Having a problem with "zcom_ad" running on shutdown

Discussion in 'Windows - Virus and spyware problems' started by jsprang, May 23, 2006.

  1. jsprang

    jsprang Member

    Joined:
    May 15, 2006
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    11
    Logfile of HijackThis v1.99.1
    Scan saved at 10:55:00 PM, on 5/23/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\X3watch\x3watch.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Juno\exec.exe
    C:\Program Files\Juno\exec.exe
    C:\Program Files\Juno\qsacc\x1exec.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\HJT\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.juno.com/s/search?r=minisearch
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.juno.com/s/search?r=minisearch
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eamxo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.juno.com/s/search?r=minisearch
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.juno.com/s/search?r=minisearch
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.juno.com/s/search?r=minisearch
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.juno.com/s/search?r=minisearch
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:7900
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 64.136.29.30;64.136.21.30;64.136.29.34;searchap.untd.com;127.0.0.1;localhost;*microsoft.com;*windowsupdate.com;*wustat.windows.com;*.pogo.com;*.worldwinner.com;*test-speed.com;liveupdate.symantecliveupdate.com;*symantec.com;*.nai.com;*.networkassociates.com;*photosite.com;*.dir.untd.com;*.prod.untd.com;<local>
    R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\JUSearch\SearchEnh1.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Popup-Blocker Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\Juno\qsacc\X1IEBHO.dll
    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O3 - Toolbar: JunoBar - {5854FAC4-5BF0-47DD-B5A9-A5EA8CFF3CF4} - C:\Program Files\Juno\Toolbar.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [x3watch] C:\Program Files\X3watch\x3watch.exe
    O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [spc_w] "C:\Program Files\JUSearch\juspc.exe" -w
    O4 - HKCU\..\Run: [Juno_uoltray] C:\Program Files\Juno\exec.exe regrun
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\RunOnce: [untd_recovery] "C:\Program Files\Juno\qsacc\x1exec.exe"
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\Juno\qsacc\appres.dll/228
    O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\Juno\qsacc\appres.dll/227
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8FF57ECD-8B0B-4D2E-B57C-4382D112420E}: NameServer = 64.136.20.121 64.136.28.121
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\system32\lxcgcoms.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
     
    jsprang, May 23, 2006
    #1
  2. JaPK

    JaPK Regular member

    Joined:
    Feb 23, 2006
    Messages:
    1,269
    Likes Received:
    0
    Trophy Points:
    46
    You don't have a firewall on your computer. Download and install one firewall.

    These are good (free) firewalls:
    ZoneAlarm --> http://www.zonelabs.com
    Kerio--> http://www.sunbelt-software.com/Kerio.cfm
    Outpost-> http://www.agnitum.com

    Cleaning instructions:

    Update your Ewido.

    Go to Control Panel -> Add/Remove programs -> Remove PartyPoker if found

    Run HijackThis. Press Do a system scan only, then close all other windows, checkmark the following entries and press Fix checked

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)

    Fix this too if you haven't blocked access to Internet Explorer settings:

    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

    The Zcom_AD belongs to your Internet Service Provider software. It can be disabled by fixing this entry with HijackThis:

    O4 - HKCU\..\Run: [Juno_uoltray] C:\Program Files\Juno\exec.exe regrun

    Make your hidden files visible -> http://www.bleepingcomputer.com/tutorials/tutorial62.html
    Restart your computer to the safemode -> http://www.pchell.com/support/safemode.shtml

    Delete these folders (if found):
    C:\Program Files\PartyPoker

    Scan and clean your computer with Ewido and save the report.

    Clean the Recycle bin and make your hidden files visible again.

    Restart your computer normally.

    Post the following logs to here:
    -> a fresh HijackThis log
    -> Ewido's log
     
    JaPK, May 24, 2006
    #2
  3. jsprang

    jsprang Member

    Joined:
    May 15, 2006
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    11
    ---------------------------------------------------------
    ewido anti-malware - Scan report
    ---------------------------------------------------------

    + Created on: 4:21:23 PM, 5/24/2006
    + Report-Checksum: 85290DC1

    + Scan result:

    :mozilla.24:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
    :mozilla.25:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
    :mozilla.26:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
    :mozilla.27:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
    :mozilla.28:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
    :mozilla.29:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
    :mozilla.38:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
    :mozilla.39:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
    :mozilla.41:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
    :mozilla.42:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
    :mozilla.43:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
    :mozilla.44:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
    :mozilla.47:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
    :mozilla.48:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
    :mozilla.49:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
    :mozilla.50:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
    :mozilla.51:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
    :mozilla.52:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
    :mozilla.54:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
    :mozilla.55:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
    :mozilla.56:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
    :mozilla.57:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup
    :mozilla.75:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
    :mozilla.76:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
    :mozilla.77:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
    :mozilla.78:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
    :mozilla.91:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    :mozilla.92:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    :mozilla.93:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    :mozilla.97:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
    :mozilla.98:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
    :mozilla.99:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
    :mozilla.100:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
    :mozilla.101:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
    :mozilla.102:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup
    :mozilla.120:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
    :mozilla.121:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
    :mozilla.122:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
    :mozilla.123:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
    :mozilla.126:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
    :mozilla.127:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.128:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.129:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.130:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
    :mozilla.131:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
    :mozilla.132:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
    :mozilla.152:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
    :mozilla.153:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
    :mozilla.154:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
    :mozilla.155:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
    :mozilla.171:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
    :mozilla.184:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
    :mozilla.185:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
    :mozilla.186:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
    :mozilla.202:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
    :mozilla.203:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
    :mozilla.210:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
    :mozilla.211:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
    :mozilla.212:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
    :mozilla.213:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
    :mozilla.214:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
    :mozilla.215:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
    :mozilla.216:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
    :mozilla.217:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
    :mozilla.218:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
    :mozilla.219:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
    :mozilla.220:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
    :mozilla.221:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
    :mozilla.222:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
    :mozilla.223:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
    :mozilla.224:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
    :mozilla.225:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
    :mozilla.226:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
    :mozilla.227:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
    C:\Documents and Settings\Jonathan Sprang\Cookies\jonathan sprang@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Jonathan Sprang\Cookies\jonathan sprang@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    C:\Documents and Settings\Jonathan Sprang\Cookies\jonathan sprang@adrevolver[3].txt -> TrackingCookie.Adrevolver : Cleaned with backup
    C:\Documents and Settings\Jonathan Sprang\Cookies\jonathan sprang@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned with backup
    C:\Documents and Settings\Jonathan Sprang\Cookies\jonathan sprang@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned with backup
    C:\Documents and Settings\Jonathan Sprang\Cookies\jonathan sprang@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup
    C:\Documents and Settings\Jonathan Sprang\Cookies\jonathan sprang@as.casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup
    C:\Documents and Settings\Jonathan Sprang\Cookies\jonathan sprang@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
    C:\Documents and Settings\Jonathan Sprang\Cookies\jonathan sprang@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned with backup
    C:\Documents and Settings\Jonathan Sprang\Cookies\jonathan sprang@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup
    C:\Documents and Settings\Jonathan Sprang\Cookies\jonathan sprang@counter2.hitslink[2].txt -> TrackingCookie.Hitslink : Cleaned with backup
    C:\Documents and Settings\Jonathan Sprang\Cookies\jonathan sprang@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
    C:\Documents and Settings\Jonathan Sprang\Cookies\jonathan sprang@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned with backup
    C:\Documents and Settings\Jonathan Sprang\Cookies\jonathan sprang@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup
    C:\Documents and Settings\Jonathan Sprang\Cookies\jonathan sprang@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup
    C:\Documents and Settings\Jonathan Sprang\Cookies\jonathan sprang@overture[2].txt -> TrackingCookie.Overture : Cleaned with backup
    C:\Documents and Settings\Jonathan Sprang\Cookies\jonathan sprang@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned with backup
    C:\Documents and Settings\Jonathan Sprang\Cookies\jonathan sprang@sales.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup
    C:\Documents and Settings\Jonathan Sprang\Cookies\jonathan sprang@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup
    C:\Documents and Settings\Jonathan Sprang\Cookies\jonathan sprang@targetnet[1].txt -> TrackingCookie.Targetnet : Cleaned with backup
    C:\Documents and Settings\Jonathan Sprang\Cookies\jonathan sprang@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned with backup
    C:\Documents and Settings\Jonathan Sprang\Cookies\jonathan sprang@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned with backup
    C:\Documents and Settings\Jonathan Sprang\Cookies\jonathan sprang@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
    C:\Documents and Settings\Jonathan Sprang\Cookies\jonathan sprang@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned with backup
    C:\Documents and Settings\Jonathan Sprang\Cookies\jonathan sprang@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup
    C:\Documents and Settings\Meagan Sprang\Cookies\meagan sprang@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Meagan Sprang\Cookies\meagan sprang@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned with backup
    C:\Documents and Settings\Meagan Sprang\Cookies\meagan sprang@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup
    C:\Documents and Settings\Meagan Sprang\Cookies\meagan sprang@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
    C:\Documents and Settings\Meagan Sprang\Cookies\meagan sprang@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned with backup
    C:\Documents and Settings\Meagan Sprang\Cookies\meagan sprang@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned with backup
    C:\Documents and Settings\Meagan Sprang\Cookies\meagan sprang@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup
    C:\Documents and Settings\Meagan Sprang\Cookies\meagan sprang@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup
    C:\Documents and Settings\Meagan Sprang\Cookies\meagan sprang@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
    C:\Documents and Settings\Meagan Sprang\Cookies\meagan sprang@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned with backup


    ::Report End


    Logfile of HijackThis v1.99.1
    Scan saved at 9:39:53 AM, on 5/24/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\X3watch\x3watch.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Juno\exec.exe
    C:\Program Files\Juno\exec.exe
    C:\Program Files\Juno\qsacc\x1exec.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\HJT\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.juno.com/s/search?r=minisearch
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.juno.com/s/search?r=minisearch
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eamxo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.juno.com/s/search?r=minisearch
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.juno.com/s/search?r=minisearch
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.juno.com/s/search?r=minisearch
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.juno.com/s/search?r=minisearch
    R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\JUSearch\SearchEnh1.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Popup-Blocker Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\Juno\qsacc\X1IEBHO.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: JunoBar - {5854FAC4-5BF0-47DD-B5A9-A5EA8CFF3CF4} - C:\Program Files\Juno\Toolbar.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [x3watch] C:\Program Files\X3watch\x3watch.exe
    O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [spc_w] "C:\Program Files\JUSearch\juspc.exe" -w
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Juno_uoltray] C:\Program Files\Juno\exec.exe regrun
    O4 - HKCU\..\RunOnce: [untd_recovery] "C:\Program Files\Juno\qsacc\x1exec.exe"
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\Juno\qsacc\appres.dll/228
    O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\Juno\qsacc\appres.dll/227
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\system32\lxcgcoms.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

     
    jsprang, May 24, 2006
    #3
  4. JaPK

    JaPK Regular member

    Joined:
    Feb 23, 2006
    Messages:
    1,269
    Likes Received:
    0
    Trophy Points:
    46
    Looks clean now :) Are you having any problems?

    Install a firewall.

    You have an outdated Java, the latest version is 1.5.0_06 and you're having 1.4.2_03.

    So we are going to update your Java because the old version has all kinds of vulnerabilities:

    1. Click "Start" -> "Control Panel" and double-click "Java" icon (coffee cup)
    2. Move to "Update" tab and update Java by clicking "Update Now".
    3. Do a restart.

    4. If you can't make automatic update, get new version manually from here -> http://www.java.com/en/download/manual.jsp
    5. Remove the old Java from the Control Panel -> Add/Remove Programs if still found, it should be named like this Java 2 Runtime Environment, SE v1.4.2_03

    Now that you're clean, here are some tips how to stay clean.

    -> Clear your system restore -> http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx
    This will clear the system restore folders from possible malware that was left behind during the cleaning process. Remember to create a new restore point after the cleaning.

    -> Use CCleaner -> http://www.ccleaner.com
    Download and install CCleaner. Clean your registry and temporary files with it regularly.

    -> Use Ad-Aware -> http://www.bleepingcomputer.com/forums/?showtutorial=48
    Download and install Ad-Aware. Update it and scan your computer regularly with it.

    -> Use Ewido -> http://www.ewido.net/en
    Download and install Ewido. Update it and scan your computer regularly with it.

    -> Install SpywareBlaster -> http://www.javacoolsoftware.com/spywareblaster.html
    SpywareBlaster will prevent spyware from being installed to your computer.

    -> Install MVPS Hosts file -> http://mvps.org/winhelp2002/hosts.htm
    This prevents your computer from connecting to harmful sites.

    -> Change your browser to Firefox -> http://www.mozilla.org
    Firefox is faster, safer and quicker browser than Internet Explorer.

    -> Keep your systen up-to-date -> http://windowsupdate.microsoft.com
    Visit Windows Update regularly.

    -> Keep your antivirus and firewall up-to-date
    Scan your computer regularly with your antivirus.

    Stay clean ;)
     
    Last edited: May 24, 2006
    JaPK, May 24, 2006
    #4
  5. jsprang

    jsprang Member

    Joined:
    May 15, 2006
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    11
    Logfile of HijackThis v1.99.1
    Scan saved at 3:45:34 PM, on 5/25/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\X3watch\x3watch.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Juno\exec.exe
    C:\Program Files\Juno\exec.exe
    C:\Program Files\Juno\qsacc\x1exec.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\HJT\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.juno.com/s/search?r=minisearch
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.juno.com/s/search?r=minisearch
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eamxo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.juno.com/s/search?r=minisearch
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.juno.com/s/search?r=minisearch
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.juno.com/s/search?r=minisearch
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.juno.com/s/search?r=minisearch
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:7900
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 64.136.29.30;64.136.21.30;64.136.29.34;searchap.untd.com;127.0.0.1;localhost;*microsoft.com;*windowsupdate.com;*wustat.windows.com;*.pogo.com;*.worldwinner.com;*test-speed.com;liveupdate.symantecliveupdate.com;*symantec.com;*.nai.com;*.networkassociates.com;*photosite.com;*.dir.untd.com;*.prod.untd.com;<local>
    R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\JUSearch\SearchEnh1.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Popup-Blocker Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\Juno\qsacc\X1IEBHO.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: JunoBar - {5854FAC4-5BF0-47DD-B5A9-A5EA8CFF3CF4} - C:\Program Files\Juno\Toolbar.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [x3watch] C:\Program Files\X3watch\x3watch.exe
    O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKCU\..\Run: [spc_w] "C:\Program Files\JUSearch\juspc.exe" -w
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Juno_uoltray] C:\Program Files\Juno\exec.exe regrun
    O4 - HKCU\..\RunOnce: [untd_recovery] "C:\Program Files\Juno\qsacc\x1exec.exe"
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\Juno\qsacc\appres.dll/228
    O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\Juno\qsacc\appres.dll/227
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8FF57ECD-8B0B-4D2E-B57C-4382D112420E}: NameServer = 64.136.20.121 64.136.28.121
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\system32\lxcgcoms.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

    ---

    Thanks for your help.

    I downloaded all of those programs and ran them.

    The "zcom_ad" is still running on shutdown.

    If it's not harming the computer then i guess i don't need to worry about it. I just want to make sure.

    I know that you said that it had something to do with the internet software but we've had this software for a while now and only recently did the "zcom_ad" start popping up on shutdown.

    Let me know if I need to do something else.
     
    jsprang, May 25, 2006
    #5
  6. JaPK

    JaPK Regular member

    Joined:
    Feb 23, 2006
    Messages:
    1,269
    Likes Received:
    0
    Trophy Points:
    46
    JaPK, May 25, 2006
    #6
  7. jsprang

    jsprang Member

    Joined:
    May 15, 2006
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    11
    thanks so much i've DL the zone alarm firewall and will install it tonight after work.

    thanks again for all your help
     
    jsprang, May 26, 2006
    #7
  8. JaPK

    JaPK Regular member

    Joined:
    Feb 23, 2006
    Messages:
    1,269
    Likes Received:
    0
    Trophy Points:
    46
    You're welcome :)
     
    JaPK, May 26, 2006
    #8

Share This Page