
O4 - HKCU\..\Run: [DeusExGotYSetup.exe] C:\DOCUME~1\ROSEMA~1\Desktop\DEUSEX~1.EXE /r Unknown application.
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) -
http://ak.imgag.com/imgag/cp/install/crusher-kiwen.cab Neutral
Check if you know this site and fix it if you do not. Unknown ActiveX-Objects, or ActiveX-Objects from unknown sites should always be fixed. If the name of the ActiveX-Object or the URL contains the words 'dialer', 'casino', 'free plugin' etc, it should be fixed!
Your system seems not to be clean of harmful software.
Overview of running tasks: (Click on the task for more info)
smss.exe
System task
Session Manager Subsystem
winlogon.exe
System task
Microsoft Windows Logon Process
services.exe
System task
Windows Service Controller
lsass.exe
System task
Local Security Authority Service
svchost.exe
System task
Microsoft Service Host Process
svchost.exe
System task
Microsoft Service Host Process
aswUpdSv.exe
Virusscan
Avast Anti-Virus Component
spoolsv.exe
System task
Microsoft Printer Spooler Service
Explorer.EXE
System task
Microsoft Windows Explorer
cisvc.exe
System task
Microsoft Index Service Helper
GoogleUpdaterService.exe
Backgroundtask
Service Component
mcdetect.exe
Security software
McAfee Security Centre Module
mcshield.exe
Virusscan
McAfee VirusScan
mctskshd.exe
Security software
McAfee Task Scheduler
igfxtray.exe
Application
Intel Graphics configuration and diagnostic application
hkcmd.exe
Application
Intel multimedia devices
DirectCD.exe
Backgroundtask
DirectCD primarily allows you to drag and drop files onto a suitably formatted CD-RW disc.
Support.exe
Unknown task
hpztsb05.exe
Application
HPDJ Taskbar Utility
WkUFind.exe
Backgroundtask
Microsoft Picture-It
mcvsshld.exe
Virusscan
McAfee VirusScan
oasclnt.exe
Virusscan
McAfee VirusScan Module
ybrwicon.exe
Application
BT Yahoo Browser
MotiveSB.exe
Backgroundtask
System tray icon for the Virtual Assistant from AT&T Broadband, used to communicate internet problems via the network rather than telephone.
jusched.exe
Backgroundtask
Sun Java Update Scheduler
mcvsescn.exe
Virusscan
mcvsescn
realsched.exe
Application
RealNetworks Scheduler
slserv.exe
System task
modem software on CLEVO 2200C/27
ycommon.exe
Application
Yahoo Common EXE Module
ctfmon.exe
System task
Alternative User Input Services
GoogleDesktop.exe
Backgroundtask
Google Desktop Search
ntvdm.exe
System task
Windows 16-bit Virtual Machine
mcvsftsn.exe
Virusscan
McAfee Instant Messenger Scan Module
GoogleDesktop.exe
Backgroundtask
Google Desktop Search
msmsgs.exe
Application
MSN Messenger
taskmgr.exe
System task
The Windows Task Manager.
jucheck.exe
Backgroundtask
Sun Java UpdateChecker Module
cidaemon.exe
System task
Microsoft Indexing Service
cidaemon.exe
System task
Microsoft Indexing Service
wuauclt.exe
System task
AutoUpdate for WindowsME
ashSimpl.exe
Virusscan
Virus scanner
iexplore.exe
Application
Microsoft Internet Explorer
usnsvc.exe
Application
Messenger Sharing USN Journal Reader Service
HijackThis.exe
Application
Merijn Hijackthis
//////////////////////////// Removal instructions for WORM_RBOT found on your computer....
Removing Autostart Entries from the Registry
Removing autostart entries from the registry prevents the malware from executing at startup.
1. Open Registry Editor. Click Start>Run, type REGEDIT, then press Enter.
2. In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>Software>Microsoft>
Windows>CurrentVersion>Run
3. In the right panel, locate and delete the entry:
Microsoft Updates ="WKSSVR.EXE"
4. In the left panel, double-click the following:
HKEY_CURRENT_USER>Software>Microsoft>
Windows>CurrentVersion>Run
5. In the right panel, locate and delete the entry:
Microsoft Updates ="WKSSVR.EXE"
6. In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>Software>Microsoft
Windows>CurrentVersion>RunServices
7. In the right panel, locate and delete the entry:
Microsoft Updates ="WKSSVR.EXE"
8. Close Registry Editor.
////////////////////////////////// Removal of Zango
1. COVERT ANALYSIS OF: ZANGOSA.EXE
* File Names Used: 2
* Paths Used: 8
* Common File Name: ZANGOSA.EXE
* Common Path: %programfiles%\zango\bin\10.0.253.0\
* Vendor Information: Zango, Inc.
* ZANGOSA.EXE may use 2 or more path and file names, these are the most common:
* File Name Structure: Normal
* File and Path Structure: Normal
2. RELATIONSHIP ANALYSIS OF: ZANGOSA.EXE
* Malicious Objects Created: None
* Malicious Creators: 1
* Malware Run Keys: None
* Self Persists:
* Antivirus Detection: No third party antivirus detection observed
* Anti-Spyware Detection: No third party anti-spyware detection observed
3. ACTIVITY ANALYSIS OF: ZANGOSA.EXE
* The following behaviors have been observed for this object:
* Invokes dll components.
* Runs other programs.
* Communicates with web sites using httpout protocols.
Step 1: Use Windows File Search Tool to Find ZangoSA.exe Path
1. Go to Start > Search > All Files or Folders.
2. In the "All or part of the the file name" section, type in "ZangoSA.exe" file name(s).
3. To get better results, select "Look in: Local Hard Drives" or "Look in: My Computer" and then click "Search" button.
4. When Windows finishes your search, hover over the "In Folder" of "ZangoSA.exe", highlight the file and copy/paste the path into the address bar. Save the file's path on your clipboard because you'll need the file path to delete ZangoSA.exe in the following manual removal steps.
Step 2: Use Windows Task Manager to Remove ZangoSA.exe Processes
1. To open the Windows Task Manager, use the combination of CTRL+ALT+DEL or CTRL+SHIFT+ESC.
2. Click on the "Image Name" button to search for "ZangoSA.exe" process by name.
3. Select the "ZangoSA.exe" process and click on the "End Process" button to kill it.
Step 3: Detect and Delete Other ZangoSA.exe Files
1. To open the Windows Command Prompt, go to Start > Run > cmd and then press the "OK" button.
2. Type in "dir /A name_of_the_folder" (for example, C:\Spyware-folder), which will display the folder's content even the hidden files.
3. To change directory, type in "cd name_of_the_folder".
4. Once you have the file you're looking for type in del "name_of_the_file".
5. To delete a file in folder, type in "del name_of_the_file".
6. To delete the entire folder, type in "rmdir /S name_of_the_folder".
7. Select the "ZangoSA.exe" process and click on the "End Process" button to kill it.
//////////////////////////////////////////////
polonus
