Content Top
DAL Computer Help » Internet Security Help » Spyware, Adware, Viruses and HijackThis Logs » Zonebac?(RESOLVED)

Recommended Fix

Click here to fix Windows Errors and Optimize Windows Performance

Need Computer Help?
Register Now for FREE

Zonebac?(RESOLVED)

Reply
Thread Tools
Spyware, Adware, Viruses and HijackThis Logs
  #1 (permalink)  
Old 10-11-2007, 02:13 PM
Newbie
D-A-L Newbie
  
Join Date: Aug 2007
Posts: 14
ratnamg Is a beginner here at D-A-L
Zonebac?(RESOLVED)
Hi
It seems my laptop got infected with zonebac. Can you please help me get this off?

here is my HJT log
Logfile of HijackThis v1.99.1
Scan saved at 7:12:17 AM, on 11/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\GtDetectSc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Drivers\trcboot.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IBM\tivoli\dcd\client\ISSI\cds\CDSWinSrv.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\C4ebreg\c4ebreg.exe
c:\sdwork\issimsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\rpcnet.exe
C:\WINDOWS\system32\cmd.exe
c:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\vnxserv.exe
C:\WINDOWS\wrtService.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\WINDOWS\system32\Drivers\ldlcserv.exe
C:\Program Files\IBM\tivoli\dcd\client\ISSI\_jvm\jre\bin\java .exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\NPDTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~2\SYMANT~2\VPTray.exe
C:\Program Files\C4ebreg\isamtray.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\notes\framework\shared\eclipse\plugins\com.ibm. productivity.tools.base.app.win32_3.0.0.20070725-1652\soffice.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\IBM\Infoprint Select\ipnotify.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\vpc32.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe
C:\Documents and Settings\Administrator\Desktop\Installed Programs\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://w3.ibm.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://w3.ibm.com/download/standardsoftware/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = www-blv-proxy.boeing.com:31060
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: VIPTToolbarManager Class - {1A2641AE-2C42-4C51-A05F-8ECEC3FDC94D} - C:\Program Files\Visual IP Trace\VisualIPTraceIE.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\IBM\Java50\jre\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\sw g.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Visual IP Trace - {E70C26AE-DFF1-40A8-8D37-19180F56F0AA} - C:\Program Files\Visual IP Trace\VisualIPTraceIE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [stgclean] c:\sdwork\w32main2.exe /cleanup
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrB kGndMonitor
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ISSI EZUpdate Service] "c:\sdwork\issimsvc.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBa ttLog
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [NPDTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1\NPDTray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [C4EBReg] "C:\Program Files\C4ebreg\c4ebreg.exe" /q
O4 - HKLM\..\Run: [Isamtray] "C:\Program Files\C4ebreg\isamtray.exe"
O4 - HKLM\..\Run: [TPTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SODCPreLoad] C:\notes\framework\shared\eclipse\plugins\com.ibm. productivity.tools.base.app.win32_3.0.0.20070725-1652\preload.exe C:\notes\data\workspace\.sodc\
O4 - HKCU\..\Run: [NetSP - restore settings on power failure] "C:\Program Files\AT&T Network Client\NetSP.exe" -show
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Infoprint Select Notification.lnk = C:\Program Files\IBM\Infoprint Select\ipnotify.exe
O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O11 - Options group: [INTERNATIONAL] International*
O11 - Options group: [JAVA_IBM] Java (IBM)
O14 - IERESET.INF: START_PAGE_URL=http://w3.ibm.com
O15 - Trusted Zone: http://research.ameritrade.com
O15 - Trusted Zone: *.doginhispen.com
O15 - Trusted Zone: *.whataboutadog.com
O15 - Trusted Zone: *.whataboutarabit.com
O16 - DPF: {00191E43-49C2-48E2-A548-8F702D75622A} - https://conference.oracle.com/imtapp...ar/cnsload.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1ACECAFE-0015-0000-0000-ABCDEFFEDCBA} (Java2 Runtime Environment 1.5.0) - http://
O16 - DPF: {253A9D23-F982-11D4-8BE4-00D0B7E61414} (SiebelHTMLApplication Class) - https://w3-113.ibm.com/transform/crm...siebelhtml.cab
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) - http://moneycentral.msn.com/cabs/pmupd806.exe
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {4788DE0A-3552-49EA-AC8C-233DA52523B9} (AxLoaderPassword Class) - http://www.blackberry.com/devicesoftware/AxLoader.cab
O16 - DPF: {68CDB19A-6305-4589-8C35-41E3502CD451} (Siebel Option Pack for IE 7.5.3) - https://w3-113.ibm.com/transform/crm...OptionPack.cab
O16 - DPF: {84B74E82-3475-420E-9949-773B4FB91771} (IBM Tivoli Provisioning Manager Express Information Gatherer) - https://d02ntcl02.ibm.com/objects/NotesGatherer.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java2 Runtime Environment 1.5.0) - http://
O16 - DPF: {8F4F3368-54CA-4268-8225-0F4367472CF4} (MailClient Class) - https://w3-113.ibm.com/transform/crm...MailClient.cab
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} (SopCore Control) - http://download.sopcast.com/download/SOPCORE.CAB
O16 - DPF: {9519B2A2-6592-4E41-8290-D0298459270C} (LNWebAssist Class) - http://w3.ibm.com/bluepages/scripts/lnwebassist.cab
O16 - DPF: {A4B28810-11A2-4956-82D1-B2DCBA4B2AFD} (gpwsx.plugin) - http://w3-3.ibm.com/tools/print/plugin/gpwsx.cab
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} (Java2 Runtime Environment 1.5.0) - http://
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0) - http://
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://boeing.webex.com/client/v_my...ex/ieatgpc.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://sslvpn.boeing.com/dana-cache...erSetupSP1.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{884EB2AF-EA97-471A-AD30-D8B7E76CFAEA}: Domain = ibm.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{884EB2AF-EA97-471A-AD30-D8B7E76CFAEA}: NameServer = 9.0.8.1,9.0.9.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{8DBFDAD0-E09A-48DA-9351-E67327B496F1}: NameServer = 129.172.51.40,130.42.5.12
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ibm.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = ibm.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ibm.com
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: atmgrtok - atmgrtok.dll (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: pcsinst - C:\WINDOWS\SYSTEM32\pcsinst.dll
O20 - Winlogon Notify: tpfnf2 - C:\WINDOWS\SYSTEM32\notifyf2.dll
O20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Atheros Configuration Service (acs) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AppnNode - IBM Corporation - C:\WINDOWS\system32\Drivers\appnnode.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Visualware CallerIP (CallerIP) - Unknown owner - C:\Program Files\CallerIP\cip-nt.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: IBM DCD Standard Client (DCDClient-ISSI) (DCDClient-ISSI) - Unknown owner - C:\Program Files\IBM\tivoli\dcd\client\ISSI\cds\CDSWinSrv.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Contivity VPN Service (ExtranetAccess) - Nortel Networks NA, Inc. - C:\Program Files\Nortel Networks\Extranet_serv.exe
O23 - Service: GT Detect (GtDetectSc) - OptionNV - C:\WINDOWS\system32\GtDetectSc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: IBM Standard Asset Manager Service (ISAMSvc) - IBM Corp. - C:\Program Files\C4ebreg\c4ebreg.exe
O23 - Service: ISSI EZUpdate (ISSIMon) - IBM Corp. - c:\sdwork\issimsvc.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: IBM Enterprise Extender (ldlcserv) - IBM Corporation - C:\WINDOWS\system32\Drivers\ldlcserv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\WINDOWS\system32\rpcnet.exe
O23 - Service: SAVRoam (SavRoam) - symantec - c:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: IBM Trace Facility (TrcBoot) - IBM Corporation - C:\WINDOWS\system32\Drivers\trcboot.exe
O23 - Service: Vsclient Service (VnxService) - Unknown owner - C:\WINDOWS\system32\vnxserv.exe
O23 - Service: WRT Service (WRTService) - Unknown owner - C:\WINDOWS\wrtService.exe





Here is my AWF Report


Find AWF report by noahdfear ©2006
Version 1.40

The current date is: Fri 11/09/2007
The current time is: 22:25:50.54


bak folders found
~~~~~~~~~~~


Directory of C:\SDWORK\BAK

07/09/2007 07:15 AM 204,800 issimsvc.exe
07/05/2007 09:32 AM 262,144 w32main2.exe
2 File(s) 466,944 bytes

Directory of C:\PROGRA~1\AT&TNE~1\BAK

03/01/2004 07:00 AM 8,704 NetSP.exe
1 File(s) 8,704 bytes

Directory of C:\PROGRA~1\C4EBREG\BAK

07/18/2007 01:55 PM 331,776 c4ebreg.exe
07/18/2007 01:55 PM 237,568 isamtray.exe
2 File(s) 569,344 bytes

Directory of C:\PROGRA~1\INFUZER\BAK

07/07/2005 04:49 PM 268,867 Infuzer.exe
1 File(s) 268,867 bytes

Directory of C:\PROGRA~1\ITUNES\BAK

09/07/2007 03:55 PM 267,064 iTunesHelper.exe
1 File(s) 267,064 bytes

Directory of C:\PROGRA~1\QUICKEN\BAK

05/07/2007 01:17 PM 87,592 bagent.exe
1 File(s) 87,592 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

06/29/2007 05:24 AM 286,720 QTTask.exe
1 File(s) 286,720 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

08/03/2004 11:00 PM 15,360 ctfmon.exe
09/17/2004 01:53 PM 45,056 VsClientFinder.exe
2 File(s) 60,416 bytes

Directory of C:\PROGRA~1\ANALOG~1\CORE\BAK

08/25/2006 05:46 AM 925,696 smax4pnp.exe
1 File(s) 925,696 bytes

Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\BAK

07/19/2006 06:26 PM 52,896 ccApp.exe
1 File(s) 52,896 bytes

Directory of C:\PROGRA~1\GOOGLE\GOOGLE~1\BAK

09/22/2007 09:30 AM 68,856 GoogleToolbarNotifier.exe
1 File(s) 68,856 bytes

Directory of C:\PROGRA~1\GRISOFT\AVGANT~1.5\BAK

06/11/2007 03:25 AM 6,731,312 avgas.exe
1 File(s) 6,731,312 bytes

Directory of C:\PROGRA~1\IBM\PERSON~1\BAK

09/06/2005 03:07 AM 28,672 tpam.exe
1 File(s) 28,672 bytes

Directory of C:\PROGRA~1\LAVASOFT\AD-AWA~2\BAK

08/08/2007 02:53 PM 88,024 AAWTray.exe
1 File(s) 88,024 bytes

Directory of C:\PROGRA~1\SIBERS~1\AIROBO~1\BAK

08/18/2007 10:22 AM 160,568 RoboTaskBarIcon.exe
1 File(s) 160,568 bytes

Directory of C:\PROGRA~1\SYMANT~2\SYMANT~2\BAK

09/27/2006 07:33 PM 125,168 VPTray.exe
1 File(s) 125,168 bytes

Directory of C:\PROGRA~1\SYNAPT~1\SYNTP\BAK

07/05/2007 06:07 PM 512,000 SynTPEnh.exe
07/05/2007 06:07 PM 110,592 SynTPLpr.exe
2 File(s) 622,592 bytes

Directory of C:\PROGRA~1\THINKPAD\CONNEC~1\BAK

04/17/2006 01:09 PM 409,600 ACTray.exe
04/17/2006 12:59 PM 98,304 ACWLIcon.exe
2 File(s) 507,904 bytes

Directory of C:\PROGRA~1\THINKPAD\UTILIT~1\BAK

10/28/2005 01:04 PM 864,256 TpKmapAp.exe
1 File(s) 864,256 bytes

Directory of C:\PROGRA~1\YAHOO!\MESSEN~1\BAK

11/30/2006 09:49 PM 4,662,776 YahooMessenger.exe
1 File(s) 4,662,776 bytes

Directory of C:\WINDOWS\IME\IMJP8_1\BAK

08/03/2004 11:00 PM 208,952 IMJPMIG.EXE
1 File(s) 208,952 bytes

Directory of C:\WINDOWS\SYSTEM32\DLA\BAK

11/15/2004 07:05 PM 127,035 tfswctrl.exe
1 File(s) 127,035 bytes

Directory of C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\BAK

09/11/2006 03:40 AM 218,032 ISUSPM.exe
1 File(s) 218,032 bytes

Directory of C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK

11/02/2006 02:37 PM 185,896 realsched.exe
1 File(s) 185,896 bytes

Directory of C:\PROGRA~1\LENOVO\PKGMGR\HOTKEY\BAK

05/10/2006 03:03 PM 94,208 TPHKMGR.exe
1 File(s) 94,208 bytes

Directory of C:\WINDOWS\SYSTEM32\IME\TINTLGNT\BAK

08/03/2004 11:00 PM 455,168 TINTSETP.EXE
1 File(s) 455,168 bytes

Directory of C:\PROGRA~1\COMMON~1\ROXIOS~1\9.0\SHARED~1\BAK

03/26/2007 06:07 AM 228,088 RoxWatchTray9.exe
1 File(s) 228,088 bytes

Directory of C:\PROGRA~1\IBM\TIVOLI\DCD\CLIENT\ISSI\BAK

0 File(s) 0 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

204800 Oct 10 2007 "C:\sdwork\issimsvc.exe"
204800 Jul 9 2007 "C:\sdwork\bak\issimsvc.exe"
266752 Oct 24 2007 "C:\sdwork\w32main2.exe"
262144 Jul 5 2007 "C:\sdwork\bak\w32main2.exe"
24576 Jan 13 2007 "C:\Program Files\AT&T Network Client\NetSP.exe"
8704 Mar 1 2004 "C:\Program Files\AT&T Network Client\bak\NetSP.exe"
364544 Sep 7 2007 "C:\Program Files\C4ebreg\c4ebreg.exe"
331776 Jul 18 2007 "C:\Program Files\C4ebreg\bak\c4ebreg.exe"
237568 Sep 7 2007 "C:\Program Files\C4ebreg\isamtray.exe"
237568 Jul 18 2007 "C:\Program Files\C4ebreg\bak\isamtray.exe"
268867 Jul 7 2005 "C:\Program Files\Infuzer\bak\Infuzer.exe"
267064 Sep 26 2007 "C:\Program Files\iTunes\iTunesHelper.exe1191370038"
267064 Sep 7 2007 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
102400 Sep 29 2007 "C:\WINDOWS\Installer\{B045B608-4A47-4C77-9EAD-06C394503306}\iTunesIco.exe"
116024 Sep 28 2007 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.4.3.1\iTunesSetupAdmin.exe"
87328 Sep 20 2007 "C:\Program Files\Quicken\bagent.exe"
87592 May 7 2007 "C:\Program Files\Quicken\bak\bagent.exe"
286720 Jun 29 2007 "C:\Program Files\QuickTime\bak\QTTask.exe"
15360 Aug 3 2004 "C:\WINDOWS\system32\ctfmon.exe"
8192 Dec 22 2005 "C:\i387\files\system\ctfmon.exe"
8192 Nov 11 2004 "C:\project2003std\FILES\SYSTEM\CTFMON.EXE"
15360 Aug 3 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
45056 Sep 17 2004 "C:\WINDOWS\system32\bak\VsClientFinder.exe"
925696 Aug 25 2006 "C:\pnp\003\SMAX4PNP.EXE"
925696 Aug 25 2006 "C:\Program Files\Analog Devices\Core\bak\smax4pnp.exe"
52896 Jul 19 2006 "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
52896 Jul 19 2006 "C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe"
52272 Jan 27 2007 "C:\Program Files\Google\googletoolbar3user.exe"
126136 Sep 22 2007 "C:\Program Files\Google\Google Updater\GoogleUpdater.exe"
583696 Nov 2 2006 "C:\Program Files\Common Files\Real\GToolbar\GoogleToolbarInstaller.exe"
138680 Sep 22 2007 "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
68856 Sep 22 2007 "C:\Program Files\Google\GoogleToolbarNotifier\bak\GoogleToolb arNotifier.exe"
126136 Sep 22 2007 "C:\Program Files\Google\Google Updater\2.2.969.23408\GoogleUpdaterRestartManager. exe"
6731312 Jun 11 2007 "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe"
6731312 Jun 11 2007 "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\bak\avgas.exe"
28672 Sep 6 2005 "C:\Program Files\IBM\Personal Communications\bak\tpam.exe"
88024 Aug 8 2007 "C:\Program Files\Lavasoft\Ad-Aware 2007\bak\AAWTray.exe"
160568 Sep 15 2007 "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe1191370030"
160568 Aug 18 2007 "C:\Program Files\Siber Systems\AI RoboForm\bak\RoboTaskBarIcon.exe"
125168 Sep 27 2006 "C:\Program Files\Symantec Client Security\Symantec AntiVirus\VPTray.exe"
125168 Sep 27 2006 "C:\Program Files\Symantec Client Security\Symantec AntiVirus\bak\VPTray.exe"
512000 Jul 5 2007 "C:\Drivers\WIN\UNAV\SynTPEnh.exe"
512000 Jul 5 2007 "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
512000 Aug 25 2006 "C:\wxpdrive\repos\77GU08WW\SYNTPENH.EXE"
512000 Jul 5 2007 "C:\Program Files\Synaptics\SynTP\bak\SynTPEnh.exe"
512000 Jul 5 2007 "C:\Program Files\Synaptics\SynTP\Media\SynTPEnh.exe"
110592 Jul 5 2007 "C:\Drivers\WIN\UNAV\SynTPLpr.exe"
110592 Jul 5 2007 "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
110592 Aug 25 2006 "C:\wxpdrive\repos\77GU08WW\SYNTPLPR.EXE"
110592 Jul 5 2007 "C:\Program Files\Synaptics\SynTP\bak\SynTPLpr.exe"
110592 Jul 5 2007 "C:\Program Files\Synaptics\SynTP\Media\SynTPLpr.exe"
409600 Apr 17 2006 "C:\Program Files\ThinkPad\ConnectUtilities\bak\ACTray.exe"
98304 Apr 17 2006 "C:\Program Files\ThinkPad\ConnectUtilities\bak\ACWLIcon.exe"
864256 Oct 28 2005 "C:\Program Files\ThinkPad\Utilities\bak\TpKmapAp.exe"
4670704 Aug 30 2007 "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"
4662776 Nov 30 2006 "C:\Program Files\Yahoo!\Messenger\bak\YahooMessenger.exe"
208952 Aug 3 2004 "C:\WINDOWS\ime\IMJP8_1\imjpmig.exe"
208952 Aug 3 2004 "C:\WINDOWS\ime\IMJP8_1\bak\IMJPMIG.EXE"
127035 Nov 15 2004 "C:\Program Files\IBM DLA\install\tfswctrl.exe"
127035 Nov 15 2004 "C:\WINDOWS\system32\dla\bak\tfswctrl.exe"
218032 Sep 11 2006 "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe"
218032 Sep 11 2006 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe"
185896 Nov 2 2006 "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
94208 Oct 2 2006 "C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe"
94208 May 10 2006 "C:\Program Files\Lenovo\PkgMgr\HOTKEY\bak\TPHKMGR.exe"
94208 Aug 25 2006 "C:\wxpdrive\repos\7AVU22WW\OSD\COMMON\TPHKMGR.EXE "
94208 Oct 2 2006 "C:\Drivers\W2K\Acconwin\HOTKEY\OSD\common\tphkmgr .exe"
455168 Aug 3 2004 "C:\WINDOWS\system32\IME\TINTLGNT\tintsetp.exe "
455168 Aug 3 2004 "C:\WINDOWS\system32\IME\TINTLGNT\bak\TINTSETP.EXE "
166648 Apr 23 2007 "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe"
228088 Mar 26 2007 "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\bak\RoxWatchTray9.exe"
3350 Nov 2 2007 "C:\Program Files\IBM\tivoli\dcd\client\ISSI\bak\cds\ISXuninst 1.bat.bak"


end of report
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #2 (permalink)  
Old 10-11-2007, 10:49 PM
Neal's Avatar
Senior Member
  
Join Date: Sep 2005
Posts: 5,524
Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!
Re: Zonebac?
Please double-click the FindAWF icon once again.

If a Security Alert shows, allow the program to run.
As instructed, press any key to continue.
Use the following option: Press 2 then Enter to restore files from bak folders

A text file opens called: files.txt
Copy and paste the following list of files from in the quote box to be restored:Not the word quote


Quote:
"C:\sdwork\bak\issimsvc.exe"
"C:\sdwork\bak\w32main2.exe"
"C:\sdwork\bak\w32main2.exe"
"C:\Program Files\AT&T Network Client\bak\NetSP.exe"
"C:\Program Files\C4ebreg\bak\c4ebreg.exe"
"C:\Program Files\C4ebreg\bak\isamtray.exe"
"C:\Program Files\Infuzer\bak\Infuzer.exe"
"C:\Program Files\iTunes\bak\iTunesHelper.exe"
"C:\Program Files\Quicken\bak\bagent.exe"
"C:\Program Files\QuickTime\bak\QTTask.exe"
"C:\WINDOWS\system32\bak\ctfmon.exe"
"C:\WINDOWS\system32\bak\VsClientFinder.exe"
"C:\Program Files\Analog Devices\Core\bak\smax4pnp.exe"
"C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe"
"C:\Program Files\Google\GoogleToolbarNotifier\bak\GoogleToolb arNotifier.exe"
6731312 Jun 11 2007 "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\bak\avgas.exe"
"C:\Program Files\IBM\Personal Communications\bak\tpam.exe"
"C:\Program Files\Lavasoft\Ad-Aware 2007\bak\AAWTray.exe"
"C:\Program Files\Siber Systems\AI RoboForm\bak\RoboTaskBarIcon.exe"
"C:\Program Files\Synaptics\SynTP\bak\SynTPEnh.exe"
"C:\Program Files\Synaptics\SynTP\bak\SynTPLpr.exe"
"C:\Program Files\ThinkPad\ConnectUtilities\bak\ACTray.exe"
"C:\Program Files\ThinkPad\ConnectUtilities\bak\ACWLIcon.exe"
"C:\Program Files\ThinkPad\Utilities\bak\TpKmapAp.exe"
"C:\Program Files\Yahoo!\Messenger\bak\YahooMessenger.exe"
"C:\WINDOWS\ime\IMJP8_1\bak\IMJPMIG.EXE"
"C:\WINDOWS\system32\dla\bak\tfswctrl.exe"
"C:\Program Files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe"
"C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
"C:\Program Files\Lenovo\PkgMgr\HOTKEY\bak\TPHKMGR.exe"
"C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\bak\RoxWatchTray9.exe"
"C:\Program Files\IBM\tivoli\dcd\client\ISSI\bak\cds\ISXuninst 1.bat.bak"

Next, close and click Yes to save the changes.

Once files.txt is saved, FindAWF does the following:
-It attempts to terminate the process represented by each filename on the list, if running
-Deletes the rogue file from the parent folder, if present
-Copies the original file to the parent folder

When done with the above, it automatically runs a new scan and opens a new log.
Please provide the new FindAWF log in your reply.
__________________
Stalking and killing Spyware

Have we helped you? Please consider a donation to help keep D-A-L free. Click on donate below



MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis Log __V2.0.2 _|



ASAP: promoting a high standard and quality of security support no matter where you seek help.

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #3 (permalink)  
Old 12-11-2007, 11:34 PM
Newbie
D-A-L Newbie
  
Join Date: Aug 2007
Posts: 14
ratnamg Is a beginner here at D-A-L
Re: Zonebac?
Find AWF report by noahdfear ©2006
Version 1.40
Option 2 run successfully

The current date is: Mon 11/12/2007
The current time is: 16:10:22.60


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\AT&TNE~1\BAK

03/01/2004 07:00 AM 8,704 NetSP.exe
1 File(s) 8,704 bytes

Directory of C:\PROGRA~1\C4EBREG\BAK

07/18/2007 01:55 PM 331,776 c4ebreg.exe
07/18/2007 01:55 PM 237,568 isamtray.exe
2 File(s) 569,344 bytes

Directory of C:\PROGRA~1\INFUZER\BAK

07/07/2005 04:49 PM 268,867 Infuzer.exe
1 File(s) 268,867 bytes

Directory of C:\PROGRA~1\ITUNES\BAK

09/07/2007 03:55 PM 267,064 iTunesHelper.exe
1 File(s) 267,064 bytes

Directory of C:\PROGRA~1\QUICKEN\BAK

05/07/2007 01:17 PM 87,592 bagent.exe
1 File(s) 87,592 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

06/29/2007 05:24 AM 286,720 QTTask.exe
1 File(s) 286,720 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

08/03/2004 11:00 PM 15,360 ctfmon.exe
09/17/2004 01:53 PM 45,056 VsClientFinder.exe
2 File(s) 60,416 bytes

Directory of C:\PROGRA~1\ANALOG~1\CORE\BAK

08/25/2006 05:46 AM 925,696 smax4pnp.exe
1 File(s) 925,696 bytes

Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\BAK

07/19/2006 06:26 PM 52,896 ccApp.exe
1 File(s) 52,896 bytes

Directory of C:\PROGRA~1\GOOGLE\GOOGLE~1\BAK

09/22/2007 09:30 AM 68,856 GoogleToolbarNotifier.exe
1 File(s) 68,856 bytes

Directory of C:\PROGRA~1\GRISOFT\AVGANT~1.5\BAK

06/11/2007 03:25 AM 6,731,312 avgas.exe
1 File(s) 6,731,312 bytes

Directory of C:\PROGRA~1\IBM\PERSON~1\BAK

09/06/2005 03:07 AM 28,672 tpam.exe
1 File(s) 28,672 bytes

Directory of C:\PROGRA~1\LAVASOFT\AD-AWA~2\BAK

08/08/2007 02:53 PM 88,024 AAWTray.exe
1 File(s) 88,024 bytes

Directory of C:\PROGRA~1\SIBERS~1\AIROBO~1\BAK

08/18/2007 10:22 AM 160,568 RoboTaskBarIcon.exe
1 File(s) 160,568 bytes

Directory of C:\PROGRA~1\SYMANT~2\SYMANT~2\BAK

09/27/2006 07:33 PM 125,168 VPTray.exe
1 File(s) 125,168 bytes

Directory of C:\PROGRA~1\SYNAPT~1\SYNTP\BAK

07/05/2007 06:07 PM 512,000 SynTPEnh.exe
07/05/2007 06:07 PM 110,592 SynTPLpr.exe
2 File(s) 622,592 bytes

Directory of C:\PROGRA~1\THINKPAD\CONNEC~1\BAK

04/17/2006 01:09 PM 409,600 ACTray.exe
04/17/2006 12:59 PM 98,304 ACWLIcon.exe
2 File(s) 507,904 bytes

Directory of C:\PROGRA~1\THINKPAD\UTILIT~1\BAK

10/28/2005 01:04 PM 864,256 TpKmapAp.exe
1 File(s) 864,256 bytes

Directory of C:\PROGRA~1\YAHOO!\MESSEN~1\BAK

11/30/2006 09:49 PM 4,662,776 YahooMessenger.exe
1 File(s) 4,662,776 bytes

Directory of C:\WINDOWS\IME\IMJP8_1\BAK

08/03/2004 11:00 PM 208,952 IMJPMIG.EXE
1 File(s) 208,952 bytes

Directory of C:\WINDOWS\SYSTEM32\DLA\BAK

11/15/2004 07:05 PM 127,035 tfswctrl.exe
1 File(s) 127,035 bytes

Directory of C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\BAK

09/11/2006 03:40 AM 218,032 ISUSPM.exe
1 File(s) 218,032 bytes

Directory of C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK

11/02/2006 02:37 PM 185,896 realsched.exe
1 File(s) 185,896 bytes

Directory of C:\PROGRA~1\LENOVO\PKGMGR\HOTKEY\BAK

05/10/2006 03:03 PM 94,208 TPHKMGR.exe
1 File(s) 94,208 bytes

Directory of C:\WINDOWS\SYSTEM32\IME\TINTLGNT\BAK

08/03/2004 11:00 PM 455,168 TINTSETP.EXE
1 File(s) 455,168 bytes

Directory of C:\PROGRA~1\COMMON~1\ROXIOS~1\9.0\SHARED~1\BAK

03/26/2007 06:07 AM 228,088 RoxWatchTray9.exe
1 File(s) 228,088 bytes

Directory of C:\PROGRA~1\IBM\TIVOLI\DCD\CLIENT\ISSI\BAK

0 File(s) 0 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

8704 Mar 1 2004 "C:\Program Files\AT&T Network Client\NetSP.exe"
8704 Mar 1 2004 "C:\Program Files\AT&T Network Client\bak\NetSP.exe"
331776 Jul 18 2007 "C:\Program Files\C4ebreg\c4ebreg.exe"
331776 Jul 18 2007 "C:\Program Files\C4ebreg\bak\c4ebreg.exe"
237568 Jul 18 2007 "C:\Program Files\C4ebreg\isamtray.exe"
237568 Jul 18 2007 "C:\Program Files\C4ebreg\bak\isamtray.exe"
268867 Jul 7 2005 "C:\Program Files\Infuzer\Infuzer.exe"
268867 Jul 7 2005 "C:\Program Files\Infuzer\bak\Infuzer.exe"
267064 Sep 26 2007 "C:\Program Files\iTunes\iTunesHelper.exe1191370038"
267064 Sep 7 2007 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
102400 Sep 29 2007 "C:\WINDOWS\Installer\{B045B608-4A47-4C77-9EAD-06C394503306}\iTunesIco.exe"
116024 Sep 28 2007 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.4.3.1\iTunesSetupAdmin.exe"
87592 May 7 2007 "C:\Program Files\Quicken\bagent.exe"
87592 May 7 2007 "C:\Program Files\Quicken\bak\bagent.exe"
286720 Jun 29 2007 "C:\Program Files\QuickTime\QTTask.exe"
286720 Jun 29 2007 "C:\Program Files\QuickTime\bak\QTTask.exe"
15360 Aug 3 2004 "C:\WINDOWS\system32\ctfmon.exe"
8192 Dec 22 2005 "C:\i387\files\system\ctfmon.exe"
8192 Nov 11 2004 "C:\project2003std\FILES\SYSTEM\CTFMON.EXE"
15360 Aug 3 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
45056 Sep 17 2004 "C:\WINDOWS\system32\VsClientFinder.exe"
45056 Sep 17 2004 "C:\WINDOWS\system32\bak\VsClientFinder.exe"
925696 Aug 25 2006 "C:\pnp\003\SMAX4PNP.EXE"
925696 Aug 25 2006 "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
925696 Aug 25 2006 "C:\Program Files\Analog Devices\Core\bak\smax4pnp.exe"
52896 Jul 19 2006 "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
52896 Jul 19 2006 "C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe"
52272 Jan 27 2007 "C:\Program Files\Google\googletoolbar3user.exe"
126136 Sep 22 2007 "C:\Program Files\Google\Google Updater\GoogleUpdater.exe"
583696 Nov 2 2006 "C:\Program Files\Common Files\Real\GToolbar\GoogleToolbarInstaller.exe"
138680 Sep 22 2007 "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
68856 Sep 22 2007 "C:\Program Files\Google\GoogleToolbarNotifier\bak\GoogleToolb arNotifier.exe"
126136 Sep 22 2007 "C:\Program Files\Google\Google Updater\2.2.969.23408\GoogleUpdaterRestartManager. exe"
6731312 Jun 11 2007 "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe"
6731312 Jun 11 2007 "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\bak\avgas.exe"
28672 Sep 6 2005 "C:\Program Files\IBM\Personal Communications\tpam.exe"
28672 Sep 6 2005 "C:\Program Files\IBM\Personal Communications\bak\tpam.exe"
88024 Aug 8 2007 "C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe"
88024 Aug 8 2007 "C:\Program Files\Lavasoft\Ad-Aware 2007\bak\AAWTray.exe"
160568 Sep 15 2007 "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe1191370030"
160568 Aug 18 2007 "C:\Program Files\Siber Systems\AI RoboForm\bak\RoboTaskBarIcon.exe"
125168 Sep 27 2006 "C:\Program Files\Symantec Client Security\Symantec AntiVirus\VPTray.exe"
125168 Sep 27 2006 "C:\Program Files\Symantec Client Security\Symantec AntiVirus\bak\VPTray.exe"
512000 Jul 5 2007 "C:\Drivers\WIN\UNAV\SynTPEnh.exe"
512000 Jul 5 2007 "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
512000 Aug 25 2006 "C:\wxpdrive\repos\77GU08WW\SYNTPENH.EXE"
512000 Jul 5 2007 "C:\Program Files\Synaptics\SynTP\bak\SynTPEnh.exe"
512000 Jul 5 2007 "C:\Program Files\Synaptics\SynTP\Media\SynTPEnh.exe"
110592 Jul 5 2007 "C:\Drivers\WIN\UNAV\SynTPLpr.exe"
110592 Jul 5 2007 "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
110592 Aug 25 2006 "C:\wxpdrive\repos\77GU08WW\SYNTPLPR.EXE"
110592 Jul 5 2007 "C:\Program Files\Synaptics\SynTP\bak\SynTPLpr.exe"
110592 Jul 5 2007 "C:\Program Files\Synaptics\SynTP\Media\SynTPLpr.exe"
409600 Apr 17 2006 "C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe"
409600 Apr 17 2006 "C:\Program Files\ThinkPad\ConnectUtilities\bak\ACTray.exe"
98304 Apr 17 2006 "C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe"
98304 Apr 17 2006 "C:\Program Files\ThinkPad\ConnectUtilities\bak\ACWLIcon.exe"
864256 Oct 28 2005 "C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe"
864256 Oct 28 2005 "C:\Program Files\ThinkPad\Utilities\bak\TpKmapAp.exe"
4662776 Nov 30 2006 "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"
4662776 Nov 30 2006 "C:\Program Files\Yahoo!\Messenger\bak\YahooMessenger.exe"
208952 Aug 3 2004 "C:\WINDOWS\ime\IMJP8_1\IMJPMIG.EXE"
208952 Aug 3 2004 "C:\WINDOWS\ime\IMJP8_1\bak\IMJPMIG.EXE"
127035 Nov 15 2004 "C:\Program Files\IBM DLA\install\tfswctrl.exe"
127035 Nov 15 2004 "C:\WINDOWS\system32\dla\tfswctrl.exe"
127035 Nov 15 2004 "C:\WINDOWS\system32\dla\bak\tfswctrl.exe"
218032 Sep 11 2006 "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe"
218032 Sep 11 2006 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe"
185896 Nov 2 2006 "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
185896 Nov 2 2006 "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
94208 May 10 2006 "C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe"
94208 May 10 2006 "C:\Program Files\Lenovo\PkgMgr\HOTKEY\bak\TPHKMGR.exe"
94208 Aug 25 2006 "C:\wxpdrive\repos\7AVU22WW\OSD\COMMON\TPHKMGR.EXE "
94208 Oct 2 2006 "C:\Drivers\W2K\Acconwin\HOTKEY\OSD\common\tphkmgr .exe"
455168 Aug 3 2004 "C:\WINDOWS\system32\IME\TINTLGNT\tintsetp.exe "
455168 Aug 3 2004 "C:\WINDOWS\system32\IME\TINTLGNT\bak\TINTSETP.EXE "
166648 Apr 23 2007 "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe"
228088 Mar 26 2007 "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\bak\RoxWatchTray9.exe"
3350 Nov 2 2007 "C:\Program Files\IBM\tivoli\dcd\client\ISSI\bak\cds\ISXuninst 1.bat.bak"


end of report
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #4 (permalink)  
Old 13-11-2007, 12:50 AM
Neal's Avatar
Senior Member
  
Join Date: Sep 2005
Posts: 5,524
Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!
Re: Zonebac?
Please double-click the FindAWF icon once again
This time we are going to remove some folders.

If a Security Alert shows, allow the program to run.
As instructed, press any key to continue.
Use the following option: Press 3 then Enter to remove bak folders

A text file opens called: folders.txt
Click below the line and paste the following list of folders in the quote box to be removed:Not the word quote


Quote:
C:\Program Files\AT&T Network Client\bak
C:\Program Files\C4ebreg\bak
C:\Program Files\C4ebreg\bak
C:\Program Files\Infuzer\bak
C:\Program Files\iTunes\bak
C:\Program Files\Quicken\bak
C:\Program Files\QuickTime\bak
C:\WINDOWS\system32\bak
C:\WINDOWS\system32\bak
C:\Program Files\Analog Devices\Core\bak
C:\Program Files\Common Files\Symantec Shared\bak
C:\Program Files\Google\GoogleToolbarNotifier\bak
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\bak
C:\Program Files\IBM\Personal Communications\bak
C:\Program Files\Lavasoft\Ad-Aware 2007\bak
C:\Program Files\Siber Systems\AI RoboForm\bak
C:\Program Files\Symantec Client Security\Symantec AntiVirus\bak
C:\Program Files\Synaptics\SynTP\bak
C:\Program Files\ThinkPad\ConnectUtilities\bak
C:\Program Files\ThinkPad\ConnectUtilities\bak
C:\Program Files\ThinkPad\Utilities\bak
C:\Program Files\Yahoo!\Messenger\bak
C:\WINDOWS\ime\IMJP8_1\bak
C:\WINDOWS\system32\dla\bak
C:\Program Files\Common Files\InstallShield\UpdateService\bak
C:\Program Files\Common Files\Real\Update_OB\bak
C:\Program Files\Lenovo\PkgMgr\HOTKEY\bak
C:\WINDOWS\system32\IME\TINTLGNT\bak
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\bak


Next, close and click Yes to save the changes.

When done with the above, FindAWF automatically runs a new scan and opens a new log that you need to post.
Please provide the new FindAWF log in your reply
__________________
Stalking and killing Spyware

Have we helped you? Please consider a donation to help keep D-A-L free. Click on donate below



MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis Log __V2.0.2 _|



ASAP: promoting a high standard and quality of security support no matter where you seek help.

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #5 (permalink)  
Old 13-11-2007, 02:10 AM
Newbie
D-A-L Newbie
  
Join Date: Aug 2007
Posts: 14
ratnamg Is a beginner here at D-A-L
Re: Zonebac?
Here is the latest file


Find AWF report by noahdfear ©2006
Version 1.40
Option 3 run successfully

The current date is: Mon 11/12/2007
The current time is: 19:06:43.43


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\AT&TNE~1\BAK

03/01/2004 07:00 AM 8,704 NetSP.exe
1 File(s) 8,704 bytes

Directory of C:\PROGRA~1\IBM\TIVOLI\DCD\CLIENT\ISSI\BAK

0 File(s) 0 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

8704 Mar 1 2004 "C:\Program Files\AT&T Network Client\NetSP.exe"
8704 Mar 1 2004 "C:\Program Files\AT&T Network Client\bak\NetSP.exe"
3350 Nov 2 2007 "C:\Program Files\IBM\tivoli\dcd\client\ISSI\bak\cds\ISXuninst 1.bat.bak"


end of report
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #6 (permalink)  
Old 13-11-2007, 09:17 PM
Neal's Avatar
Senior Member
  
Join Date: Sep 2005
Posts: 5,524
Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!
Re: Zonebac?
Find this folder in bold below thru search function on your computer and if it is empty delete the folder if not empty let me know what file is in there please.


C:\Program Files\AT&T Network Client\bak
__________________
Stalking and killing Spyware

Have we helped you? Please consider a donation to help keep D-A-L free. Click on donate below



MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis Log __V2.0.2 _|



ASAP: promoting a high standard and quality of security support no matter where you seek help.

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #7 (permalink)  
Old 14-11-2007, 02:52 AM
Newbie
D-A-L Newbie
  
Join Date: Aug 2007
Posts: 14
ratnamg Is a beginner here at D-A-L
Re: Zonebac?
It wasnt empty. It had a file called NetSP.exe.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #8 (permalink)  
Old 14-11-2007, 07:04 AM
Neal's Avatar
Senior Member
  
Join Date: Sep 2005
Posts: 5,524
Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!
Re: Zonebac?
that is fine.


Double-click the FindAWF icon once again.
Use the following option: Press 4 then Enter to reset domain zones.

When the program returns to the main menu, use the following option:
Press E then Enter to EXIT


New hijackthis log please.
__________________
Stalking and killing Spyware

Have we helped you? Please consider a donation to help keep D-A-L free. Click on donate below



MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis Log __V2.0.2 _|



ASAP: promoting a high standard and quality of security support no matter where you seek help.

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #9 (permalink)  
Old 16-11-2007, 06:09 AM
Newbie
D-A-L Newbie
  
Join Date: Aug 2007
Posts: 14
ratnamg Is a beginner here at D-A-L
Re: Zonebac?
Here is the latest HJT Log


Logfile of HijackThis v1.99.1
Scan saved at 11:07:38 PM, on 11/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\GtDetectSc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~2\SYMANT~2\VPTray.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\C4ebreg\isamtray.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.EXE
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\NPDTray.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\system32\Drivers\trcboot.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\notes\framework\shared\eclipse\plugins\com.ibm. productivity.tools.base.app.win32_3.0.0.20070725-1652\soffice.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IBM\Infoprint Select\ipnotify.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\Program Files\IBM\tivoli\dcd\client\ISSI\cds\CDSWinSrv.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\rpcnet.exe
C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
c:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\vnxserv.exe
C:\WINDOWS\wrtService.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\WINDOWS\system32\Drivers\ldlcserv.exe
C:\Program Files\IBM\tivoli\dcd\client\ISSI\_jvm\jre\bin\java .exe
C:\Program Files\C4ebreg\c4ebreg.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\Installed Programs\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://w3.ibm.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://w3.ibm.com/download/standardsoftware/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = www-blv-proxy.boeing.com:31060
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: VIPTToolbarManager Class - {1A2641AE-2C42-4C51-A05F-8ECEC3FDC94D} - C:\Program Files\Visual IP Trace\VisualIPTraceIE.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\IBM\Java50\jre\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\sw g.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Visual IP Trace - {E70C26AE-DFF1-40A8-8D37-19180F56F0AA} - C:\Program Files\Visual IP Trace\VisualIPTraceIE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [stgclean] c:\sdwork\w32main2.exe /cleanup
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrB kGndMonitor
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ISSI EZUpdate Service] "c:\sdwork\issimsvc.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBa ttLog
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [C4EBReg] "C:\Program Files\C4ebreg\c4ebreg.exe" /q
O4 - HKLM\..\Run: [Isamtray] "C:\Program Files\C4ebreg\isamtray.exe"
O4 - HKLM\..\Run: [TPTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [NPDTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1\NPDTray.exe
O4 - HKLM\..\RunServices: [ISSI EZUpdate Service] "c:\sdwork\issimsvc.exe"
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SODCPreLoad] C:\notes\framework\shared\eclipse\plugins\com.ibm. productivity.tools.base.app.win32_3.0.0.20070725-1652\preload.exe C:\notes\data\workspace\.sodc\
O4 - HKCU\..\Run: [NetSP - restore settings on power failure] "C:\Program Files\AT&T Network Client\NetSP.exe" -show
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Infoprint Select Notification.lnk = C:\Program Files\IBM\Infoprint Select\ipnotify.exe
O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O11 - Options group: [INTERNATIONAL] International*
O11 - Options group: [JAVA_IBM] Java (IBM)
O14 - IERESET.INF: START_PAGE_URL=http://w3.ibm.com
O16 - DPF: {00191E43-49C2-48E2-A548-8F702D75622A} - https://conference.oracle.com/imtapp...ar/cnsload.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1ACECAFE-0015-0000-0000-ABCDEFFEDCBA} (Java2 Runtime Environment 1.5.0) - http://
O16 - DPF: {253A9D23-F982-11D4-8BE4-00D0B7E61414} (SiebelHTMLApplication Class) - https://w3-113.ibm.com/transform/crm...siebelhtml.cab
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) - http://moneycentral.msn.com/cabs/pmupd806.exe
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {4788DE0A-3552-49EA-AC8C-233DA52523B9} (AxLoaderPassword Class) - http://www.blackberry.com/devicesoftware/AxLoader.cab
O16 - DPF: {68CDB19A-6305-4589-8C35-41E3502CD451} (Siebel Option Pack for IE 7.5.3) - https://w3-113.ibm.com/transform/crm...OptionPack.cab
O16 - DPF: {84B74E82-3475-420E-9949-773B4FB91771} (IBM Tivoli Provisioning Manager Express Information Gatherer) - https://d02ntcl02.ibm.com/objects/NotesGatherer.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java2 Runtime Environment 1.5.0) - http://
O16 - DPF: {8F4F3368-54CA-4268-8225-0F4367472CF4} (MailClient Class) - https://w3-113.ibm.com/transform/crm...MailClient.cab
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} (SopCore Control) - http://download.sopcast.com/download/SOPCORE.CAB
O16 - DPF: {9519B2A2-6592-4E41-8290-D0298459270C} (LNWebAssist Class) - http://w3.ibm.com/bluepages/scripts/lnwebassist.cab
O16 - DPF: {A4B28810-11A2-4956-82D1-B2DCBA4B2AFD} (gpwsx.plugin) - http://w3-3.ibm.com/tools/print/plugin/gpwsx.cab
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} (Java2 Runtime Environment 1.5.0) - http://
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0) - http://
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://boeing.webex.com/client/v_my...ex/ieatgpc.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://sslvpn.boeing.com/dana-cache...erSetupSP1.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{884EB2AF-EA97-471A-AD30-D8B7E76CFAEA}: Domain = ibm.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{884EB2AF-EA97-471A-AD30-D8B7E76CFAEA}: NameServer = 9.0.8.1,9.0.9.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{8DBFDAD0-E09A-48DA-9351-E67327B496F1}: NameServer = 129.172.51.40,130.42.5.12
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ibm.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = ibm.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ibm.com
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: atmgrtok - atmgrtok.dll (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: pcsinst - C:\WINDOWS\SYSTEM32\pcsinst.dll
O20 - Winlogon Notify: tpfnf2 - C:\WINDOWS\SYSTEM32\notifyf2.dll
O20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Atheros Configuration Service (acs) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AppnNode - IBM Corporation - C:\WINDOWS\system32\Drivers\appnnode.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Visualware CallerIP (CallerIP) - Unknown owner - C:\Program Files\CallerIP\cip-nt.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: IBM DCD Standard Client (DCDClient-ISSI) (DCDClient-ISSI) - Unknown owner - C:\Program Files\IBM\tivoli\dcd\client\ISSI\cds\CDSWinSrv.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Contivity VPN Service (ExtranetAccess) - Nortel Networks NA, Inc. - C:\Program Files\Nortel Networks\Extranet_serv.exe
O23 - Service: GT Detect (GtDetectSc) - OptionNV - C:\WINDOWS\system32\GtDetectSc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: IBM Standard Asset Manager Service (ISAMSvc) - IBM Global Services - C:\Program Files\C4ebreg\c4ebreg.exe
O23 - Service: ISSI EZUpdate (ISSIMon) - Unknown owner - c:\sdwork\issimsvc.exe (file missing)
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: IBM Enterprise Extender (ldlcserv) - IBM Corporation - C:\WINDOWS\system32\Drivers\ldlcserv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\WINDOWS\system32\rpcnet.exe
O23 - Service: SAVRoam (SavRoam) - symantec - c:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: IBM Trace Facility (TrcBoot) - IBM Corporation - C:\WINDOWS\system32\Drivers\trcboot.exe
O23 - Service: Vsclient Service (VnxService) - Unknown owner - C:\WINDOWS\system32\vnxserv.exe
O23 - Service: WRT Service (WRTService) - Unknown owner - C:\WINDOWS\wrtService.exe
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #10 (permalink)  
Old 16-11-2007, 09:17 PM
Neal's Avatar
Senior Member
  
Join Date: Sep 2005
Posts: 5,524
Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!
Re: Zonebac?
Do you know what this service is:

O23 - Service: WRT Service (WRTService) - Unknown owner - C:\WINDOWS\wrtService.exe




Run hijackthis and click on "scan system only" button and put checks next to these:


R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

optional fixes if you did not set them yourself below in red

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present




Everything closed out but hijackthis and click on "fix checked"


Reboot your PC


Let me know about that service and how things are doing now.
__________________
Stalking and killing Spyware

Have we helped you? Please consider a donation to help keep D-A-L free. Click on donate below



MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis Log __V2.0.2 _|



ASAP: promoting a high standard and quality of security support no matter where you seek help.

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools

Forum Jump


All times are GMT +1. The time now is 06:47 PM.
Member Login
Remember me ?
Forgot password?
Ads

Want to Advertise? Click Here
Help Categories
Desktop / Server Apps
Drivers
Firewalls and Networks
Games
General Internet Issues
Hardware
Linux
MAC OS
Modding / Overclocking
Search Engines
Spyware and Security
Web Development
Windows 2000
Windows 7
Windows 98
Windows ME
Windows Vista
Windows XP

Computer Repair Companies
Bottom Corner Bottom Nav