Specialty Forums
Security and Virus
General Hardware
CPUs/Overclocking
Networking
Digital Photo/Video
Office Software
PC Gaming
Console Gaming
Programming
Database
Web Development
Digital Home

General Forums
Windows XP
Windows Vista
Windows 95/98
Windows Me
Windows NT
Windows 2000
Win Server 2008
Win Server 2003
Windows 3.1
Linux
PDAs
BeOS
Novell Netware
OpenVMS
Solaris
Disk Op. System
Unix
Mac
OS/2

Drivers
Driver Scan
Driver Forum

Software
Automatic Updates

BIOS Updates

My Computing.Net

Solution Center

Free IT eBook

Howtos

Site Search

Message Find

RSS Feeds

Install Guides

Data Recovery

About

Home
Reply to Message Icon Go to Main Page Icon

Subject: win32/zonebac won't go away

Original Message
Name: thebyrddog
Date: October 28, 2007 at 11:03:10 Pacific
Subject: win32/zonebac won't go away
OS: XP
CPU/Ram: unknown
Model/Manufacturer: HP
Comment:
I have found this thing everytime I restart my computer. I try to remove it and it keeps coming back, but I don't know what else to do. I read a few other posts, and I went ahead and downloaded hijackthis and AWF and I will post if needed. Any help is greatly appreciated!



Report Offensive Message For Removal

Response Number 1
Name: jabuck
Date: October 28, 2007 at 14:50:07 Pacific
Subject: win32/zonebac won't go away
Reply: (edit)
Please post the hijack This and the FindAWF logs .

Report Offensive Follow Up For Removal

Response Number 2
Name: thebyrddog
Date: October 29, 2007 at 19:39:13 Pacific
Subject: win32/zonebac won't go away
Reply: (edit)
Logfile of HijackThis v1.99.1
Scan saved at 12:51:32 PM, on 10/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Maria\Local Settings\Temporary Internet Files\Content.IE5\RV2G2637\FindAWF[1].exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?T...
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Internet Radio by Endicosoft.com - {1F958B09-3312-7f0e-9723-4C1324C57B20} - C:\Program Files\Internet Radio\Radio.exe (file missing)
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - blank (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
O15 - Trusted Zone: *.doginhispen.com
O15 - Trusted Zone: *.whataboutadog.com
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com.library.gcu....
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?lin...
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/no...
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GoogleDesktopManager - Unknown owner - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Find AWF report by noahdfear ©2006
Version 1.40

The current date is: Sun 10/28/2007
The current time is: 12:49:03.54


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\QUICKT~1\BAK

09/09/2006 09:04 PM 282,624 qttask.exe
1 File(s) 282,624 bytes

Directory of C:\PROGRA~1\WINDOW~4\BAK

11/03/2006 07:20 PM 866,584 MSASCui.exe
1 File(s) 866,584 bytes

Directory of C:\PROGRA~1\BILLPS~1\WINPAT~1\BAK

12/12/2005 11:18 PM 222,784 winpatrol.exe
1 File(s) 222,784 bytes

Directory of C:\PROGRA~1\GOOGLE\GOOGLE~2\BAK

01/01/2007 04:22 PM 3,739,648 googletalk.exe
1 File(s) 3,739,648 bytes

Directory of C:\PROGRA~1\GOOGLE\GOOGLE~3\BAK

04/11/2007 05:55 PM 1,861,632 GoogleDesktop.exe
1 File(s) 1,861,632 bytes

Directory of C:\PROGRA~1\GRISOFT\AVGFRE~1\BAK

09/14/2007 12:17 PM 421,888 avgcc.exe
1 File(s) 421,888 bytes

Directory of C:\PROGRA~1\HPQ\HPWIRE~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\MUSICM~1\MUSICM~1\BAK

11/07/2006 04:41 PM 8,192 mimboot.exe
11/07/2006 04:41 PM 110,592 mm_tray.exe
2 File(s) 118,784 bytes

Directory of C:\PROGRA~1\SYNAPT~1\SYNTP\BAK

06/19/2005 03:50 PM 729,178 SynTPEnh.exe
1 File(s) 729,178 bytes

Directory of C:\PROGRA~1\ADOBE\READER~1.0\READER\BAK

05/11/2007 03:06 AM 40,048 Reader_sl.exe
1 File(s) 40,048 bytes

Directory of C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK

09/12/2007 07:42 PM 185,632 realsched.exe
1 File(s) 185,632 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

27664 Oct 3 2007 "C:\Program Files\QuickTime\qttask.exe"
282624 Sep 9 2006 "C:\Program Files\QuickTime\bak\qttask.exe"
27664 Oct 3 2007 "C:\Program Files\Windows Defender\MSASCui.exe"
866584 Nov 3 2006 "C:\Program Files\Windows Defender\bak\MSASCui.exe"
27664 Oct 3 2007 "C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe"
222784 Dec 12 2005 "C:\Program Files\BillP Studios\WinPatrol\bak\winpatrol.exe"
52272 May 30 2007 "C:\Program Files\Google\googletoolbar2user.exe"
68856 Apr 4 2007 "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
124912 Aug 10 2007 "C:\Program Files\Google\Google Updater\GoogleUpdater.exe"
27664 Oct 3 2007 "C:\Program Files\Google\Google Talk\googletalk.exe"
2177336 Dec 15 2006 "C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe"
124152 Apr 4 2007 "C:\WINDOWS\Temp\gis212b84\GoogleUpdater.exe"
124912 Aug 10 2007 "C:\WINDOWS\Temp\gis66833e8\GoogleUpdater.exe"
125176 May 17 2007 "C:\WINDOWS\Temp\gisf948d94\GoogleUpdater.exe"
1145896 Sep 12 2007 "C:\Program Files\Common Files\Real\GToolbar\googletoolbarinstaller.exe"
138680 May 17 2007 "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
124912 Aug 10 2007 "C:\Program Files\Google\Google Updater\2.2.940.34809\GoogleUpdaterRestartManager.exe"
3739648 Jan 1 2007 "C:\Program Files\Google\Google Talk\bak\googletalk.exe"
1581768 Oct 27 2006 "C:\Program Files\Google\Google Talk\googletalk-1.0.0.100\googletalk-setup-upgrade.exe"
1606064 Jan 9 2007 "C:\Program Files\Google\Google Talk\googletalk-1.0.0.104\googletalk-setup-upgrade.exe"
1531784 Aug 16 2006 "C:\Program Files\Google\Google Talk\googletalk-1.0.0.96\googletalk-setup-upgrade.exe"
1572720 Oct 11 2006 "C:\Program Files\Google\Google Talk\googletalk-1.0.0.98\googletalk-setup-upgrade.exe"
1861632 Apr 11 2007 "C:\Program Files\Google\Google Desktop Search\bak\GoogleDesktop.exe"
1861632 Apr 11 2007 "C:\Program Files\Google\Google Desktop Search\gcdtmp1\GoogleDesktopSetupHelper.exe"
1861632 May 4 2007 "C:\Program Files\Google\Google Desktop Search\gcdtmp10\GoogleDesktopSetupHelper.exe"
1861632 May 4 2007 "C:\Program Files\Google\Google Desktop Search\gcdtmp11\GoogleDesktopSetupHelper.exe"
1861632 May 8 2007 "C:\Program Files\Google\Google Desktop Search\gcdtmp12\GoogleDesktopSetupHelper.exe"
1861632 May 10 2007 "C:\Program Files\Google\Google Desktop Search\gcdtmp13\GoogleDesktopSetupHelper.exe"
1861632 May 12 2007 "C:\Program Files\Google\Google Desktop Search\gcdtmp14\GoogleDesktopSetupHelper.exe"
1861632 May 14 2007 "C:\Program Files\Google\Google Desktop Search\gcdtmp15\GoogleDesktopSetupHelper.exe"
1861632 May 23 2007 "C:\Program Files\Google\Google Desktop Search\gcdtmp16\GoogleDesktopSetupHelper.exe"
1861632 Jun 10 2007 "C:\Program Files\Google\Google Desktop Search\gcdtmp17\GoogleDesktopSetupHelper.exe"
1861632 Jun 13 2007 "C:\Program Files\Google\Google Desktop Search\gcdtmp18\GoogleDesktopSetupHelper.exe"
1861632 Jun 13 2007 "C:\Program Files\Google\Google Desktop Search\gcdtmp19\GoogleDesktopSetupHelper.exe"
1861632 Apr 12 2007 "C:\Program Files\Google\Google Desktop Search\gcdtmp2\GoogleDesktopSetupHelper.exe"
1861632 Jun 29 2007 "C:\Program Files\Google\Google Desktop Search\gcdtmp20\GoogleDesktopSetupHelper.exe"
1861632 Jun 30 2007 "C:\Program Files\Google\Google Desktop Search\gcdtmp21\GoogleDesktopSetupHelper.exe"
1861632 Jun 30 2007 "C:\Program Files\Google\Google Desktop Search\gcdtmp22\GoogleDesktopSetupHelper.exe"
1861632 Jul 6 2007 "C:\Program Files\Google\Google Desktop Search\gcdtmp23\GoogleDesktopSetupHelper.exe"
1861632 Jul 8 2007 "C:\Program Files\Google\Google Desktop Search\gcdtmp24\GoogleDesktopSetupHelper.exe"
1861632 Jul 12 2007 "C:\Program Files\Google\Google Desktop Search\gcdtmp25\GoogleDesktopSetupHelper.exe"
1861632 Jul 17 2007 "C:\Program Files\Google\Google Desktop Search\gcdtmp26\GoogleDesktopSetupHelper.exe"
1861632 Jul 20 2007 "C:\Program Files\Google\Google Desktop Search\gcdtmp27\GoogleDesktopSetupHelper.exe"
1836544 Jul 20 2007 "C:\Program Files\Google\Google Desktop Search\gcdtmp28\GoogleDesktopSetupHelper.exe"
1861632 Jul 27 2007 "C:\Program Files\Google\Google Desktop Search\gcdtmp29\GoogleDesktopSetupHelper.exe"
1861632 Apr 13 2007 "C:\Program Files\Google\Google Desktop Search\gcdtmp3\GoogleDesktopSetupHelper.exe"
1836544 Jul 27 2007 "C:\Program Files\Google\Google Desktop Search\gcdtmp30\GoogleDesktopSetupHelper.exe"
1861632 Aug 4 2007 "C:\Program Files\Google\Google Desktop Search\gcdtmp31\GoogleDesktopSetupHelper.exe"
1861632 Aug 8 2007 "C:\Program Files\Google\Google Desktop Search\gcdtmp32\GoogleDesktopSetupHelper.exe"
1861632 Aug 9 2007 "C:\Program Files\Google\Google Desktop Search\gcdtmp33\GoogleDesktopSetupHelper.exe"
1861632 Aug 16 2007 "C:\Program Files\Google\Google Desktop Search\gcdtmp34\GoogleDesktopSetupHelper.exe"
1861632 Aug 18 2007 "C:\Program Files\Google\Google Desktop Search\gcdtmp35\GoogleDesktopSetupHelper.exe"
1861632 Aug 25 2007 "C:\Program Files\Google\Google Desktop Search\gcdtmp36\GoogleDesktopSetupHelper.exe"
1861632 Aug 29 2007 "C:\Program Files\Google\Google Desktop Search\gcdtmp37\GoogleDesktopSetupHelper.exe"
1861632 Aug 31 2007 "C:\Program Files\Google\Google Desktop Search\gcdtmp38\GoogleDesktopSetupHelper.exe"
1861632 Sep 13 2007 "C:\Program Files\Google\Google Desktop Search\gcdtmp39\GoogleDesktopSetupHelper.exe"
1861632 Apr 17 2007 "C:\Program Files\Google\Google Desktop Search\gcdtmp4\GoogleDesktopSetupHelper.exe"
1861632 Apr 28 2007 "C:\Program Files\Google\Google Desktop Search\gcdtmp5\GoogleDesktopSetupHelper.exe"
1861632 Apr 28 2007 "C:\Program Files\Google\Google Desktop Search\gcdtmp6\GoogleDesktopSetupHelper.exe"
1861632 Apr 29 2007 "C:\Program Files\Google\Google Desktop Search\gcdtmp7\GoogleDesktopSetupHelper.exe"
1861632 May 2 2007 "C:\Program Files\Google\Google Desktop Search\gcdtmp8\GoogleDesktopSetupHelper.exe"
1861632 May 2 2007 "C:\Program Files\Google\Google Desktop Search\gcdtmp9\GoogleDesktopSetupHelper.exe"
123640 Jan 31 2007 "C:\Documents and Settings\Maria\Local Settings\Temp\gisac4ffee\GoogleUpdater.exe"
52272 May 30 2007 "C:\Program Files\Google\googletoolbar2user.exe"
68856 Apr 4 2007 "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
124912 Aug 10 2007 "C:\Program Files\Google\Google Updater\GoogleUpdater.exe"
27664 Oct 3 2007 "C:\Program Files\Google\Google Talk\googletalk.exe"
2177336 Dec 15 2006 "C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe"
124152 Apr 4 2007 "C:\WINDOWS\Temp\gis212b84\GoogleUpdater.exe"
124912 Aug 10 2007 "C:\WINDOWS\Temp\gis66833e8\GoogleUpdater.exe"
125176 May 17 2007 "C:\WINDOWS\Temp\gisf948d94\GoogleUpdater.exe"
1145896 Sep 12 2007 "C:\Program Files\Common Files\Real\GToolbar\googletoolbarinstaller.exe"
138680 May 17 2007 "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
124912 Aug 10 2007 "C:\Program Files\Google\Google Updater\2.2.940.34809\GoogleUpdaterRestartManager.exe"
3739648 Jan 1 2007 "C:\Program Files\Google\Google Talk\bak\googletalk.exe"
1581768 Oct 27 2006 "C:\Program Files\Google\Google Talk\googletalk-1.0.0.100\googletalk-setup-upgrade.exe"
1606064 Jan 9 2007 "C:\Program Files\Google\Google Talk\googletalk-1.0.0.104\googletalk-setup-upgrade.exe"
1531784 Aug 16 2006 "C:\Program Files\Google\Google Talk\googletalk-1.0.0.96\googletalk-setup-upgrade.exe"
1572720 Oct 11 2006 "C:\Program Files\Google\Google Talk\googletalk-1.0.0.98\googletalk-setup-upgrade.exe"
1861632 Apr 11 2007 "C:\Program Files\Google\Google Desktop Search\bak\GoogleDesktop.exe"
1861632 Apr 11 2007 "C:\Program Files\Google\Google Desktop Search\gcdtmp1\GoogleDesktopSetupHelper.exe"
1861632 May 4 2007 "C:\Program Files\Google\Google Desktop Search\gcdtmp10\GoogleDesktopSetupHelper.exe"
1861632 May 4 2007 "C:\Program Files\Google\Google Desktop Search\gcdtmp11\GoogleDesktopSetupHelper.exe"
1861632 May 8 2007 "C:\Program Files\Google\Google Desktop Search\gcdtmp12\GoogleDesktopSetupHelper.exe"
1861632 May 10 2007 "C:\Program Files\Google\Google Desktop Search\gcdtmp13\GoogleDesktopSetupHelper.exe"
1861632 May 12 2007 "C:\Program Files\Google\Google Desktop Search\gcdtmp14\GoogleDesktopSetupHelper.exe"
1861632 May 14 2007 "C:\Program Files\Google\Google Desktop Search\gcdtmp15\GoogleDesktopSetupHelper.exe"
1861632 May 23 2007 "C:\Program Files\Google\Google Desktop Search\gcdtmp16\GoogleDesktopSetupHelper.exe"
1861632 Jun 10 2007 "C:\Program Files\Google\Google Desktop Search\gcdtmp17\GoogleDesktopSetupHelper.exe"
1861632 Jun 13 2007 "C:\Program Files\Google\Google Desktop Search\gcdtmp18\GoogleDesktopSetupHelper.exe"
1861632 Jun 13 2007 "C:\Program Files\Google\Google Desktop Search\gcdtmp19\GoogleDesktopSetupHelper.exe"
1861632 Apr 12 2007 "C:\Program Files\Google\Google Desktop Search\gcdtmp2\GoogleDesktopSetupHelper.exe"
1861632 Jun 29 2007 "C:\Program Files\Google\Google Desktop Search\gcdtmp20\GoogleDesktopSetupHelper.exe"
1861632 Jun 30 2007 "C:\Program Files\Google\Google Desktop Search\gcdtmp21\GoogleDesktopSetupHelper.exe"
1861632 Jun 30 2007 "C:\Program Files\Google\Google Desktop Search\gcdtmp22\GoogleDesktopSetupHelper.exe"
1861632 Jul 6 2007 "C:\Program Files\Google\Google Desktop Search\gcdtmp23\GoogleDesktopSetupHelper.exe"
1861632 Jul 8 2007 "C:\Program Files\Google\Google Desktop Search\gcdtmp24\GoogleDesktopSetupHelper.exe"
1861632 Jul 12 2007 "C:\Program Files\Google\Google Desktop Search\gcdtmp25\GoogleDesktopSetupHelper.exe"
1861632 Jul 17 2007 "C:\Program Files\Google\Google Desktop Search\gcdtmp26\GoogleDesktopSetupHelper.exe"
1861632 Jul 20 2007 "C:\Program Files\Google\Google Desktop Search\gcdtmp27\GoogleDesktopSetupHelper.exe"
1836544 Jul 20 2007 "C:\Program Files\Google\Google Desktop Search\gcdtmp28\GoogleDesktopSetupHelper.exe"
1861632 Jul 27 2007 "C:\Program Files\Google\Google Desktop Search\gcdtmp29\GoogleDesktopSetupHelper.exe"
1861632 Apr 13 2007 "C:\Program Files\Google\Google Desktop Search\gcdtmp3\GoogleDesktopSetupHelper.exe"
1836544 Jul 27 2007 "C:\Program Files\Google\Google Desktop Search\gcdtmp30\GoogleDesktopSetupHelper.exe"
1861632 Aug 4 2007 "C:\Program Files\Google\Google Desktop Search\gcdtmp31\GoogleDesktopSetupHelper.exe"
1861632 Aug 8 2007 "C:\Program Files\Google\Google Desktop Search\gcdtmp32\GoogleDesktopSetupHelper.exe"
1861632 Aug 9 2007 "C:\Program Files\Google\Google Desktop Search\gcdtmp33\GoogleDesktopSetupHelper.exe"
1861632 Aug 16 2007 "C:\Program Files\Google\Google Desktop Search\gcdtmp34\GoogleDesktopSetupHelper.exe"
1861632 Aug 18 2007 "C:\Program Files\Google\Google Desktop Search\gcdtmp35\GoogleDesktopSetupHelper.exe"
1861632 Aug 25 2007 "C:\Program Files\Google\Google Desktop Search\gcdtmp36\GoogleDesktopSetupHelper.exe"
1861632 Aug 29 2007 "C:\Program Files\Google\Google Desktop Search\gcdtmp37\GoogleDesktopSetupHelper.exe"
1861632 Aug 31 2007 "C:\Program Files\Google\Google Desktop Search\gcdtmp38\GoogleDesktopSetupHelper.exe"
1861632 Sep 13 2007 "C:\Program Files\Google\Google Desktop Search\gcdtmp39\GoogleDesktopSetupHelper.exe"
1861632 Apr 17 2007 "C:\Program Files\Google\Google Desktop Search\gcdtmp4\GoogleDesktopSetupHelper.exe"
1861632 Apr 28 2007 "C:\Program Files\Google\Google Desktop Search\gcdtmp5\GoogleDesktopSetupHelper.exe"
1861632 Apr 28 2007 "C:\Program Files\Google\Google Desktop Search\gcdtmp6\GoogleDesktopSetupHelper.exe"
1861632 Apr 29 2007 "C:\Program Files\Google\Google Desktop Search\gcdtmp7\GoogleDesktopSetupHelper.exe"
1861632 May 2 2007 "C:\Program Files\Google\Google Desktop Search\gcdtmp8\GoogleDesktopSetupHelper.exe"
1861632 May 2 2007 "C:\Program Files\Google\Google Desktop Search\gcdtmp9\GoogleDesktopSetupHelper.exe"
123640 Jan 31 2007 "C:\Documents and Settings\Maria\Local Settings\Temp\gisac4ffee\GoogleUpdater.exe"
27664 Oct 3 2007 "C:\Program Files\Grisoft\AVG Free\avgcc.exe"
421888 Sep 14 2007 "C:\Program Files\Grisoft\AVG Free\bak\avgcc.exe"
27664 Oct 3 2007 "C:\Program Files\Musicmatch\Musicmatch Jukebox\mimboot.exe"
8192 Nov 7 2006 "C:\Program Files\Musicmatch\Musicmatch Jukebox\bak\mimboot.exe"
8192 Dec 10 2006 "C:\Program Files\Musicmatch\Musicmatch Update\MMJB\mimboot.exe"
27664 Oct 3 2007 "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
110592 Nov 7 2006 "C:\Program Files\Musicmatch\Musicmatch Jukebox\bak\mm_tray.exe"
110592 Dec 10 2006 "C:\Program Files\Musicmatch\Musicmatch Update\MMJB\mm_tray.exe"
729178 Jun 19 2005 "C:\SWSETUP\Touchpad\SynTPEnh.exe"
27664 Oct 3 2007 "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
729178 Jun 19 2005 "C:\Program Files\Synaptics\SynTP\bak\SynTPEnh.exe"
729178 Jun 19 2005 "C:\Program Files\Synaptics\SynTP\Media\SynTPEnh.exe"
27664 Oct 3 2007 "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
40048 May 11 2007 "C:\Program Files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe"
27664 Oct 3 2007 "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
185632 Sep 12 2007 "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"

Thanks for the quick response!


Report Offensive Follow Up For Removal

Response Number 3
Name: jabuck
Date: October 29, 2007 at 20:23:49 Pacific
Subject: win32/zonebac won't go away
Reply: (edit)
Double-click the FindAWF icon once again

If a Security Alert shows, allow the program to run.
As instructed, press any key to continue.
Use the following option: Press 2 then Enter to restore files from bak folders

A text file opens called: files.txt
Click below the line and paste the following list of files to be restored:


"C:\Program Files\QuickTime\bak\qttask.exe"
"C:\Program Files\Windows Defender\bak\MSASCui.exe"
"C:\Program Files\BillP Studios\WinPatrol\bak\winpatrol.exe"
"C:\Program Files\Google\Google Talk\bak\googletalk.exe"
"C:\Program Files\Google\Google Desktop Search\bak\GoogleDesktop.exe"
"C:\Program Files\Google\Google Talk\bak\googletalk.exe"
"C:\Program Files\Google\Google Desktop Search\bak\GoogleDesktop.exe"
"C:\Program Files\Grisoft\AVG Free\bak\avgcc.exe"
"C:\Program Files\Musicmatch\Musicmatch Jukebox\bak\mimboot.exe"
"C:\Program Files\Musicmatch\Musicmatch Jukebox\bak\mm_tray.exe"
"C:\Program Files\Synaptics\SynTP\bak\SynTPEnh.exe"
"C:\Program Files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe"
"C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"

Next, close and click Yes to save the changes.

Once files.txt is saved, FindAWF does the following:
-It attempts to terminate the process represented by each filename on the list, if running
-Deletes the rogue file from the parent folder, if present
-Copies the original file to the parent folder

When done with the above, it automatically runs a new scan and opens a new log.
Please provide the new FindAWF log in your reply.


Report Offensive Follow Up For Removal

Response Number 4
Name: thebyrddog
Date: October 30, 2007 at 16:23:31 Pacific
Subject: win32/zonebac won't go away
Reply: (edit)
Done. Here is the new AWF log:

Find AWF report by noahdfear ©2006
Version 1.40
Option 2 run successfully

The current date is: Tue 10/30/2007
The current time is: 18:19:41.81


bak folders found
~~~~~~~~~~~

Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

end of report


Report Offensive Follow Up For Removal

Response Number 5
Name: jabuck
Date: October 30, 2007 at 16:41:33 Pacific
Subject: win32/zonebac won't go away
Reply: (edit)
Please download ComboFix to the desktop from this link:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to hang.)

Please post the log it produces.


Report Offensive Follow Up For Removal

Response Number 6
Name: thebyrddog
Date: October 30, 2007 at 18:44:04 Pacific
Subject: win32/zonebac won't go away
Reply: (edit)
ComboFix 07-10-29.1 - Maria 2007-10-30 20:36:12.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.542 [GMT -5:00]
Running from: C:\Documents and Settings\Maria\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\ScreenSaver\Cache\files.ini
C:\Program Files\FunWebProducts\ScreenSaver\Images\[u]0[/u]9742E39.urr
C:\Program Files\FunWebProducts\ScreenSaver\Images\[u]0[/u]976897E.urr
C:\Program Files\FunWebProducts\ScreenSaver\Images\[u]0[/u]97692A6.dat
C:\Program Files\FunWebProducts\ScreenSaver\Images\101x135\[u]0[/u]97692A6.jpg
C:\Program Files\FunWebProducts\ScreenSaver\Images\f3wallpp.bmp
C:\Program Files\FunWebProducts\ScreenSaver\Images\wrkparam.lst
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SHLLVW.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV
C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat


Report Offensive Follow Up For Removal

Response Number 7
Name: jabuck
Date: October 30, 2007 at 18:51:37 Pacific
Subject: win32/zonebac won't go away
Reply: (edit)
Go to start> control panel>add/remove programs and uninstall anything with "MyWebSearch" in it.

That was only part of the Combofix log, please post a complete Combofix log and a new Hijack This log.


Report Offensive Follow Up For Removal

Response Number 8
Name: thebyrddog
Date: October 30, 2007 at 19:21:49 Pacific
Subject: win32/zonebac won't go away
Reply: (edit)
ComboFix 07-10-29.1 - Maria 2007-10-30 21:16:47.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.523 [GMT -5:00]
Running from: C:\Documents and Settings\Maria\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-09-28 to 2007-10-31 )))))))))))))))))))))))))))))))
.

2007-10-30 20:32 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-30 18:33 <DIR> d-------- C:\Program Files\Windows Defender
2007-10-20 23:19 <DIR> d-------- C:\Program Files\hp deskjet 5550 series
2007-10-20 23:18 147,512 --a------ C:\WINDOWS\system32\hpzlnt07.dll
2007-10-20 23:06 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-10-20 23:06 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys
2007-10-13 20:07 1,503 --a------ C:\WINDOWS\checkip.dat
2007-10-09 18:46 582,656 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-01 22:46 <DIR> d-------- C:\WINDOWS\system32\E177E04D548C4006A465EEB92D3DE021
2007-10-01 22:45 <DIR> d-------- C:\Program Files\Minitab 15
2007-09-27 21:03 <DIR> d-------- C:\Program Files\Electronic Arts
2007-09-27 21:02 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2007-09-27 21:02 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2007-09-23 21:18 <DIR> d-------- C:\Program Files\Ring Factory
2007-09-20 21:19 <DIR> d-------- C:\Program Files\MSECache
2007-09-13 10:01 <DIR> d-------- C:\Keller7
2007-09-12 19:43 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-09-05 20:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WinZip

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-31 01:39 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-10-30 23:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2007-10-30 23:19 --------- d-----w C:\Program Files\QuickTime
2007-10-28 18:17 --------- d-----w C:\Program Files\Sierra
2007-10-28 18:17 --------- d-----w C:\Documents and Settings\Maria\Application Data\InstallShield
2007-10-28 18:16 --------- d-----w C:\Program Files\Spyware Doctor
2007-10-28 18:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2007-10-28 18:15 --------- d-----w C:\Program Files\Picasa2
2007-10-25 23:21 --------- d-----w C:\Program Files\Incomplete
2007-10-22 04:20 --------- d-----w C:\Program Files\WildTangent
2007-10-22 04:18 --------- d-----w C:\Program Files\Ezthemes_WhenUSaveNowCrunch_Installer
2007-10-22 04:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-21 04:17 --------- d-----w C:\Program Files\Hewlett-Packard
2007-10-20 22:58 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-10-20 22:29 --------- d-----w C:\Program Files\EA GAMES
2007-10-01 15:55 --------- d-----w C:\Program Files\Mp3 My Mp3 2.0
2007-09-15 07:50 110,592 ----a-w C:\WINDOWS\system32\SynTPCo4.dll
2007-09-15 07:21 147,456 ----a-w C:\WINDOWS\system32\SynTPAPI.dll
2007-09-15 07:13 196,608 ----a-w C:\WINDOWS\system32\SynCtrl.dll
2007-09-15 07:13 163,840 ----a-w C:\WINDOWS\system32\SynCOM.dll
2007-09-15 07:09 213,696 ----a-w C:\WINDOWS\system32\drivers\SynTP.sys
2007-09-13 21:21 --------- d-----w C:\Program Files\ItsDeductibleEX
2007-09-13 00:43 --------- d-----w C:\Program Files\Common Files\Real
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-21 06:15 683,520 ------w C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-08-20 10:04 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-08-20 10:04 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-08-20 10:04 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2007-08-20 10:04 6,058,496 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-08-20 10:04 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-08-20 10:04 477,696 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-08-20 10:04 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-08-20 10:04 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-08-20 10:04 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-08-20 10:04 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-08-20 10:04 3,584,512 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-08-20 10:04 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-08-20 10:04 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-08-20 10:04 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-08-20 10:04 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-08-20 10:04 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-08-20 10:04 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-08-20 10:04 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-08-20 10:04 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-08-20 10:04 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
2007-08-20 10:04 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
2007-08-20 10:04 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll
2007-08-20 10:04 1,152,000 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-08-17 10:21 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-08-17 10:20 63,488 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-08-17 10:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-08-17 07:34 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-07-31 00:19 92,504 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-31 00:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-31 00:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-31 00:19 549,720 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-31 00:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-31 00:19 53,080 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-31 00:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-31 00:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-31 00:19 325,976 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-31 00:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-31 00:19 203,096 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-31 00:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-31 00:19 1,712,984 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-31 00:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-07-31 00:18 33,624 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2007-07-12 23:31 765,952 ----a-w C:\WINDOWS\system32\dllcache\vgx.dll
2007-07-09 13:16 582,656 ----a-w C:\WINDOWS\system32\rpcrt4.dll
2007-02-23 03:29 31,240 -c--a-w C:\Documents and Settings\Maria\Application Data\wklnhst.dat
2005-09-24 08:49 12,288 -c--a-w C:\WINDOWS\Fonts\RandFont.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-13 16:45]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 02:27]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-12-09 19:19]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 16:03]
"Reminder"="C:\Windows\CREATOR\Remind_XP.exe" [2005-10-28 18:11]
"RegistryMechanic"="" []
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 13:23]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2005-12-12 14:39]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 02:11]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-07 13:56]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2005-08-01 17:26]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-11-11 00:05]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 02:29]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-04 18:37]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2006-08-15 18:02:45]
ymetray.lnk - C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2007-08-09 12:09:10]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SDhelper"=2 (0x2)

R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys
S3 o1394bul;o1394bul;\??\C:\DOCUME~1\Maria\LOCALS~1\Temp\o1394bul.sys

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2007-10-31 01:42:51 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2007-10-30 23:29:36 C:\WINDOWS\Tasks\User_Feed_Synchronization-{97A43E95-4A09-42E3-935C-CDB4C825176E}.job"
.
**************************************************************************

catchme 0.3.1239 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-30 21:19:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe???????????????|?????? ???B?????????????hLC? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-30 21:19:54
C:\ComboFix2.txt ... 2007-10-30 20:42
.
--- E O F ---

Logfile of HijackThis v1.99.1
Scan saved at 21:18, on 2007-10-30
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\WINDOWS\system32\cmd.exe
C:\ComboFix\vfind.cfexe
C:\ComboFix\mtee.cfexe
C:\WINDOWS\system32\findstr.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?T...
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Internet Radio by Endicosoft.com - {1F958B09-3312-7f0e-9723-4C1324C57B20} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - blank (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
O15 - Trusted Zone: *.doginhispen.com
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com.library.gcu....
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/no...
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: GoogleDesktopManager - Unknown owner - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe



Report Offensive Follow Up For Removal

Response Number 9
Name: jabuck
Date: October 30, 2007 at 20:01:08 Pacific
Subject: win32/zonebac won't go away
Reply: (edit)
You are still infected most likely due to you out of date java and realtime protection interference.

Your java is out of date and can be exploited.

Download the latest version of http://java.sun.com/javase/downloads/index.jsp

Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".

Click the "Download" button to the right.

Check the box that says: "Accept License Agreement". The page will refresh.

Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.

Close any programs you may have running - especially your web browser.

Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. It should have the "coffee cup" icon next to it.

Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions.

Reboot your computer once all Java components are removed

. Then from your desktop double-click on jre-1_6_3-windowsi586-p.exe to install the newest version.

Temporarily disable any of the following anti-spyware realtime protection programs that you may have Disable Realtime Protection or the fixes will not work. Be sure to turn yout anti-spyware programs back on once the computer is clean.

Double-click on the FindAWF.exe file to run it. It will open a command prompt and ask you to "Press any key to continue". You will be presented with a Menu.
1. Press 1 then Enter to scan for bak folders
2. Press 2 then Enter to restore files from bak folders
3. Press 3 then Enter to remove bak folders
4. Press 4 then Enter to reset domain zones
5. Press E then Enter to EXIT
Press 1 then press Enter. Copy and paste the contents of the AWF.txt file in your next reply.


Report Offensive Follow Up For Removal



Use following form to reply to current message: 

   Name: From My Computing.Net Settings
 E-Mail: From My Computing.Net Settings

Subject: win32/zonebac won't go away

Comments:
         

 
  Homepage URL (*): 
Homepage Title (*): 
         Image URL:
 


Data Recovery Software



Version Tracker Pro
Keep your software current and secure, effortlessly
Click Here for a Free Scan

Driver Agent
Automatically find the latest drivers for your computer.
 Click Here for a Free Scan

The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net, LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE

All content ©1996-2007 Computing.Net, LLC