|
|
|
Having a problem with "zcom_ad" running on shutdown
|
|
|
jsprang
Newbie
|
23. May 2006 @ 19:02 |
Link to this message
|
Logfile of HijackThis v1.99.1
Scan saved at 10:55:00 PM, on 5/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\X3watch\x3watch.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Juno\exec.exe
C:\Program Files\Juno\exec.exe
C:\Program Files\Juno\qsacc\x1exec.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.juno.com/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.juno.com/s/search?r=minisearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eamxo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.juno.com/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.juno.com/s/search?r=minisearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.juno.com/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.juno.com/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:7900
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 64.136.29.30;64.136.21.30;64.136.29.34;searchap.untd.com;127.0.0.1;localhost;*microsoft.com;*windowsupdate.com;*wustat.windows.com;*.pogo.com;*.worldwinner.com;*test-speed.com;liveupdate.symantecliveupdate.com;*symantec.com;*.nai.com;*.networkassociates.com;*photosite.com;*.dir.untd.com;*.prod.untd.com;<local>
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\JUSearch\SearchEnh1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Popup-Blocker Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\Juno\qsacc\X1IEBHO.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: JunoBar - {5854FAC4-5BF0-47DD-B5A9-A5EA8CFF3CF4} - C:\Program Files\Juno\Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [x3watch] C:\Program Files\X3watch\x3watch.exe
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\JUSearch\juspc.exe" -w
O4 - HKCU\..\Run: [Juno_uoltray] C:\Program Files\Juno\exec.exe regrun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [untd_recovery] "C:\Program Files\Juno\qsacc\x1exec.exe"
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\Juno\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\Juno\qsacc\appres.dll/227
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{8FF57ECD-8B0B-4D2E-B57C-4382D112420E}: NameServer = 64.136.20.121 64.136.28.121
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
|
|
Advertisement
|
|
|
|
Senior Member
|
24. May 2006 @ 02:27 |
Link to this message
|
You don't have a firewall on your computer. Download and install one firewall.
These are good (free) firewalls:
ZoneAlarm --> http://www.zonelabs.com
Kerio--> http://www.sunbelt-software.com/Kerio.cfm
Outpost-> http://www.agnitum.com
Cleaning instructions:
Update your Ewido.
Go to Control Panel -> Add/Remove programs -> Remove PartyPoker if found
Run HijackThis. Press Do a system scan only, then close all other windows, checkmark the following entries and press Fix checked
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
Fix this too if you haven't blocked access to Internet Explorer settings:
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
The Zcom_AD belongs to your Internet Service Provider software. It can be disabled by fixing this entry with HijackThis:
O4 - HKCU\..\Run: [Juno_uoltray] C:\Program Files\Juno\exec.exe regrun
Make your hidden files visible -> http://www.bleepingcomputer.com/tutorials/tutorial62.html
Restart your computer to the safemode -> http://www.pchell.com/support/safemode.shtml
Delete these folders (if found):
C:\Program Files\PartyPoker
Scan and clean your computer with Ewido and save the report.
Clean the Recycle bin and make your hidden files visible again.
Restart your computer normally.
Post the following logs to here:
-> a fresh HijackThis log
-> Ewido's log
|
|
jsprang
Newbie
|
24. May 2006 @ 12:23 |
Link to this message
|
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 4:21:23 PM, 5/24/2006
+ Report-Checksum: 85290DC1
+ Scan result:
:mozilla.24:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.121:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.122:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
:mozilla.127:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.128:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.129:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.130:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.131:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.132:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.152:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.153:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.154:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.155:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.171:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.184:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.185:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.186:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.202:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.203:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.210:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.211:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.212:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.213:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.214:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.215:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.216:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.217:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.218:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.219:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.220:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.221:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.222:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.223:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.224:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.225:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.226:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.227:C:\Documents and Settings\Jonathan Sprang\Application Data\Mozilla\Firefox\Profiles\m1dpmnf2.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\Jonathan Sprang\Cookies\jonathan sprang@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Jonathan Sprang\Cookies\jonathan sprang@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Jonathan Sprang\Cookies\jonathan sprang@adrevolver[3].txt -> TrackingCookie.Adrevolver : Cleaned with backup
C:\Documents and Settings\Jonathan Sprang\Cookies\jonathan sprang@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Jonathan Sprang\Cookies\jonathan sprang@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Jonathan Sprang\Cookies\jonathan sprang@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\Jonathan Sprang\Cookies\jonathan sprang@as.casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Jonathan Sprang\Cookies\jonathan sprang@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Jonathan Sprang\Cookies\jonathan sprang@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Jonathan Sprang\Cookies\jonathan sprang@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Jonathan Sprang\Cookies\jonathan sprang@counter2.hitslink[2].txt -> TrackingCookie.Hitslink : Cleaned with backup
C:\Documents and Settings\Jonathan Sprang\Cookies\jonathan sprang@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Jonathan Sprang\Cookies\jonathan sprang@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Jonathan Sprang\Cookies\jonathan sprang@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Jonathan Sprang\Cookies\jonathan sprang@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Jonathan Sprang\Cookies\jonathan sprang@overture[2].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Jonathan Sprang\Cookies\jonathan sprang@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Jonathan Sprang\Cookies\jonathan sprang@sales.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Jonathan Sprang\Cookies\jonathan sprang@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Jonathan Sprang\Cookies\jonathan sprang@targetnet[1].txt -> TrackingCookie.Targetnet : Cleaned with backup
C:\Documents and Settings\Jonathan Sprang\Cookies\jonathan sprang@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\Jonathan Sprang\Cookies\jonathan sprang@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Jonathan Sprang\Cookies\jonathan sprang@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Jonathan Sprang\Cookies\jonathan sprang@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned with backup
C:\Documents and Settings\Jonathan Sprang\Cookies\jonathan sprang@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\Meagan Sprang\Cookies\meagan sprang@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Meagan Sprang\Cookies\meagan sprang@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Meagan Sprang\Cookies\meagan sprang@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\Meagan Sprang\Cookies\meagan sprang@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Meagan Sprang\Cookies\meagan sprang@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Meagan Sprang\Cookies\meagan sprang@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Meagan Sprang\Cookies\meagan sprang@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Meagan Sprang\Cookies\meagan sprang@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Meagan Sprang\Cookies\meagan sprang@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Meagan Sprang\Cookies\meagan sprang@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned with backup
::Report End
Logfile of HijackThis v1.99.1
Scan saved at 9:39:53 AM, on 5/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\X3watch\x3watch.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Juno\exec.exe
C:\Program Files\Juno\exec.exe
C:\Program Files\Juno\qsacc\x1exec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.juno.com/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.juno.com/s/search?r=minisearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eamxo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.juno.com/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.juno.com/s/search?r=minisearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.juno.com/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.juno.com/s/search?r=minisearch
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\JUSearch\SearchEnh1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Popup-Blocker Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\Juno\qsacc\X1IEBHO.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: JunoBar - {5854FAC4-5BF0-47DD-B5A9-A5EA8CFF3CF4} - C:\Program Files\Juno\Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [x3watch] C:\Program Files\X3watch\x3watch.exe
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\JUSearch\juspc.exe" -w
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Juno_uoltray] C:\Program Files\Juno\exec.exe regrun
O4 - HKCU\..\RunOnce: [untd_recovery] "C:\Program Files\Juno\qsacc\x1exec.exe"
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\Juno\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\Juno\qsacc\appres.dll/227
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
|
Senior Member
|
24. May 2006 @ 21:07 |
Link to this message
|
Looks clean now :) Are you having any problems?
Install a firewall.
You have an outdated Java, the latest version is 1.5.0_06 and you're having 1.4.2_03.
So we are going to update your Java because the old version has all kinds of vulnerabilities:
1. Click "Start" -> "Control Panel" and double-click "Java" icon (coffee cup)
2. Move to "Update" tab and update Java by clicking "Update Now".
3. Do a restart.
4. If you can't make automatic update, get new version manually from here -> http://www.java.com/en/download/manual.jsp
5. Remove the old Java from the Control Panel -> Add/Remove Programs if still found, it should be named like this Java 2 Runtime Environment, SE v1.4.2_03
Now that you're clean, here are some tips how to stay clean.
-> Clear your system restore -> http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore...
This will clear the system restore folders from possible malware that was left behind during the cleaning process. Remember to create a new restore point after the cleaning.
-> Use CCleaner -> http://www.ccleaner.com
Download and install CCleaner. Clean your registry and temporary files with it regularly.
-> Use Ad-Aware -> http://www.bleepingcomputer.com/forums/?showtutorial=48
Download and install Ad-Aware. Update it and scan your computer regularly with it.
-> Use Ewido -> http://www.ewido.net/en
Download and install Ewido. Update it and scan your computer regularly with it.
-> Install SpywareBlaster -> http://www.javacoolsoftware.com/spywareblaster.html
SpywareBlaster will prevent spyware from being installed to your computer.
-> Install MVPS Hosts file -> http://mvps.org/winhelp2002/hosts.htm
This prevents your computer from connecting to harmful sites.
-> Change your browser to Firefox -> http://www.mozilla.org
Firefox is faster, safer and quicker browser than Internet Explorer.
-> Keep your systen up-to-date -> http://windowsupdate.microsoft.com
Visit Windows Update regularly.
-> Keep your antivirus and firewall up-to-date
Scan your computer regularly with your antivirus.
Stay clean ;)
This message has been edited since posting. Last time this message was edited on 24. May 2006 @ 21:08
|
|
jsprang
Newbie
|
25. May 2006 @ 11:46 |
Link to this message
|
Logfile of HijackThis v1.99.1
Scan saved at 3:45:34 PM, on 5/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\X3watch\x3watch.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Juno\exec.exe
C:\Program Files\Juno\exec.exe
C:\Program Files\Juno\qsacc\x1exec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.juno.com/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.juno.com/s/search?r=minisearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eamxo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.juno.com/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.juno.com/s/search?r=minisearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.juno.com/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.juno.com/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:7900
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 64.136.29.30;64.136.21.30;64.136.29.34;searchap.untd.com;127.0.0.1;localhost;*microsoft.com;*windowsupdate.com;*wustat.windows.com;*.pogo.com;*.worldwinner.com;*test-speed.com;liveupdate.symantecliveupdate.com;*symantec.com;*.nai.com;*.networkassociates.com;*photosite.com;*.dir.untd.com;*.prod.untd.com;<local>
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\JUSearch\SearchEnh1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Popup-Blocker Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\Juno\qsacc\X1IEBHO.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: JunoBar - {5854FAC4-5BF0-47DD-B5A9-A5EA8CFF3CF4} - C:\Program Files\Juno\Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [x3watch] C:\Program Files\X3watch\x3watch.exe
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\JUSearch\juspc.exe" -w
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Juno_uoltray] C:\Program Files\Juno\exec.exe regrun
O4 - HKCU\..\RunOnce: [untd_recovery] "C:\Program Files\Juno\qsacc\x1exec.exe"
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\Juno\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\Juno\qsacc\appres.dll/227
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{8FF57ECD-8B0B-4D2E-B57C-4382D112420E}: NameServer = 64.136.20.121 64.136.28.121
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
---
Thanks for your help.
I downloaded all of those programs and ran them.
The "zcom_ad" is still running on shutdown.
If it's not harming the computer then i guess i don't need to worry about it. I just want to make sure.
I know that you said that it had something to do with the internet software but we've had this software for a while now and only recently did the "zcom_ad" start popping up on shutdown.
Let me know if I need to do something else.
|
Senior Member
|
25. May 2006 @ 19:19 |
Link to this message
|
|
|
|
jsprang
Newbie
|
26. May 2006 @ 07:15 |
Link to this message
|
|
thanks so much i've DL the zone alarm firewall and will install it tonight after work.
thanks again for all your help
|
|
Advertisement
|
|
|
Senior Member
|
26. May 2006 @ 09:29 |
Link to this message
|
|
You're welcome :)
|
|
