help...zonebac.gen!F virus

Computing.Net > Forums > Security and Virus > help...zonebac.gen!F virus

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

help...zonebac.gen!F virus

Name: davidmarc
Date: March 12, 2008 at 05:53:02 Pacific
OS: Windows XP Media Center E
CPU/Ram: Pentium D CPU 3.00 GHz 2.
Product: Dell XPS 600

Comment:

Hello...Microsoft alerted me that I had the backdoor:Win32/Zonebac.gen!F virus. I have seen other people post regarding this virus, so i installed and ran HijackThis and FindAWF as per your recommendation. I will gladly post the logs upon your request....i was told not to post it unless asked...
please help me get rid of this...its incredibly frustrating and has plagued my computer for a few weeks. I'm just finding out that its this virus. (obviously my virus blocker didn't work! not happy about that)
thank you very much...please tell me how to proceed.... -davidmarc
davidmarc

Sponsored Link

Ads by Google

Response Number 1

Name: jabuck
Date: March 12, 2008 at 14:29:45 Pacific

Reply:

Please post you logs in this order Hijack This and FindAWF.

Response Number 2

Name: davidmarc
Date: March 12, 2008 at 15:13:29 Pacific

Reply:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:26:41 AM, on 3/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\CTHELPER.exe
C:\WINDOWS\system32\CTXFIHLP.exe
C:\WINDOWS\ehome\bak\ehtray.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.exe
C:\Program Files\Common Files\AOL\1145345421\ee\AOLSoftware.exe
C:\Program Files\PC Tools AntiVirus\PCTAV.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\blp\API\OFFICE~1\Bloomberg.UIServer.exe
C:\blp\API\OFFICE~1\Bloomberg.RtdServer.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\eHome\ehmsas.exe
c:\program files\aol\aim toolbar 5.0\AolTbServer.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Common Files\AOL\1145345421\ee\AOLDesktop.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O2 - BHO: IE - {D83A7B12-A4D4-4984-8F72-D41C6B4C1E6E} - C:\Program Files\eSoftware\studio.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTHelper] CTHELPER.exe
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.exe"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1145345421\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [StatusClient 2.6] C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [CLRHost] C:\blp\API\OFFICE~1\bbxlcmd.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - Startup: AOL Desktop.lnk = C:\Program Files\Common Files\AOL\Launch\aollaunch.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://bba.bloomberg.net/Citrix/ICAWEB/en/ica32/wficat.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10204 bytes
davidmarc

Response Number 3

Name: davidmarc
Date: March 12, 2008 at 15:14:35 Pacific

Reply:

Find AWF report by noahdfear ©2006
Version 1.40

The current date is: Wed 03/12/2008
The current time is: 8:30:37.12

bak folders found
~~~~~~~~~~~

Directory of C:\WINDOWS\BAK

05/11/2000 02:00 AM 90,112 UpdReg.exe
1 File(s) 90,112 bytes

Directory of C:\PROGRA~1\AIM6\BAK

09/29/2007 04:22 PM 50,528 aim6.exe
1 File(s) 50,528 bytes

Directory of C:\PROGRA~1\ITUNES\BAK

01/15/2008 04:22 AM 267,048 iTunesHelper.exe
1 File(s) 267,048 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

01/10/2008 04:27 PM 385,024 qttask.exe
1 File(s) 385,024 bytes

Directory of C:\WINDOWS\EHOME\BAK

09/29/2005 03:01 PM 67,584 ehtray.exe
1 File(s) 67,584 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

08/10/2004 06:00 AM 15,360 ctfmon.exe
07/22/2005 05:02 PM 126,464 nvraidservice.exe
2 File(s) 141,824 bytes

Directory of C:\BLP\API\OFFICE~1\BAK

12/14/2007 06:01 PM 102,400 bbxlcmd.exe
1 File(s) 102,400 bytes

Directory of C:\PROGRA~1\DELL\MEDIAE~1\BAK

10/05/2005 04:12 AM 94,208 DMXLauncher.exe
1 File(s) 94,208 bytes

Directory of C:\PROGRA~1\GOOGLE\GOOGLE~1\BAK

04/12/2006 07:04 PM 169,472 GoogleDesktop.exe
1 File(s) 169,472 bytes

Directory of C:\PROGRA~1\GOOGLE\GOOGLE~2\BAK

07/10/2007 12:23 PM 68,856 GoogleToolbarNotifier.exe
1 File(s) 68,856 bytes

Directory of C:\PROGRA~1\HEWLET~1\HPSOFT~1\BAK

02/16/2005 11:11 PM 49,152 HPWuSchd2.exe
1 File(s) 49,152 bytes

Directory of C:\PROGRA~1\HEWLET~1\TOOLBOX\BAK

05/20/2004 12:40 PM 188,416 hpbpsttp.exe
1 File(s) 188,416 bytes

Directory of C:\PROGRA~1\TRENDM~1\INTERN~1\BAK

08/30/2005 05:47 PM 823,362 pccguide.exe
1 File(s) 823,362 bytes

Directory of C:\WINDOWS\SYSTEM32\DLA\BAK

09/08/2005 06:20 AM 122,940 DLACTRLW.exe
1 File(s) 122,940 bytes

Directory of C:\PROGRA~1\COMMON~1\AOL\IPHSEND\BAK

02/17/2006 12:59 PM 124,520 IPHSend.exe
1 File(s) 124,520 bytes

Directory of C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\BAK

09/11/2006 05:40 AM 86,960 issch.exe
09/11/2006 05:40 AM 218,032 ISUSPM.exe
2 File(s) 304,992 bytes

Directory of C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK

02/22/2007 12:36 PM 185,896 realsched.exe
1 File(s) 185,896 bytes

Directory of C:\PROGRA~1\CREATIVE\SOUNDB~1\DVDAUDIO\BAK

06/18/2003 02:00 AM 45,056 CTDVDDET.exe
1 File(s) 45,056 bytes

Directory of C:\PROGRA~1\CREATIVE\SOUNDB~1\VOLUME~1\BAK

10/14/2005 12:01 PM 122,880 VolPanel.exe
1 File(s) 122,880 bytes

Directory of C:\PROGRA~1\HEWLET~1\TOOLBOX\STATUS~1\BAK

02/27/2004 01:29 PM 61,440 StatusClient.exe
1 File(s) 61,440 bytes

Directory of C:\PROGRA~1\JAVA\JRE16~1.0_0\BIN\BAK

09/25/2007 01:11 AM 132,496 jusched.exe
1 File(s) 132,496 bytes

Directory of C:\PROGRA~1\TRENDM~1\INTERN~1\TMAS_OE\BAK

04/11/2006 07:39 PM 176,201 TMAS_OEMon.exe
1 File(s) 176,201 bytes

Directory of C:\PROGRA~1\COMMON~1\AOL\114534~1\EE\BAK

05/09/2006 08:24 PM 50,760 AOLSoftware.exe
1 File(s) 50,760 bytes

Directory of C:\PROGRA~1\COMMON~1\ROXIOS~1\9.0\SHARED~1\BAK

03/26/2007 08:07 AM 228,088 RoxWatchTray9.exe
1 File(s) 228,088 bytes

Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

14348 Feb 23 2008 "C:\WINDOWS\UpdReg.exe"
90112 May 11 2000 "C:\WINDOWS\bak\UpdReg.exe"
50528 Jan 3 2008 "C:\Program Files\AIM6\aim6.exe"
50528 Sep 29 2007 "C:\Program Files\AIM6\bak\aim6.exe"
50528 Dec 7 2007 "C:\Program Files\Common Files\AOL\1145345421\ee\aim6.exe"
267048 Feb 19 2008 "C:\Program Files\iTunes\iTunesHelper.exe"
267048 Jan 15 2008 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
102400 Mar 11 2008 "C:\WINDOWS\Installer\{80FD852F-5AAC-4129-B931-06AAFFA43138}\iTunesIco.exe"
75048 Mar 11 2008 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.6.1.9\iTunesSetupAdmin.exe"
116024 Sep 10 2007 "C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\AFG527SB\iTunesSetupAdmin[1].exe"
79144 Jan 23 2008 "C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\AVE1ONQ1\iTunesSetupAdmin[1].exe"
116008 Nov 7 2007 "C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ONSR6ZWL\iTunesSetupAdmin[1].exe"
75048 Mar 11 2008 "C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\Y18H6F2F\iTunesSetupAdmin[1].exe"
385024 Jan 31 2008 "C:\Program Files\QuickTime\QTTask.exe"
385024 Jan 10 2008 "C:\Program Files\QuickTime\bak\qttask.exe"
59392 Aug 10 2004 "C:\WINDOWS\$NtUninstallKB900325$\ehtray.exe"
64512 Aug 5 2005 "C:\WINDOWS\$NtUninstallKB908246$\ehtray.exe"
14348 Feb 23 2008 "C:\WINDOWS\ehome\ehtray.exe"
67584 Sep 29 2005 "C:\WINDOWS\ehome\bak\ehtray.exe"
15360 Aug 10 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 Aug 10 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
283136 Jul 22 2005 "C:\WINDOWS\system32\NvRaidMan.exe"
126464 Jul 22 2005 "C:\WINDOWS\system32\bak\nvraidservice.exe"
102400 Feb 27 2008 "C:\blp\API\Office Tools\bbxlcmd.exe"
102400 Feb 27 2008 "C:\blp\Wintrv\ttlsupd\bbxlcmd.exe"
102400 Dec 14 2007 "C:\blp\API\Office Tools\bak\bbxlcmd.exe"
14348 Feb 23 2008 "C:\Program Files\Dell\Media Experience\DMXLauncher.exe"
94208 Oct 5 2005 "C:\Program Files\Dell\Media Experience\bak\DMXLauncher.exe"
52272 Feb 5 2007 "C:\Program Files\Google\googletoolbar4user.exe"
1476152 Feb 22 2006 "C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe"
14348 Feb 23 2008 "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
1145896 Jan 29 2007 "C:\Program Files\Rhapsody\google_bar\GoogleToolbarInstaller_en.exe"
1145896 Feb 22 2007 "C:\Program Files\Common Files\Real\GToolbar\GoogleToolbarInstaller.exe"
138168 Feb 5 2007 "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
169472 Apr 12 2006 "C:\Program Files\Google\Google Desktop Search\bak\GoogleDesktop.exe"
68856 Jul 10 2007 "C:\Program Files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe"
52272 Feb 5 2007 "C:\Program Files\Google\googletoolbar4user.exe"
1476152 Feb 22 2006 "C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe"
14348 Feb 23 2008 "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
1145896 Jan 29 2007 "C:\Program Files\Rhapsody\google_bar\GoogleToolbarInstaller_en.exe"
1145896 Feb 22 2007 "C:\Program Files\Common Files\Real\GToolbar\GoogleToolbarInstaller.exe"
138168 Feb 5 2007 "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
169472 Apr 12 2006 "C:\Program Files\Google\Google Desktop Search\bak\GoogleDesktop.exe"
68856 Jul 10 2007 "C:\Program Files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe"
14348 Feb 23 2008 "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
49152 Feb 16 2005 "C:\Program Files\Hewlett-Packard\HP Software Update\bak\HPWuSchd2.exe"
14348 Feb 23 2008 "C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe"
40960 Jul 17 2003 "C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe"
188416 May 20 2004 "C:\Program Files\Hewlett-Packard\Toolbox\bak\hpbpsttp.exe"
823362 Aug 30 2005 "C:\Program Files\Trend Micro\Internet Security 12\bak\pccguide.exe"
14348 Feb 23 2008 "C:\WINDOWS\system32\DLA\DLACTRLW.exe"
122940 Sep 8 2005 "C:\Program Files\Roxio\DLA\install\dlactrlw.exe"
122940 Sep 8 2005 "C:\WINDOWS\system32\DLA\bak\DLACTRLW.exe"
14860 Feb 5 2008 "C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe"
124520 Feb 17 2006 "C:\Program Files\Common Files\AOL\IPHSend\bak\IPHSend.exe"
86960 Sep 11 2006 "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe"
86960 Sep 11 2006 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\issch.exe"
218032 Sep 11 2006 "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe"
218032 Sep 11 2006 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe"
14348 Feb 23 2008 "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
185896 Feb 22 2007 "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
14348 Feb 23 2008 "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.exe"
45056 Jun 18 2003 "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\bak\CTDVDDET.exe"
14348 Feb 23 2008 "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe"
122880 Oct 14 2005 "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\bak\VolPanel.exe"
14348 Feb 23 2008 "C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe"
61440 Feb 27 2004 "C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\bak\StatusClient.exe"
40960 Jul 17 2003 "C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe"
32881 Nov 19 2003 "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe"
49263 Nov 9 2006 "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
36975 Nov 10 2005 "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
14348 Feb 23 2008 "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
36975 Jul 31 2006 "C:\Program Files\neovest43\jre\bin\jusched.exe"
36975 Nov 1 2006 "C:\Program Files\neovest44\jre\bin\jusched.exe"
132496 Sep 25 2007 "C:\Program Files\Java\jre1.6.0_03\bin\bak\jusched.exe"
176201 Apr 11 2006 "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\bak\TMAS_OEMon.exe"
42032 May 25 2007 "C:\Program Files\AIM6\aolsoftware.exe"
50760 Nov 12 2007 "C:\Program Files\AOL\RC\EE\aolsoftware.exe"
42032 Apr 12 2007 "C:\Program Files\Common Files\AOL\CCU\aolsoftware.exe"
41824 Oct 8 2007 "C:\Program Files\Common Files\AOL\1145345421\ee\AOLSoftware.exe4266563280"
50760 May 9 2006 "C:\Program Files\Common Files\AOL\1145345421\ee\bak\AOLSoftware.exe"
166648 Mar 26 2007 "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe"
228088 Mar 26 2007 "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\bak\RoxWatchTray9.exe"

end of report
davidmarc

Response Number 4

Name: davidmarc
Date: March 12, 2008 at 15:15:27 Pacific

Reply:

posted...thanks very much for your assistance
davidmarc

Response Number 5

Name: jabuck
Date: March 12, 2008 at 15:52:47 Pacific

Reply:

Go to start> run> type in notepad then press ok> click format> uncheck wordwrap> exit notepad.
Double-click the FindAWF icon once again
If a Security Alert shows, allow the program to run.
As instructed, press any key to continue.
Use the following option:
Press 2 then Enter to restore files from bak folders
A text file opens called: files.txt
Copy/paste the following list of bolded files to be restored:

"C:\WINDOWS\bak\UpdReg.exe"
"C:\Program Files\AIM6\bak\aim6.exe"
"C:\Program Files\iTunes\bak\iTunesHelper.exe"
"C:\Program Files\QuickTime\bak\qttask.exe"
"C:\WINDOWS\ehome\bak\ehtray.exe"
"C:\WINDOWS\system32\bak\ctfmon.exe"
"C:\WINDOWS\system32\bak\nvraidservice.exe"
"C:\blp\API\Office Tools\bak\bbxlcmd.exe"
"C:\Program Files\Dell\Media Experience\bak\DMXLauncher.exe"
"C:\Program Files\Google\Google Desktop Search\bak\GoogleDesktop.exe"
"C:\Program Files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe"
"C:\Program Files\Google\Google Desktop Search\bak\GoogleDesktop.exe"
"C:\Program Files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe"
"C:\Program Files\Hewlett-Packard\HP Software Update\bak\HPWuSchd2.exe"
"C:\Program Files\Hewlett-Packard\Toolbox\bak\hpbpsttp.exe"
"C:\Program Files\Trend Micro\Internet Security 12\bak\pccguide.exe"
"C:\WINDOWS\system32\DLA\bak\DLACTRLW.exe"
"C:\Program Files\Common Files\AOL\IPHSend\bak\IPHSend.exe"
"C:\Program Files\Common Files\InstallShield\UpdateService\bak\issch.exe"
"C:\Program Files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe"
"C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
"C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\bak\CTDVDDET.exe"
"C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\bak\VolPanel.exe"
"C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\bak\StatusClient.exe"
"C:\Program Files\Java\jre1.6.0_03\bin\bak\jusched.exe"
"C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\bak\TMAS_OEMon.exe"
"C:\Program Files\Common Files\AOL\1145345421\ee\bak\AOLSoftware.exe"
"C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\bak\RoxWatchTray9.exe"

Next, close and click Yes to save the changes.
Once files.txt is saved, FindAWF does the following:
-It attempts to terminate the process represented by each filename on the list, if running
-Deletes the rogue file from the parent folder, if present
-Copies the original file to the parent folder
When done with the above, it automatically runs a new scan and opens a new log.
Please provide the new FindAWF log in your reply.

virus zonebac w32 zonebac gen f W32.Netsky.gen@mm virus removal tool	help i have a virus avast detected Win32 Trojan-Gen in virus chest help for system shutdown virus
See More

Response Number 6

Name: davidmarc
Date: March 12, 2008 at 16:06:42 Pacific

Reply:

Find AWF report by noahdfear ©2006
Version 1.40
Option 2 run successfully
The current date is: Wed 03/12/2008
The current time is: 19:01:38.35

bak folders found
~~~~~~~~~~~

Directory of C:\WINDOWS\BAK
05/11/2000 02:00 AM 90,112 UpdReg.exe
1 File(s) 90,112 bytes
Directory of C:\PROGRA~1\AIM6\BAK
09/29/2007 04:22 PM 50,528 aim6.exe
1 File(s) 50,528 bytes
Directory of C:\PROGRA~1\ITUNES\BAK
01/15/2008 04:22 AM 267,048 iTunesHelper.exe
1 File(s) 267,048 bytes
Directory of C:\PROGRA~1\QUICKT~1\BAK
01/10/2008 04:27 PM 385,024 qttask.exe
1 File(s) 385,024 bytes
Directory of C:\WINDOWS\EHOME\BAK
09/29/2005 03:01 PM 67,584 ehtray.exe
1 File(s) 67,584 bytes
Directory of C:\WINDOWS\SYSTEM32\BAK
08/10/2004 06:00 AM 15,360 ctfmon.exe
07/22/2005 05:02 PM 126,464 nvraidservice.exe
2 File(s) 141,824 bytes
Directory of C:\BLP\API\OFFICE~1\BAK
12/14/2007 06:01 PM 102,400 bbxlcmd.exe
1 File(s) 102,400 bytes
Directory of C:\PROGRA~1\DELL\MEDIAE~1\BAK
10/05/2005 04:12 AM 94,208 DMXLauncher.exe
1 File(s) 94,208 bytes
Directory of C:\PROGRA~1\GOOGLE\GOOGLE~1\BAK
04/12/2006 07:04 PM 169,472 GoogleDesktop.exe
1 File(s) 169,472 bytes
Directory of C:\PROGRA~1\GOOGLE\GOOGLE~2\BAK
07/10/2007 12:23 PM 68,856 GoogleToolbarNotifier.exe
1 File(s) 68,856 bytes
Directory of C:\PROGRA~1\HEWLET~1\HPSOFT~1\BAK
02/16/2005 11:11 PM 49,152 HPWuSchd2.exe
1 File(s) 49,152 bytes
Directory of C:\PROGRA~1\HEWLET~1\TOOLBOX\BAK
05/20/2004 12:40 PM 188,416 hpbpsttp.exe
1 File(s) 188,416 bytes
Directory of C:\PROGRA~1\TRENDM~1\INTERN~1\BAK
08/30/2005 05:47 PM 823,362 pccguide.exe
1 File(s) 823,362 bytes
Directory of C:\WINDOWS\SYSTEM32\DLA\BAK
09/08/2005 06:20 AM 122,940 DLACTRLW.exe
1 File(s) 122,940 bytes
Directory of C:\PROGRA~1\COMMON~1\AOL\IPHSEND\BAK
02/17/2006 12:59 PM 124,520 IPHSend.exe
1 File(s) 124,520 bytes
Directory of C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\BAK
09/11/2006 05:40 AM 86,960 issch.exe
09/11/2006 05:40 AM 218,032 ISUSPM.exe
2 File(s) 304,992 bytes
Directory of C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK
02/22/2007 12:36 PM 185,896 realsched.exe
1 File(s) 185,896 bytes
Directory of C:\PROGRA~1\CREATIVE\SOUNDB~1\DVDAUDIO\BAK
06/18/2003 02:00 AM 45,056 CTDVDDET.exe
1 File(s) 45,056 bytes
Directory of C:\PROGRA~1\CREATIVE\SOUNDB~1\VOLUME~1\BAK
10/14/2005 12:01 PM 122,880 VolPanel.exe
1 File(s) 122,880 bytes
Directory of C:\PROGRA~1\HEWLET~1\TOOLBOX\STATUS~1\BAK
02/27/2004 01:29 PM 61,440 StatusClient.exe
1 File(s) 61,440 bytes
Directory of C:\PROGRA~1\JAVA\JRE16~1.0_0\BIN\BAK
09/25/2007 01:11 AM 132,496 jusched.exe
1 File(s) 132,496 bytes
Directory of C:\PROGRA~1\TRENDM~1\INTERN~1\TMAS_OE\BAK
04/11/2006 07:39 PM 176,201 TMAS_OEMon.exe
1 File(s) 176,201 bytes
Directory of C:\PROGRA~1\COMMON~1\AOL\114534~1\EE\BAK
05/09/2006 08:24 PM 50,760 AOLSoftware.exe
1 File(s) 50,760 bytes
Directory of C:\PROGRA~1\COMMON~1\ROXIOS~1\9.0\SHARED~1\BAK
03/26/2007 08:07 AM 228,088 RoxWatchTray9.exe
1 File(s) 228,088 bytes

Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~
90112 May 11 2000 "C:\WINDOWS\UpdReg.exe"
90112 May 11 2000 "C:\WINDOWS\bak\UpdReg.exe"
50528 Sep 29 2007 "C:\Program Files\AIM6\aim6.exe"
50528 Sep 29 2007 "C:\Program Files\AIM6\bak\aim6.exe"
50528 Dec 7 2007 "C:\Program Files\Common Files\AOL\1145345421\ee\aim6.exe"
267048 Jan 15 2008 "C:\Program Files\iTunes\iTunesHelper.exe"
267048 Jan 15 2008 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
102400 Mar 11 2008 "C:\WINDOWS\Installer\{80FD852F-5AAC-4129-B931-06AAFFA43138}\iTunesIco.exe"
75048 Mar 11 2008 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.6.1.9\iTunesSetupAdmin.exe"
116024 Sep 10 2007 "C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\AFG527SB\iTunesSetupAdmin[1].exe"
79144 Jan 23 2008 "C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\AVE1ONQ1\iTunesSetupAdmin[1].exe"
116008 Nov 7 2007 "C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ONSR6ZWL\iTunesSetupAdmin[1].exe"
75048 Mar 11 2008 "C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\Y18H6F2F\iTunesSetupAdmin[1].exe"
385024 Jan 10 2008 "C:\Program Files\QuickTime\qttask.exe"
385024 Jan 10 2008 "C:\Program Files\QuickTime\bak\qttask.exe"
59392 Aug 10 2004 "C:\WINDOWS\$NtUninstallKB900325$\ehtray.exe"
64512 Aug 5 2005 "C:\WINDOWS\$NtUninstallKB908246$\ehtray.exe"
67584 Sep 29 2005 "C:\WINDOWS\ehome\ehtray.exe"
67584 Sep 29 2005 "C:\WINDOWS\ehome\bak\ehtray.exe"
15360 Aug 10 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 Aug 10 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
283136 Jul 22 2005 "C:\WINDOWS\system32\NvRaidMan.exe"
126464 Jul 22 2005 "C:\WINDOWS\system32\bak\nvraidservice.exe"
102400 Dec 14 2007 "C:\blp\API\Office Tools\bbxlcmd.exe"
102400 Feb 27 2008 "C:\blp\Wintrv\ttlsupd\bbxlcmd.exe"
102400 Dec 14 2007 "C:\blp\API\Office Tools\bak\bbxlcmd.exe"
94208 Oct 5 2005 "C:\Program Files\Dell\Media Experience\DMXLauncher.exe"
94208 Oct 5 2005 "C:\Program Files\Dell\Media Experience\bak\DMXLauncher.exe"
52272 Feb 5 2007 "C:\Program Files\Google\googletoolbar4user.exe"
1476152 Feb 22 2006 "C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe"
68856 Jul 10 2007 "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
1145896 Jan 29 2007 "C:\Program Files\Rhapsody\google_bar\GoogleToolbarInstaller_en.exe"
1145896 Feb 22 2007 "C:\Program Files\Common Files\Real\GToolbar\GoogleToolbarInstaller.exe"
138168 Feb 5 2007 "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
169472 Apr 12 2006 "C:\Program Files\Google\Google Desktop Search\bak\GoogleDesktop.exe"
68856 Jul 10 2007 "C:\Program Files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe"
52272 Feb 5 2007 "C:\Program Files\Google\googletoolbar4user.exe"
1476152 Feb 22 2006 "C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe"
68856 Jul 10 2007 "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
1145896 Jan 29 2007 "C:\Program Files\Rhapsody\google_bar\GoogleToolbarInstaller_en.exe"
1145896 Feb 22 2007 "C:\Program Files\Common Files\Real\GToolbar\GoogleToolbarInstaller.exe"
138168 Feb 5 2007 "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
169472 Apr 12 2006 "C:\Program Files\Google\Google Desktop Search\bak\GoogleDesktop.exe"
68856 Jul 10 2007 "C:\Program Files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe"
49152 Feb 16 2005 "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
49152 Feb 16 2005 "C:\Program Files\Hewlett-Packard\HP Software Update\bak\HPWuSchd2.exe"
188416 May 20 2004 "C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe"
40960 Jul 17 2003 "C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe"
188416 May 20 2004 "C:\Program Files\Hewlett-Packard\Toolbox\bak\hpbpsttp.exe"
823362 Aug 30 2005 "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
823362 Aug 30 2005 "C:\Program Files\Trend Micro\Internet Security 12\bak\pccguide.exe"
122940 Sep 8 2005 "C:\WINDOWS\system32\DLA\DLACTRLW.exe"
122940 Sep 8 2005 "C:\Program Files\Roxio\DLA\install\dlactrlw.exe"
122940 Sep 8 2005 "C:\WINDOWS\system32\DLA\bak\DLACTRLW.exe"
124520 Feb 17 2006 "C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe"
124520 Feb 17 2006 "C:\Program Files\Common Files\AOL\IPHSend\bak\IPHSend.exe"
86960 Sep 11 2006 "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe"
86960 Sep 11 2006 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\issch.exe"
218032 Sep 11 2006 "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe"
218032 Sep 11 2006 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe"
185896 Feb 22 2007 "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
185896 Feb 22 2007 "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
45056 Jun 18 2003 "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.exe"
45056 Jun 18 2003 "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\bak\CTDVDDET.exe"
122880 Oct 14 2005 "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe"
122880 Oct 14 2005 "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\bak\VolPanel.exe"
61440 Feb 27 2004 "C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe"
61440 Feb 27 2004 "C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\bak\StatusClient.exe"
40960 Jul 17 2003 "C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe"
32881 Nov 19 2003 "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe"
49263 Nov 9 2006 "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
36975 Nov 10 2005 "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
132496 Sep 25 2007 "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
36975 Jul 31 2006 "C:\Program Files\neovest43\jre\bin\jusched.exe"
36975 Nov 1 2006 "C:\Program Files\neovest44\jre\bin\jusched.exe"
132496 Sep 25 2007 "C:\Program Files\Java\jre1.6.0_03\bin\bak\jusched.exe"
176201 Apr 11 2006 "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
176201 Apr 11 2006 "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\bak\TMAS_OEMon.exe"
42032 May 25 2007 "C:\Program Files\AIM6\aolsoftware.exe"
50760 Nov 12 2007 "C:\Program Files\AOL\RC\EE\aolsoftware.exe"
42032 Apr 12 2007 "C:\Program Files\Common Files\AOL\CCU\aolsoftware.exe"
41824 Oct 8 2007 "C:\Program Files\Common Files\AOL\1145345421\ee\AOLSoftware.exe4266563280"
50760 May 9 2006 "C:\Program Files\Common Files\AOL\1145345421\ee\bak\AOLSoftware.exe"
166648 Mar 26 2007 "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe"
228088 Mar 26 2007 "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\bak\RoxWatchTray9.exe"
end of report
davidmarc

Response Number 7

Name: jabuck
Date: March 12, 2008 at 19:23:33 Pacific

Reply:

Double-click the FindAWF icon once again
If a Security Alert shows, allow the program to run.
As instructed, press any key to continue.
Use the following option: Press 3 then Enter to remove bak folders
A text file opens called: folders.txt
Copy /paste the following list of bolded folders to be removed:

C:\WINDOWS\bak
C:\Program Files\AIM6\bak
C:\Program Files\iTunes\bak
C:\Program Files\QuickTime\bak
C:\WINDOWS\ehome\bak
C:\WINDOWS\system32\bak
C:\blp\API\Office Tools\bak
C:\Program Files\Dell\Media Experience\bak
C:\Program Files\Google\Google Desktop Search\bak
C:\Program Files\Google\GoogleToolbarNotifier\bak
C:\Program Files\Rhapsody\google_bar
C:\Program Files\Hewlett-Packard\HP Software Update\bak
C:\Program Files\Hewlett-Packard\Toolbox\bak
C:\Program Files\Trend Micro\Internet Security 12\bak
C:\WINDOWS\system32\DLA\bak
C:\Program Files\Common Files\AOL\IPHSend\bak
C:\Program Files\Common Files\InstallShield\UpdateService\bak
C:\Program Files\Common Files\Real\Update_OB\bak
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\bak
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\bak
C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\bak
C:\Program Files\Java\jre1.6.0_03\bin\bak
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\bak
C:\Program Files\Common Files\AOL\1145345421\ee\bak
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\bak

Next, close and click Yes to save the changes.
Once folders.txt is saved, FindAWF does the following:
-It deletes the contents of the bak folders
-Removes the bak folders
When done with the above, it automatically runs a new scan and opens a new log.
Please provide the new FindAWF log in your reply.

Response Number 8

Name: davidmarc
Date: March 12, 2008 at 20:00:11 Pacific

Reply:

Find AWF report by noahdfear ©2006
Version 1.40
Option 3 run successfully
The current date is: Wed 03/12/2008
The current time is: 22:59:29.82

bak folders found
~~~~~~~~~~~
Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~
end of report
davidmarc

Response Number 9

Name: jabuck
Date: March 13, 2008 at 03:26:35 Pacific

Reply:

Run Hijack This, close all windows and browsers except Hijack This, place a check to the left of the following items and press "fix checked"
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
Exit Hijack This
Navigate to and delete this file if found:
c:\Program Files\BAE\BAE.dll
Navigate toa nd delete this folder if found:
c:\Program Files\BAE
Your java is out of date and can be exploited.
Download the latest version of java from this link Java
Click on the JDK 6 Update 5 download button.
Check the box that says: "Accept License Agreement". The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. It should have the "coffee cup" icon next to it.
Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed
Then from your desktop double-click on jdk-6u5-windows-i586-p.exe
to install the newest version. Do not install any add-ons.
You should consider adding "Spywareblaster" to your arsenol of antispyware tools, you can download it from this link Spywareblaster
Just download it,install it, and update it. Its free and runs in the background, so you don't actually run it, and re-writes malicious script before it can install on your computer. Look for updates weekly as there is no auto-update on the free version.

Response Number 10

Name: davidmarc
Date: March 13, 2008 at 09:31:14 Pacific

Reply:

thank you. things are running a bit more smoothly. i can open internet explorer for the first time in weeks. definitely a huge improvement.
unfortunately the computer isnt at 100%...for example, i rebooted earlier and tried to open aol desktop...there was a delay of about 1 minute, then i got a msg that said "Layered Hidden Window: aolload.exe - Application Error" The error was "The instruction at "0x00af11f5" referenced memory at "0x00af11f5" This memory could not be "read" Click ok to terminate the program. Click cncl to debug"
After i clicked cancel, aol desktop (and my instant messager) opened up...
Also when i shut down the computer i have to end the task "Spiral_TCP_Wnd_Class" and i sometimes have to end task "aolload"
i imagine these are separate problems from the virus that you helped me eliminate. any advice? should i start a new thread?
regardless, thank you very much for your help w/ the zonebac problem. you service was greatly appreciated.
davidmarc

Response Number 11

Name: jabuck
Date: March 13, 2008 at 16:51:08 Pacific

Reply:

It is an aol problem.
Click the Start button, select Programs or All Programs, select AOL, then click AOL One-Click Fixes.
Run the AOL Computer Check-Up software. On the bottom left of the AOL Computer Check-Up window, in the Other Free Support Tools: section, click the One-Click Fixes link.
Right-click the AOL tray icon, then click One-Click Fixes.
if you can't get there that way start aol> keyword> keyword explore> click F> scroll down to Fix It once it loads scroll down to General PC > run the "Restart Computer" fix.

Response Number 12

Name: davidmarc
Date: March 13, 2008 at 18:23:34 Pacific

Reply:

i just deleted all of my aol files and reinstalled instant messenger (i will just use internet explorer...i'm indifferent)
things seem to be working smoothly. thank you very, very much for your assistance. hopefully you won't hear from me anymore!
davidmarc

Response Number 13

Name: jabuck
Date: March 13, 2008 at 18:35:22 Pacific

Reply:

Glad we could help.

Sponsored Link

Ads by Google

Win32/Zonebac.gen!F Probl...

Win32/Zonebac virus

Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.

Go to Security and Virus Forum Home

Sponsored links

Ads by Google

Results for: help...zonebac.gen!F virus

backdoor:Win32/Zonebac.gen!F virus

Summary

www.computing.net/answers/security/backdoorwin32zonebacgenf-virus-/22540.html

backdoor: win32/zonebac.gen!F probs

Summary

www.computing.net/answers/security/backdoor-win32zonebacgenf-probs/22538.html

Backdoor:win32/Zonebac.gen!f Trojan

Summary

www.computing.net/answers/security/backdoorwin32zonebacgenf-trojan/22563.html

From the Geek Dictionary
nix - An abbreviated name for Linux.

Ask a Question!

Weekly Poll
What do you think of the new preview of Chrome OS?

Poll Finishes In 6 Days.
Discuss in The Lounge
Poll History

Recent Posts
need mouse

After an XP reinstall, backup drives go RAW

Computer will not boot

Using wireless card

Monitor turnoff

All Awaiting Reply

Tom's News
Woman Tracks Down Club Attacker on Facebook

Geolocation Functions Come to Twitter

New Craigslist Trend: Trade Sex for Rent?

Law Firm Investigates MS Over Xbox Live Bans

Amazon Charges $25 for Palm Pixi and $80 for Pre

More Tom's Guide News

Data Recovery

Manufacturer List | About Us | Advertising Info | Contact Us
The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE