Mobile/PDA About Us Advertise here
User User name Password  
  Not registered yet? Register here.
Lost your password? Click here. 		 
  Home   News   Guides   Downloads   Glossary   Hardware   Profiles   Forums   v4  
 Advertise at AfterDawn.com     Link to us!     Private messages     Compose a private message     List of all updated threads     Threads without replies     Search messages
Friday 31.10.2025 / 03:01
Search AfterDawn Forums:        In English   Suomeksi   På svenska
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > having a problem with "zcom_ad" running on shutdown
Show topics
 
Forums
Forums
Having a problem with "zcom_ad" running on shutdown
  Jump to:
 
Posted Message
jsprang
Newbie
_ 		23. May 2006 @ 19:02 _ Link to this message    Send private message to this user   
Logfile of HijackThis v1.99.1
Scan saved at 10:55:00 PM, on 5/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\X3watch\x3watch.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Juno\exec.exe
C:\Program Files\Juno\exec.exe
C:\Program Files\Juno\qsacc\x1exec.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.juno.com/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.juno.com/s/search?r=minisearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eamxo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.juno.com/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.juno.com/s/search?r=minisearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.juno.com/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.juno.com/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:7900
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 64.136.29.30;64.136.21.30;64.136.29.34;searchap.untd.com;127.0.0.1;localhost;*microsoft.com;*windowsupdate.com;*wustat.windows.com;*.pogo.com;*.worldwinner.com;*test-speed.com;liveupdate.symantecliveupdate.com;*symantec.com;*.nai.com;*.networkassociates.com;*photosite.com;*.dir.untd.com;*.prod.untd.com;<local>
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\JUSearch\SearchEnh1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Popup-Blocker Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\Juno\qsacc\X1IEBHO.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: JunoBar - {5854FAC4-5BF0-47DD-B5A9-A5EA8CFF3CF4} - C:\Program Files\Juno\Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [x3watch] C:\Program Files\X3watch\x3watch.exe
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\JUSearch\juspc.exe" -w
O4 - HKCU\..\Run: [Juno_uoltray] C:\Program Files\Juno\exec.exe regrun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [untd_recovery] "C:\Program Files\Juno\qsacc\x1exec.exe"
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\Juno\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\Juno\qsacc\appres.dll/227
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{8FF57ECD-8B0B-4D2E-B57C-4382D112420E}: NameServer = 64.136.20.121 64.136.28.121
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
[ + quote]
Advertisement
_ 		__
JaPK
Senior Member
_ 		24. May 2006 @ 02:27 _ Link to this message    Send private message to this user   
You don't have a firewall on your computer. Download and install one firewall.

These are good (free) firewalls:
ZoneAlarm --> http://www.zonelabs.com
Kerio--> http://www.sunbelt-software.com/Kerio.cfm
Outpost-> http://www.agnitum.com

Cleaning instructions:

Update your Ewido.

Go to Control Panel -> Add/Remove programs -> Remove PartyPoker if found

Run HijackThis. Press Do a system scan only, then close all other windows, checkmark the following entries and press Fix checked

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)

Fix this too if you haven't blocked access to Internet Explorer settings:

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

The Zcom_AD belongs to your Internet Service Provider software. It can be disabled by fixing this entry with HijackThis:

O4 - HKCU\..\Run: [Juno_uoltray] C:\Program Files\Juno\exec.exe regrun

Make your hidden files visible -> http://www.bleepingcomputer.com/tutorials/tutorial62.html
Restart your computer to the safemode -> http://www.pchell.com/support/safemode.shtml

Delete these folders (if found):
C:\Program Files\PartyPoker

Scan and clean your computer with Ewido and save the report.

Clean the Recycle bin and make your hidden files visible again.

Restart your computer normally.

Post the following logs to here:
-> a fresh HijackThis log
-> Ewido's log
[ + quote]
jsprang
Newbie
_ 		24. May 2006 @ 12:23 _ Link to this message    Send private message to this user   
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 4:21:23 PM, 5/24/2006
+ Report-Checksum: 85290DC1

+ Scan result:

:mozilla.24:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.121:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.122:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
:mozilla.127:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.128:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.129:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.130:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.131:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.132:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.152:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.153:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.154:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.155:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.171:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.184:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.185:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.186:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.202:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.203:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.210:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.211:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.212:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.213:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.214:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.215:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.216:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.217:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.218:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.219:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.220:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.221:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.222:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.223:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.224:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.225:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.226:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.227:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\Jonathan Sprang\Cookies\jonathan sprang@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Jonathan Sprang\Cookies\jonathan sprang@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Jonathan Sprang\Cookies\jonathan sprang@adrevolver[3].txt -> TrackingCookie.Adrevolver : Cleaned with backup
C:\Documents and Settings\Jonathan Sprang\Cookies\jonathan sprang@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Jonathan Sprang\Cookies\jonathan sprang@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Jonathan Sprang\Cookies\jonathan sprang@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\Jonathan Sprang\Cookies\jonathan sprang@as.casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Jonathan Sprang\Cookies\jonathan sprang@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Jonathan Sprang\Cookies\jonathan sprang@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Jonathan Sprang\Cookies\jonathan sprang@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Jonathan Sprang\Cookies\jonathan sprang@counter2.hitslink[2].txt -> TrackingCookie.Hitslink : Cleaned with backup
C:\Documents and Settings\Jonathan Sprang\Cookies\jonathan sprang@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Jonathan Sprang\Cookies\jonathan sprang@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Jonathan Sprang\Cookies\jonathan sprang@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Jonathan Sprang\Cookies\jonathan sprang@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Jonathan Sprang\Cookies\jonathan sprang@overture[2].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Jonathan Sprang\Cookies\jonathan sprang@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Jonathan Sprang\Cookies\jonathan sprang@sales.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Jonathan Sprang\Cookies\jonathan sprang@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Jonathan Sprang\Cookies\jonathan sprang@targetnet[1].txt -> TrackingCookie.Targetnet : Cleaned with backup
C:\Documents and Settings\Jonathan Sprang\Cookies\jonathan sprang@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\Jonathan Sprang\Cookies\jonathan sprang@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Jonathan Sprang\Cookies\jonathan sprang@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Jonathan Sprang\Cookies\jonathan sprang@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned with backup
C:\Documents and Settings\Jonathan Sprang\Cookies\jonathan sprang@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\Meagan Sprang\Cookies\meagan sprang@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Meagan Sprang\Cookies\meagan sprang@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Meagan Sprang\Cookies\meagan sprang@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\Meagan Sprang\Cookies\meagan sprang@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Meagan Sprang\Cookies\meagan sprang@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Meagan Sprang\Cookies\meagan sprang@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Meagan Sprang\Cookies\meagan sprang@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Meagan Sprang\Cookies\meagan sprang@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Meagan Sprang\Cookies\meagan sprang@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Meagan Sprang\Cookies\meagan sprang@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned with backup


::Report End


Logfile of HijackThis v1.99.1
Scan saved at 9:39:53 AM, on 5/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\X3watch\x3watch.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Juno\exec.exe
C:\Program Files\Juno\exec.exe
C:\Program Files\Juno\qsacc\x1exec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.juno.com/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.juno.com/s/search?r=minisearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eamxo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.juno.com/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.juno.com/s/search?r=minisearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.juno.com/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.juno.com/s/search?r=minisearch
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\JUSearch\SearchEnh1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Popup-Blocker Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\Juno\qsacc\X1IEBHO.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: JunoBar - {5854FAC4-5BF0-47DD-B5A9-A5EA8CFF3CF4} - C:\Program Files\Juno\Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [x3watch] C:\Program Files\X3watch\x3watch.exe
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\JUSearch\juspc.exe" -w
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Juno_uoltray] C:\Program Files\Juno\exec.exe regrun
O4 - HKCU\..\RunOnce: [untd_recovery] "C:\Program Files\Juno\qsacc\x1exec.exe"
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\Juno\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\Juno\qsacc\appres.dll/227
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
[ + quote]
JaPK
Senior Member
_ 		24. May 2006 @ 21:07 _ Link to this message    Send private message to this user   
Looks clean now :) Are you having any problems?

Install a firewall.

You have an outdated Java, the latest version is 1.5.0_06 and you're having 1.4.2_03.

So we are going to update your Java because the old version has all kinds of vulnerabilities:

1. Click "Start" -> "Control Panel" and double-click "Java" icon (coffee cup)
2. Move to "Update" tab and update Java by clicking "Update Now".
3. Do a restart.

4. If you can't make automatic update, get new version manually from here -> http://www.java.com/en/download/manual.jsp
5. Remove the old Java from the Control Panel -> Add/Remove Programs if still found, it should be named like this Java 2 Runtime Environment, SE v1.4.2_03

Now that you're clean, here are some tips how to stay clean.

-> Clear your system restore -> http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore...
This will clear the system restore folders from possible malware that was left behind during the cleaning process. Remember to create a new restore point after the cleaning.

-> Use CCleaner -> http://www.ccleaner.com
Download and install CCleaner. Clean your registry and temporary files with it regularly.

-> Use Ad-Aware -> http://www.bleepingcomputer.com/forums/?showtutorial=48
Download and install Ad-Aware. Update it and scan your computer regularly with it.

-> Use Ewido -> http://www.ewido.net/en
Download and install Ewido. Update it and scan your computer regularly with it.

-> Install SpywareBlaster -> http://www.javacoolsoftware.com/spywareblaster.html
SpywareBlaster will prevent spyware from being installed to your computer.

-> Install MVPS Hosts file -> http://mvps.org/winhelp2002/hosts.htm
This prevents your computer from connecting to harmful sites.

-> Change your browser to Firefox -> http://www.mozilla.org
Firefox is faster, safer and quicker browser than Internet Explorer.

-> Keep your systen up-to-date -> http://windowsupdate.microsoft.com
Visit Windows Update regularly.

-> Keep your antivirus and firewall up-to-date
Scan your computer regularly with your antivirus.

Stay clean ;)
[ + quote]

This message has been edited since posting. Last time this message was edited on 24. May 2006 @ 21:08
jsprang
Newbie
_ 		25. May 2006 @ 11:46 _ Link to this message    Send private message to this user   
Logfile of HijackThis v1.99.1
Scan saved at 3:45:34 PM, on 5/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\X3watch\x3watch.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Juno\exec.exe
C:\Program Files\Juno\exec.exe
C:\Program Files\Juno\qsacc\x1exec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.juno.com/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.juno.com/s/search?r=minisearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eamxo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.juno.com/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.juno.com/s/search?r=minisearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.juno.com/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.juno.com/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:7900
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 64.136.29.30;64.136.21.30;64.136.29.34;searchap.untd.com;127.0.0.1;localhost;*microsoft.com;*windowsupdate.com;*wustat.windows.com;*.pogo.com;*.worldwinner.com;*test-speed.com;liveupdate.symantecliveupdate.com;*symantec.com;*.nai.com;*.networkassociates.com;*photosite.com;*.dir.untd.com;*.prod.untd.com;<local>
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\JUSearch\SearchEnh1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Popup-Blocker Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\Juno\qsacc\X1IEBHO.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: JunoBar - {5854FAC4-5BF0-47DD-B5A9-A5EA8CFF3CF4} - C:\Program Files\Juno\Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [x3watch] C:\Program Files\X3watch\x3watch.exe
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\JUSearch\juspc.exe" -w
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Juno_uoltray] C:\Program Files\Juno\exec.exe regrun
O4 - HKCU\..\RunOnce: [untd_recovery] "C:\Program Files\Juno\qsacc\x1exec.exe"
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\Juno\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\Juno\qsacc\appres.dll/227
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{8FF57ECD-8B0B-4D2E-B57C-4382D112420E}: NameServer = 64.136.20.121 64.136.28.121
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

---

Thanks for your help.

I downloaded all of those programs and ran them.

The "zcom_ad" is still running on shutdown.

If it's not harming the computer then i guess i don't need to worry about it. I just want to make sure.

I know that you said that it had something to do with the internet software but we've had this software for a while now and only recently did the "zcom_ad" start popping up on shutdown.

Let me know if I need to do something else.
[ + quote]
JaPK
Senior Member
_ 		25. May 2006 @ 19:19 _ Link to this message    Send private message to this user   
Ok good. You still don't have a firewall...

These are good (free) firewalls:
ZoneAlarm --> http://www.zonelabs.com
Kerio--> http://www.sunbelt-software.com/Kerio.cfm
Outpost-> http://www.agnitum.com

Yes this "zcom_ad" belongs to you ISP software and your log is clean :)
[ + quote]
jsprang
Newbie
_ 		26. May 2006 @ 07:15 _ Link to this message    Send private message to this user   
thanks so much i've DL the zone alarm firewall and will install it tonight after work.

thanks again for all your help
[ + quote]
Advertisement
_ 		__
 
_
JaPK
Senior Member
_ 		26. May 2006 @ 09:29 _ Link to this message    Send private message to this user   
You're welcome :)
[ + quote]
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > having a problem with "zcom_ad" running on shutdown
 

Digital video: AfterDawn.com | AfterDawn Forums
Music: MP3Lizard.com
Gaming: Blasteroids.com | Blasteroids Forums | Compare game prices
Software: Software downloads
Blogs: User profile pages
RSS feeds: AfterDawn.com News | Software updates | AfterDawn Forums
International: AfterDawn in Finnish | AfterDawn in Swedish | AfterDawn in Norwegian | download.fi
Navigate: Search | Site map
About us: About AfterDawn Ltd | Advertise on our sites | Rules, Restrictions, Legal disclaimer & Privacy policy
Contact us: Send feedback | Contact our media sales team
 
  © 1999-2025 by AfterDawn Ltd.

  IDG TechNetwork