Zonebac?(RESOLVED)

  1. 10-11-2007  #1
    ratnamg
    ratnamg is offline Newbie

    Zonebac?(RESOLVED)

    Hi
    It seems my laptop got infected with zonebac. Can you please help me get this off?

    here is my HJT log
    Logfile of HijackThis v1.99.1
    Scan saved at 7:12:17 AM, on 11/10/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\ibmpmsvc.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
    C:\WINDOWS\system32\GtDetectSc.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Drivers\trcboot.exe
    C:\WINDOWS\system32\IPSSVC.EXE
    C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
    C:\WINDOWS\system32\acs.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\IBM\tivoli\dcd\client\ISSI\cds\CDSWinSrv.exe
    C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\C4ebreg\c4ebreg.exe
    c:\sdwork\issimsvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\WINDOWS\system32\rpcnet.exe
    C:\WINDOWS\system32\cmd.exe
    c:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
    C:\WINDOWS\System32\TPHDEXLG.EXE
    C:\WINDOWS\system32\TpKmpSVC.exe
    C:\WINDOWS\system32\vnxserv.exe
    C:\WINDOWS\wrtService.exe
    C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
    C:\WINDOWS\system32\Drivers\ldlcserv.exe
    C:\Program Files\IBM\tivoli\dcd\client\ISSI\_jvm\jre\bin\java .exe
    C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\TpShocks.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\PROGRA~1\ThinkPad\UTILIT~1\NPDTray.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~2\SYMANT~2\VPTray.exe
    C:\Program Files\C4ebreg\isamtray.exe
    C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
    C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
    C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
    C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
    C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
    C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
    C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
    C:\notes\framework\shared\eclipse\plugins\com.ibm. productivity.tools.base.app.win32_3.0.0.20070725-1652\soffice.exe
    C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\IBM\Infoprint Select\ipnotify.exe
    C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
    C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
    C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
    C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Symantec Client Security\Symantec AntiVirus\vpc32.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe
    C:\Documents and Settings\Administrator\Desktop\Installed Programs\hijackthis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://w3.ibm.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://w3.ibm.com/download/standardsoftware/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = www-blv-proxy.boeing.com:31060
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: VIPTToolbarManager Class - {1A2641AE-2C42-4C51-A05F-8ECEC3FDC94D} - C:\Program Files\Visual IP Trace\VisualIPTraceIE.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\IBM\Java50\jre\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\sw g.dll
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O3 - Toolbar: Visual IP Trace - {E70C26AE-DFF1-40A8-8D37-19180F56F0AA} - C:\Program Files\Visual IP Trace\VisualIPTraceIE.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
    O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
    O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [stgclean] c:\sdwork\w32main2.exe /cleanup
    O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrB kGndMonitor
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [ISSI EZUpdate Service] "c:\sdwork\issimsvc.exe"
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBa ttLog
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [NPDTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1\NPDTray.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\SYMANT~2\VPTray.exe
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    O4 - HKLM\..\Run: [C4EBReg] "C:\Program Files\C4ebreg\c4ebreg.exe" /q
    O4 - HKLM\..\Run: [Isamtray] "C:\Program Files\C4ebreg\isamtray.exe"
    O4 - HKLM\..\Run: [TPTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
    O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
    O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
    O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
    O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [SODCPreLoad] C:\notes\framework\shared\eclipse\plugins\com.ibm. productivity.tools.base.app.win32_3.0.0.20070725-1652\preload.exe C:\notes\data\workspace\.sodc\
    O4 - HKCU\..\Run: [NetSP - restore settings on power failure] "C:\Program Files\AT&T Network Client\NetSP.exe" -show
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
    O4 - Global Startup: Bluetooth.lnk = ?
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: Infoprint Select Notification.lnk = C:\Program Files\IBM\Infoprint Select\ipnotify.exe
    O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O11 - Options group: [INTERNATIONAL] International*
    O11 - Options group: [JAVA_IBM] Java (IBM)
    O14 - IERESET.INF: START_PAGE_URL=http://w3.ibm.com
    O15 - Trusted Zone: http://research.ameritrade.com
    O15 - Trusted Zone: *.doginhispen.com
    O15 - Trusted Zone: *.whataboutadog.com
    O15 - Trusted Zone: *.whataboutarabit.com
    O16 - DPF: {00191E43-49C2-48E2-A548-8F702D75622A} - https://conference.oracle.com/imtapp...ar/cnsload.cab
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1ACECAFE-0015-0000-0000-ABCDEFFEDCBA} (Java2 Runtime Environment 1.5.0) - http://
    O16 - DPF: {253A9D23-F982-11D4-8BE4-00D0B7E61414} (SiebelHTMLApplication Class) - https://w3-113.ibm.com/transform/crm...siebelhtml.cab
    O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) - http://moneycentral.msn.com/cabs/pmupd806.exe
    O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
    O16 - DPF: {4788DE0A-3552-49EA-AC8C-233DA52523B9} (AxLoaderPassword Class) - http://www.blackberry.com/devicesoftware/AxLoader.cab
    O16 - DPF: {68CDB19A-6305-4589-8C35-41E3502CD451} (Siebel Option Pack for IE 7.5.3) - https://w3-113.ibm.com/transform/crm...OptionPack.cab
    O16 - DPF: {84B74E82-3475-420E-9949-773B4FB91771} (IBM Tivoli Provisioning Manager Express Information Gatherer) - https://d02ntcl02.ibm.com/objects/NotesGatherer.cab
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java2 Runtime Environment 1.5.0) - http://
    O16 - DPF: {8F4F3368-54CA-4268-8225-0F4367472CF4} (MailClient Class) - https://w3-113.ibm.com/transform/crm...MailClient.cab
    O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} (SopCore Control) - http://download.sopcast.com/download/SOPCORE.CAB
    O16 - DPF: {9519B2A2-6592-4E41-8290-D0298459270C} (LNWebAssist Class) - http://w3.ibm.com/bluepages/scripts/lnwebassist.cab
    O16 - DPF: {A4B28810-11A2-4956-82D1-B2DCBA4B2AFD} (gpwsx.plugin) - http://w3-3.ibm.com/tools/print/plugin/gpwsx.cab
    O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} (Java2 Runtime Environment 1.5.0) - http://
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0) - http://
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://boeing.webex.com/client/v_my...ex/ieatgpc.cab
    O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://sslvpn.boeing.com/dana-cache...erSetupSP1.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{884EB2AF-EA97-471A-AD30-D8B7E76CFAEA}: Domain = ibm.com
    O17 - HKLM\System\CCS\Services\Tcpip\..\{884EB2AF-EA97-471A-AD30-D8B7E76CFAEA}: NameServer = 9.0.8.1,9.0.9.1
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8DBFDAD0-E09A-48DA-9351-E67327B496F1}: NameServer = 129.172.51.40,130.42.5.12
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ibm.com
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = ibm.com
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ibm.com
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
    O20 - Winlogon Notify: atmgrtok - atmgrtok.dll (file missing)
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
    O20 - Winlogon Notify: pcsinst - C:\WINDOWS\SYSTEM32\pcsinst.dll
    O20 - Winlogon Notify: tpfnf2 - C:\WINDOWS\SYSTEM32\notifyf2.dll
    O20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
    O23 - Service: Atheros Configuration Service (acs) - Atheros - C:\WINDOWS\system32\acs.exe
    O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AppnNode - IBM Corporation - C:\WINDOWS\system32\Drivers\appnnode.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Visualware CallerIP (CallerIP) - Unknown owner - C:\Program Files\CallerIP\cip-nt.exe (file missing)
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: IBM DCD Standard Client (DCDClient-ISSI) (DCDClient-ISSI) - Unknown owner - C:\Program Files\IBM\tivoli\dcd\client\ISSI\cds\CDSWinSrv.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
    O23 - Service: Contivity VPN Service (ExtranetAccess) - Nortel Networks NA, Inc. - C:\Program Files\Nortel Networks\Extranet_serv.exe
    O23 - Service: GT Detect (GtDetectSc) - OptionNV - C:\WINDOWS\system32\GtDetectSc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
    O23 - Service: IBM Standard Asset Manager Service (ISAMSvc) - IBM Corp. - C:\Program Files\C4ebreg\c4ebreg.exe
    O23 - Service: ISSI EZUpdate (ISSIMon) - IBM Corp. - c:\sdwork\issimsvc.exe
    O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
    O23 - Service: IBM Enterprise Extender (ldlcserv) - IBM Corporation - C:\WINDOWS\system32\Drivers\ldlcserv.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
    O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
    O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\WINDOWS\system32\rpcnet.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - c:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
    O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
    O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
    O23 - Service: IBM Trace Facility (TrcBoot) - IBM Corporation - C:\WINDOWS\system32\Drivers\trcboot.exe
    O23 - Service: Vsclient Service (VnxService) - Unknown owner - C:\WINDOWS\system32\vnxserv.exe
    O23 - Service: WRT Service (WRTService) - Unknown owner - C:\WINDOWS\wrtService.exe





    Here is my AWF Report


    Find AWF report by noahdfear ©2006
    Version 1.40

    The current date is: Fri 11/09/2007
    The current time is: 22:25:50.54


    bak folders found
    ~~~~~~~~~~~


    Directory of C:\SDWORK\BAK

    07/09/2007 07:15 AM 204,800 issimsvc.exe
    07/05/2007 09:32 AM 262,144 w32main2.exe
    2 File(s) 466,944 bytes

    Directory of C:\PROGRA~1\AT&TNE~1\BAK

    03/01/2004 07:00 AM 8,704 NetSP.exe
    1 File(s) 8,704 bytes

    Directory of C:\PROGRA~1\C4EBREG\BAK

    07/18/2007 01:55 PM 331,776 c4ebreg.exe
    07/18/2007 01:55 PM 237,568 isamtray.exe
    2 File(s) 569,344 bytes

    Directory of C:\PROGRA~1\INFUZER\BAK

    07/07/2005 04:49 PM 268,867 Infuzer.exe
    1 File(s) 268,867 bytes

    Directory of C:\PROGRA~1\ITUNES\BAK

    09/07/2007 03:55 PM 267,064 iTunesHelper.exe
    1 File(s) 267,064 bytes

    Directory of C:\PROGRA~1\QUICKEN\BAK

    05/07/2007 01:17 PM 87,592 bagent.exe
    1 File(s) 87,592 bytes

    Directory of C:\PROGRA~1\QUICKT~1\BAK

    06/29/2007 05:24 AM 286,720 QTTask.exe
    1 File(s) 286,720 bytes

    Directory of C:\WINDOWS\SYSTEM32\BAK

    08/03/2004 11:00 PM 15,360 ctfmon.exe
    09/17/2004 01:53 PM 45,056 VsClientFinder.exe
    2 File(s) 60,416 bytes

    Directory of C:\PROGRA~1\ANALOG~1\CORE\BAK

    08/25/2006 05:46 AM 925,696 smax4pnp.exe
    1 File(s) 925,696 bytes

    Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\BAK

    07/19/2006 06:26 PM 52,896 ccApp.exe
    1 File(s) 52,896 bytes

    Directory of C:\PROGRA~1\GOOGLE\GOOGLE~1\BAK

    09/22/2007 09:30 AM 68,856 GoogleToolbarNotifier.exe
    1 File(s) 68,856 bytes

    Directory of C:\PROGRA~1\GRISOFT\AVGANT~1.5\BAK

    06/11/2007 03:25 AM 6,731,312 avgas.exe
    1 File(s) 6,731,312 bytes

    Directory of C:\PROGRA~1\IBM\PERSON~1\BAK

    09/06/2005 03:07 AM 28,672 tpam.exe
    1 File(s) 28,672 bytes

    Directory of C:\PROGRA~1\LAVASOFT\AD-AWA~2\BAK

    08/08/2007 02:53 PM 88,024 AAWTray.exe
    1 File(s) 88,024 bytes

    Directory of C:\PROGRA~1\SIBERS~1\AIROBO~1\BAK

    08/18/2007 10:22 AM 160,568 RoboTaskBarIcon.exe
    1 File(s) 160,568 bytes

    Directory of C:\PROGRA~1\SYMANT~2\SYMANT~2\BAK

    09/27/2006 07:33 PM 125,168 VPTray.exe
    1 File(s) 125,168 bytes

    Directory of C:\PROGRA~1\SYNAPT~1\SYNTP\BAK

    07/05/2007 06:07 PM 512,000 SynTPEnh.exe
    07/05/2007 06:07 PM 110,592 SynTPLpr.exe
    2 File(s) 622,592 bytes

    Directory of C:\PROGRA~1\THINKPAD\CONNEC~1\BAK

    04/17/2006 01:09 PM 409,600 ACTray.exe
    04/17/2006 12:59 PM 98,304 ACWLIcon.exe
    2 File(s) 507,904 bytes

    Directory of C:\PROGRA~1\THINKPAD\UTILIT~1\BAK

    10/28/2005 01:04 PM 864,256 TpKmapAp.exe
    1 File(s) 864,256 bytes

    Directory of C:\PROGRA~1\YAHOO!\MESSEN~1\BAK

    11/30/2006 09:49 PM 4,662,776 YahooMessenger.exe
    1 File(s) 4,662,776 bytes

    Directory of C:\WINDOWS\IME\IMJP8_1\BAK

    08/03/2004 11:00 PM 208,952 IMJPMIG.EXE
    1 File(s) 208,952 bytes

    Directory of C:\WINDOWS\SYSTEM32\DLA\BAK

    11/15/2004 07:05 PM 127,035 tfswctrl.exe
    1 File(s) 127,035 bytes

    Directory of C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\BAK

    09/11/2006 03:40 AM 218,032 ISUSPM.exe
    1 File(s) 218,032 bytes

    Directory of C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK

    11/02/2006 02:37 PM 185,896 realsched.exe
    1 File(s) 185,896 bytes

    Directory of C:\PROGRA~1\LENOVO\PKGMGR\HOTKEY\BAK

    05/10/2006 03:03 PM 94,208 TPHKMGR.exe
    1 File(s) 94,208 bytes

    Directory of C:\WINDOWS\SYSTEM32\IME\TINTLGNT\BAK

    08/03/2004 11:00 PM 455,168 TINTSETP.EXE
    1 File(s) 455,168 bytes

    Directory of C:\PROGRA~1\COMMON~1\ROXIOS~1\9.0\SHARED~1\BAK

    03/26/2007 06:07 AM 228,088 RoxWatchTray9.exe
    1 File(s) 228,088 bytes

    Directory of C:\PROGRA~1\IBM\TIVOLI\DCD\CLIENT\ISSI\BAK

    0 File(s) 0 bytes


    Duplicate files of bak directory contents
    ~~~~~~~~~~~~~~~~~~~~~~~

    204800 Oct 10 2007 "C:\sdwork\issimsvc.exe"
    204800 Jul 9 2007 "C:\sdwork\bak\issimsvc.exe"
    266752 Oct 24 2007 "C:\sdwork\w32main2.exe"
    262144 Jul 5 2007 "C:\sdwork\bak\w32main2.exe"
    24576 Jan 13 2007 "C:\Program Files\AT&T Network Client\NetSP.exe"
    8704 Mar 1 2004 "C:\Program Files\AT&T Network Client\bak\NetSP.exe"
    364544 Sep 7 2007 "C:\Program Files\C4ebreg\c4ebreg.exe"
    331776 Jul 18 2007 "C:\Program Files\C4ebreg\bak\c4ebreg.exe"
    237568 Sep 7 2007 "C:\Program Files\C4ebreg\isamtray.exe"
    237568 Jul 18 2007 "C:\Program Files\C4ebreg\bak\isamtray.exe"
    268867 Jul 7 2005 "C:\Program Files\Infuzer\bak\Infuzer.exe"
    267064 Sep 26 2007 "C:\Program Files\iTunes\iTunesHelper.exe1191370038"
    267064 Sep 7 2007 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
    102400 Sep 29 2007 "C:\WINDOWS\Installer\{B045B608-4A47-4C77-9EAD-06C394503306}\iTunesIco.exe"
    116024 Sep 28 2007 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.4.3.1\iTunesSetupAdmin.exe"
    87328 Sep 20 2007 "C:\Program Files\Quicken\bagent.exe"
    87592 May 7 2007 "C:\Program Files\Quicken\bak\bagent.exe"
    286720 Jun 29 2007 "C:\Program Files\QuickTime\bak\QTTask.exe"
    15360 Aug 3 2004 "C:\WINDOWS\system32\ctfmon.exe"
    8192 Dec 22 2005 "C:\i387\files\system\ctfmon.exe"
    8192 Nov 11 2004 "C:\project2003std\FILES\SYSTEM\CTFMON.EXE"
    15360 Aug 3 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
    45056 Sep 17 2004 "C:\WINDOWS\system32\bak\VsClientFinder.exe"
    925696 Aug 25 2006 "C:\pnp\003\SMAX4PNP.EXE"
    925696 Aug 25 2006 "C:\Program Files\Analog Devices\Core\bak\smax4pnp.exe"
    52896 Jul 19 2006 "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    52896 Jul 19 2006 "C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe"
    52272 Jan 27 2007 "C:\Program Files\Google\googletoolbar3user.exe"
    126136 Sep 22 2007 "C:\Program Files\Google\Google Updater\GoogleUpdater.exe"
    583696 Nov 2 2006 "C:\Program Files\Common Files\Real\GToolbar\GoogleToolbarInstaller.exe"
    138680 Sep 22 2007 "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
    68856 Sep 22 2007 "C:\Program Files\Google\GoogleToolbarNotifier\bak\GoogleToolb arNotifier.exe"
    126136 Sep 22 2007 "C:\Program Files\Google\Google Updater\2.2.969.23408\GoogleUpdaterRestartManager. exe"
    6731312 Jun 11 2007 "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe"
    6731312 Jun 11 2007 "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\bak\avgas.exe"
    28672 Sep 6 2005 "C:\Program Files\IBM\Personal Communications\bak\tpam.exe"
    88024 Aug 8 2007 "C:\Program Files\Lavasoft\Ad-Aware 2007\bak\AAWTray.exe"
    160568 Sep 15 2007 "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe1191370030"
    160568 Aug 18 2007 "C:\Program Files\Siber Systems\AI RoboForm\bak\RoboTaskBarIcon.exe"
    125168 Sep 27 2006 "C:\Program Files\Symantec Client Security\Symantec AntiVirus\VPTray.exe"
    125168 Sep 27 2006 "C:\Program Files\Symantec Client Security\Symantec AntiVirus\bak\VPTray.exe"
    512000 Jul 5 2007 "C:\Drivers\WIN\UNAV\SynTPEnh.exe"
    512000 Jul 5 2007 "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
    512000 Aug 25 2006 "C:\wxpdrive\repos\77GU08WW\SYNTPENH.EXE"
    512000 Jul 5 2007 "C:\Program Files\Synaptics\SynTP\bak\SynTPEnh.exe"
    512000 Jul 5 2007 "C:\Program Files\Synaptics\SynTP\Media\SynTPEnh.exe"
    110592 Jul 5 2007 "C:\Drivers\WIN\UNAV\SynTPLpr.exe"
    110592 Jul 5 2007 "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
    110592 Aug 25 2006 "C:\wxpdrive\repos\77GU08WW\SYNTPLPR.EXE"
    110592 Jul 5 2007 "C:\Program Files\Synaptics\SynTP\bak\SynTPLpr.exe"
    110592 Jul 5 2007 "C:\Program Files\Synaptics\SynTP\Media\SynTPLpr.exe"
    409600 Apr 17 2006 "C:\Program Files\ThinkPad\ConnectUtilities\bak\ACTray.exe"
    98304 Apr 17 2006 "C:\Program Files\ThinkPad\ConnectUtilities\bak\ACWLIcon.exe"
    864256 Oct 28 2005 "C:\Program Files\ThinkPad\Utilities\bak\TpKmapAp.exe"
    4670704 Aug 30 2007 "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"
    4662776 Nov 30 2006 "C:\Program Files\Yahoo!\Messenger\bak\YahooMessenger.exe"
    208952 Aug 3 2004 "C:\WINDOWS\ime\IMJP8_1\imjpmig.exe"
    208952 Aug 3 2004 "C:\WINDOWS\ime\IMJP8_1\bak\IMJPMIG.EXE"
    127035 Nov 15 2004 "C:\Program Files\IBM DLA\install\tfswctrl.exe"
    127035 Nov 15 2004 "C:\WINDOWS\system32\dla\bak\tfswctrl.exe"
    218032 Sep 11 2006 "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe"
    218032 Sep 11 2006 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe"
    185896 Nov 2 2006 "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
    94208 Oct 2 2006 "C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe"
    94208 May 10 2006 "C:\Program Files\Lenovo\PkgMgr\HOTKEY\bak\TPHKMGR.exe"
    94208 Aug 25 2006 "C:\wxpdrive\repos\7AVU22WW\OSD\COMMON\TPHKMGR.EXE "
    94208 Oct 2 2006 "C:\Drivers\W2K\Acconwin\HOTKEY\OSD\common\tphkmgr .exe"
    455168 Aug 3 2004 "C:\WINDOWS\system32\IME\TINTLGNT\tintsetp.exe "
    455168 Aug 3 2004 "C:\WINDOWS\system32\IME\TINTLGNT\bak\TINTSETP.EXE "
    166648 Apr 23 2007 "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe"
    228088 Mar 26 2007 "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\bak\RoxWatchTray9.exe"
    3350 Nov 2 2007 "C:\Program Files\IBM\tivoli\dcd\client\ISSI\bak\cds\ISXuninst 1.bat.bak"


    end of report

  3. 10-11-2007  #2
    Neal
    Neal is offline Dedicated Member
    Please double-click the FindAWF icon once again.

    If a Security Alert shows, allow the program to run.
    As instructed, press any key to continue.
    Use the following option: Press 2 then Enter to restore files from bak folders

    A text file opens called: files.txt
    Copy and paste the following list of files from in the quote box to be restored:Not the word quote


    "C:\sdwork\bak\issimsvc.exe"
    "C:\sdwork\bak\w32main2.exe"
    "C:\sdwork\bak\w32main2.exe"
    "C:\Program Files\AT&T Network Client\bak\NetSP.exe"
    "C:\Program Files\C4ebreg\bak\c4ebreg.exe"
    "C:\Program Files\C4ebreg\bak\isamtray.exe"
    "C:\Program Files\Infuzer\bak\Infuzer.exe"
    "C:\Program Files\iTunes\bak\iTunesHelper.exe"
    "C:\Program Files\Quicken\bak\bagent.exe"
    "C:\Program Files\QuickTime\bak\QTTask.exe"
    "C:\WINDOWS\system32\bak\ctfmon.exe"
    "C:\WINDOWS\system32\bak\VsClientFinder.exe"
    "C:\Program Files\Analog Devices\Core\bak\smax4pnp.exe"
    "C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe"
    "C:\Program Files\Google\GoogleToolbarNotifier\bak\GoogleToolb arNotifier.exe"
    6731312 Jun 11 2007 "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\bak\avgas.exe"
    "C:\Program Files\IBM\Personal Communications\bak\tpam.exe"
    "C:\Program Files\Lavasoft\Ad-Aware 2007\bak\AAWTray.exe"
    "C:\Program Files\Siber Systems\AI RoboForm\bak\RoboTaskBarIcon.exe"
    "C:\Program Files\Synaptics\SynTP\bak\SynTPEnh.exe"
    "C:\Program Files\Synaptics\SynTP\bak\SynTPLpr.exe"
    "C:\Program Files\ThinkPad\ConnectUtilities\bak\ACTray.exe"
    "C:\Program Files\ThinkPad\ConnectUtilities\bak\ACWLIcon.exe"
    "C:\Program Files\ThinkPad\Utilities\bak\TpKmapAp.exe"
    "C:\Program Files\Yahoo!\Messenger\bak\YahooMessenger.exe"
    "C:\WINDOWS\ime\IMJP8_1\bak\IMJPMIG.EXE"
    "C:\WINDOWS\system32\dla\bak\tfswctrl.exe"
    "C:\Program Files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe"
    "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
    "C:\Program Files\Lenovo\PkgMgr\HOTKEY\bak\TPHKMGR.exe"
    "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\bak\RoxWatchTray9.exe"
    "C:\Program Files\IBM\tivoli\dcd\client\ISSI\bak\cds\ISXuninst 1.bat.bak"

    Next, close and click Yes to save the changes.

    Once files.txt is saved, FindAWF does the following:
    -It attempts to terminate the process represented by each filename on the list, if running
    -Deletes the rogue file from the parent folder, if present
    -Copies the original file to the parent folder

    When done with the above, it automatically runs a new scan and opens a new log.
    Please provide the new FindAWF log in your reply.
  4. 12-11-2007  #3
    ratnamg
    ratnamg is offline Newbie
    Find AWF report by noahdfear ©2006
    Version 1.40
    Option 2 run successfully

    The current date is: Mon 11/12/2007
    The current time is: 16:10:22.60


    bak folders found
    ~~~~~~~~~~~


    Directory of C:\PROGRA~1\AT&TNE~1\BAK

    03/01/2004 07:00 AM 8,704 NetSP.exe
    1 File(s) 8,704 bytes

    Directory of C:\PROGRA~1\C4EBREG\BAK

    07/18/2007 01:55 PM 331,776 c4ebreg.exe
    07/18/2007 01:55 PM 237,568 isamtray.exe
    2 File(s) 569,344 bytes

    Directory of C:\PROGRA~1\INFUZER\BAK

    07/07/2005 04:49 PM 268,867 Infuzer.exe
    1 File(s) 268,867 bytes

    Directory of C:\PROGRA~1\ITUNES\BAK

    09/07/2007 03:55 PM 267,064 iTunesHelper.exe
    1 File(s) 267,064 bytes

    Directory of C:\PROGRA~1\QUICKEN\BAK

    05/07/2007 01:17 PM 87,592 bagent.exe
    1 File(s) 87,592 bytes

    Directory of C:\PROGRA~1\QUICKT~1\BAK

    06/29/2007 05:24 AM 286,720 QTTask.exe
    1 File(s) 286,720 bytes

    Directory of C:\WINDOWS\SYSTEM32\BAK

    08/03/2004 11:00 PM 15,360 ctfmon.exe
    09/17/2004 01:53 PM 45,056 VsClientFinder.exe
    2 File(s) 60,416 bytes

    Directory of C:\PROGRA~1\ANALOG~1\CORE\BAK

    08/25/2006 05:46 AM 925,696 smax4pnp.exe
    1 File(s) 925,696 bytes

    Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\BAK

    07/19/2006 06:26 PM 52,896 ccApp.exe
    1 File(s) 52,896 bytes

    Directory of C:\PROGRA~1\GOOGLE\GOOGLE~1\BAK

    09/22/2007 09:30 AM 68,856 GoogleToolbarNotifier.exe
    1 File(s) 68,856 bytes

    Directory of C:\PROGRA~1\GRISOFT\AVGANT~1.5\BAK

    06/11/2007 03:25 AM 6,731,312 avgas.exe
    1 File(s) 6,731,312 bytes

    Directory of C:\PROGRA~1\IBM\PERSON~1\BAK

    09/06/2005 03:07 AM 28,672 tpam.exe
    1 File(s) 28,672 bytes

    Directory of C:\PROGRA~1\LAVASOFT\AD-AWA~2\BAK

    08/08/2007 02:53 PM 88,024 AAWTray.exe
    1 File(s) 88,024 bytes

    Directory of C:\PROGRA~1\SIBERS~1\AIROBO~1\BAK

    08/18/2007 10:22 AM 160,568 RoboTaskBarIcon.exe
    1 File(s) 160,568 bytes

    Directory of C:\PROGRA~1\SYMANT~2\SYMANT~2\BAK

    09/27/2006 07:33 PM 125,168 VPTray.exe
    1 File(s) 125,168 bytes

    Directory of C:\PROGRA~1\SYNAPT~1\SYNTP\BAK

    07/05/2007 06:07 PM 512,000 SynTPEnh.exe
    07/05/2007 06:07 PM 110,592 SynTPLpr.exe
    2 File(s) 622,592 bytes

    Directory of C:\PROGRA~1\THINKPAD\CONNEC~1\BAK

    04/17/2006 01:09 PM 409,600 ACTray.exe
    04/17/2006 12:59 PM 98,304 ACWLIcon.exe
    2 File(s) 507,904 bytes

    Directory of C:\PROGRA~1\THINKPAD\UTILIT~1\BAK

    10/28/2005 01:04 PM 864,256 TpKmapAp.exe
    1 File(s) 864,256 bytes

    Directory of C:\PROGRA~1\YAHOO!\MESSEN~1\BAK

    11/30/2006 09:49 PM 4,662,776 YahooMessenger.exe
    1 File(s) 4,662,776 bytes

    Directory of C:\WINDOWS\IME\IMJP8_1\BAK

    08/03/2004 11:00 PM 208,952 IMJPMIG.EXE
    1 File(s) 208,952 bytes

    Directory of C:\WINDOWS\SYSTEM32\DLA\BAK

    11/15/2004 07:05 PM 127,035 tfswctrl.exe
    1 File(s) 127,035 bytes

    Directory of C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\BAK

    09/11/2006 03:40 AM 218,032 ISUSPM.exe
    1 File(s) 218,032 bytes

    Directory of C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK

    11/02/2006 02:37 PM 185,896 realsched.exe
    1 File(s) 185,896 bytes

    Directory of C:\PROGRA~1\LENOVO\PKGMGR\HOTKEY\BAK

    05/10/2006 03:03 PM 94,208 TPHKMGR.exe
    1 File(s) 94,208 bytes

    Directory of C:\WINDOWS\SYSTEM32\IME\TINTLGNT\BAK

    08/03/2004 11:00 PM 455,168 TINTSETP.EXE
    1 File(s) 455,168 bytes

    Directory of C:\PROGRA~1\COMMON~1\ROXIOS~1\9.0\SHARED~1\BAK

    03/26/2007 06:07 AM 228,088 RoxWatchTray9.exe
    1 File(s) 228,088 bytes

    Directory of C:\PROGRA~1\IBM\TIVOLI\DCD\CLIENT\ISSI\BAK

    0 File(s) 0 bytes


    Duplicate files of bak directory contents
    ~~~~~~~~~~~~~~~~~~~~~~~

    8704 Mar 1 2004 "C:\Program Files\AT&T Network Client\NetSP.exe"
    8704 Mar 1 2004 "C:\Program Files\AT&T Network Client\bak\NetSP.exe"
    331776 Jul 18 2007 "C:\Program Files\C4ebreg\c4ebreg.exe"
    331776 Jul 18 2007 "C:\Program Files\C4ebreg\bak\c4ebreg.exe"
    237568 Jul 18 2007 "C:\Program Files\C4ebreg\isamtray.exe"
    237568 Jul 18 2007 "C:\Program Files\C4ebreg\bak\isamtray.exe"
    268867 Jul 7 2005 "C:\Program Files\Infuzer\Infuzer.exe"
    268867 Jul 7 2005 "C:\Program Files\Infuzer\bak\Infuzer.exe"
    267064 Sep 26 2007 "C:\Program Files\iTunes\iTunesHelper.exe1191370038"
    267064 Sep 7 2007 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
    102400 Sep 29 2007 "C:\WINDOWS\Installer\{B045B608-4A47-4C77-9EAD-06C394503306}\iTunesIco.exe"
    116024 Sep 28 2007 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.4.3.1\iTunesSetupAdmin.exe"
    87592 May 7 2007 "C:\Program Files\Quicken\bagent.exe"
    87592 May 7 2007 "C:\Program Files\Quicken\bak\bagent.exe"
    286720 Jun 29 2007 "C:\Program Files\QuickTime\QTTask.exe"
    286720 Jun 29 2007 "C:\Program Files\QuickTime\bak\QTTask.exe"
    15360 Aug 3 2004 "C:\WINDOWS\system32\ctfmon.exe"
    8192 Dec 22 2005 "C:\i387\files\system\ctfmon.exe"
    8192 Nov 11 2004 "C:\project2003std\FILES\SYSTEM\CTFMON.EXE"
    15360 Aug 3 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
    45056 Sep 17 2004 "C:\WINDOWS\system32\VsClientFinder.exe"
    45056 Sep 17 2004 "C:\WINDOWS\system32\bak\VsClientFinder.exe"
    925696 Aug 25 2006 "C:\pnp\003\SMAX4PNP.EXE"
    925696 Aug 25 2006 "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
    925696 Aug 25 2006 "C:\Program Files\Analog Devices\Core\bak\smax4pnp.exe"
    52896 Jul 19 2006 "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    52896 Jul 19 2006 "C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe"
    52272 Jan 27 2007 "C:\Program Files\Google\googletoolbar3user.exe"
    126136 Sep 22 2007 "C:\Program Files\Google\Google Updater\GoogleUpdater.exe"
    583696 Nov 2 2006 "C:\Program Files\Common Files\Real\GToolbar\GoogleToolbarInstaller.exe"
    138680 Sep 22 2007 "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
    68856 Sep 22 2007 "C:\Program Files\Google\GoogleToolbarNotifier\bak\GoogleToolb arNotifier.exe"
    126136 Sep 22 2007 "C:\Program Files\Google\Google Updater\2.2.969.23408\GoogleUpdaterRestartManager. exe"
    6731312 Jun 11 2007 "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe"
    6731312 Jun 11 2007 "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\bak\avgas.exe"
    28672 Sep 6 2005 "C:\Program Files\IBM\Personal Communications\tpam.exe"
    28672 Sep 6 2005 "C:\Program Files\IBM\Personal Communications\bak\tpam.exe"
    88024 Aug 8 2007 "C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe"
    88024 Aug 8 2007 "C:\Program Files\Lavasoft\Ad-Aware 2007\bak\AAWTray.exe"
    160568 Sep 15 2007 "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe1191370030"
    160568 Aug 18 2007 "C:\Program Files\Siber Systems\AI RoboForm\bak\RoboTaskBarIcon.exe"
    125168 Sep 27 2006 "C:\Program Files\Symantec Client Security\Symantec AntiVirus\VPTray.exe"
    125168 Sep 27 2006 "C:\Program Files\Symantec Client Security\Symantec AntiVirus\bak\VPTray.exe"
    512000 Jul 5 2007 "C:\Drivers\WIN\UNAV\SynTPEnh.exe"
    512000 Jul 5 2007 "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
    512000 Aug 25 2006 "C:\wxpdrive\repos\77GU08WW\SYNTPENH.EXE"
    512000 Jul 5 2007 "C:\Program Files\Synaptics\SynTP\bak\SynTPEnh.exe"
    512000 Jul 5 2007 "C:\Program Files\Synaptics\SynTP\Media\SynTPEnh.exe"
    110592 Jul 5 2007 "C:\Drivers\WIN\UNAV\SynTPLpr.exe"
    110592 Jul 5 2007 "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
    110592 Aug 25 2006 "C:\wxpdrive\repos\77GU08WW\SYNTPLPR.EXE"
    110592 Jul 5 2007 "C:\Program Files\Synaptics\SynTP\bak\SynTPLpr.exe"
    110592 Jul 5 2007 "C:\Program Files\Synaptics\SynTP\Media\SynTPLpr.exe"
    409600 Apr 17 2006 "C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe"
    409600 Apr 17 2006 "C:\Program Files\ThinkPad\ConnectUtilities\bak\ACTray.exe"
    98304 Apr 17 2006 "C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe"
    98304 Apr 17 2006 "C:\Program Files\ThinkPad\ConnectUtilities\bak\ACWLIcon.exe"
    864256 Oct 28 2005 "C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe"
    864256 Oct 28 2005 "C:\Program Files\ThinkPad\Utilities\bak\TpKmapAp.exe"
    4662776 Nov 30 2006 "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"
    4662776 Nov 30 2006 "C:\Program Files\Yahoo!\Messenger\bak\YahooMessenger.exe"
    208952 Aug 3 2004 "C:\WINDOWS\ime\IMJP8_1\IMJPMIG.EXE"
    208952 Aug 3 2004 "C:\WINDOWS\ime\IMJP8_1\bak\IMJPMIG.EXE"
    127035 Nov 15 2004 "C:\Program Files\IBM DLA\install\tfswctrl.exe"
    127035 Nov 15 2004 "C:\WINDOWS\system32\dla\tfswctrl.exe"
    127035 Nov 15 2004 "C:\WINDOWS\system32\dla\bak\tfswctrl.exe"
    218032 Sep 11 2006 "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe"
    218032 Sep 11 2006 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe"
    185896 Nov 2 2006 "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
    185896 Nov 2 2006 "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
    94208 May 10 2006 "C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe"
    94208 May 10 2006 "C:\Program Files\Lenovo\PkgMgr\HOTKEY\bak\TPHKMGR.exe"
    94208 Aug 25 2006 "C:\wxpdrive\repos\7AVU22WW\OSD\COMMON\TPHKMGR.EXE "
    94208 Oct 2 2006 "C:\Drivers\W2K\Acconwin\HOTKEY\OSD\common\tphkmgr .exe"
    455168 Aug 3 2004 "C:\WINDOWS\system32\IME\TINTLGNT\tintsetp.exe "
    455168 Aug 3 2004 "C:\WINDOWS\system32\IME\TINTLGNT\bak\TINTSETP.EXE "
    166648 Apr 23 2007 "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe"
    228088 Mar 26 2007 "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\bak\RoxWatchTray9.exe"
    3350 Nov 2 2007 "C:\Program Files\IBM\tivoli\dcd\client\ISSI\bak\cds\ISXuninst 1.bat.bak"


    end of report
  5. 13-11-2007  #4
    Neal
    Neal is offline Dedicated Member
    Please double-click the FindAWF icon once again
    This time we are going to remove some folders.

    If a Security Alert shows, allow the program to run.
    As instructed, press any key to continue.
    Use the following option: Press 3 then Enter to remove bak folders

    A text file opens called: folders.txt
    Click below the line and paste the following list of folders in the quote box to be removed:Not the word quote


    C:\Program Files\AT&T Network Client\bak
    C:\Program Files\C4ebreg\bak
    C:\Program Files\C4ebreg\bak
    C:\Program Files\Infuzer\bak
    C:\Program Files\iTunes\bak
    C:\Program Files\Quicken\bak
    C:\Program Files\QuickTime\bak
    C:\WINDOWS\system32\bak
    C:\WINDOWS\system32\bak
    C:\Program Files\Analog Devices\Core\bak
    C:\Program Files\Common Files\Symantec Shared\bak
    C:\Program Files\Google\GoogleToolbarNotifier\bak
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\bak
    C:\Program Files\IBM\Personal Communications\bak
    C:\Program Files\Lavasoft\Ad-Aware 2007\bak
    C:\Program Files\Siber Systems\AI RoboForm\bak
    C:\Program Files\Symantec Client Security\Symantec AntiVirus\bak
    C:\Program Files\Synaptics\SynTP\bak
    C:\Program Files\ThinkPad\ConnectUtilities\bak
    C:\Program Files\ThinkPad\ConnectUtilities\bak
    C:\Program Files\ThinkPad\Utilities\bak
    C:\Program Files\Yahoo!\Messenger\bak
    C:\WINDOWS\ime\IMJP8_1\bak
    C:\WINDOWS\system32\dla\bak
    C:\Program Files\Common Files\InstallShield\UpdateService\bak
    C:\Program Files\Common Files\Real\Update_OB\bak
    C:\Program Files\Lenovo\PkgMgr\HOTKEY\bak
    C:\WINDOWS\system32\IME\TINTLGNT\bak
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\bak


    Next, close and click Yes to save the changes.

    When done with the above, FindAWF automatically runs a new scan and opens a new log that you need to post.
    Please provide the new FindAWF log in your reply
  6. 13-11-2007  #5
    ratnamg
    ratnamg is offline Newbie
    Here is the latest file


    Find AWF report by noahdfear ©2006
    Version 1.40
    Option 3 run successfully

    The current date is: Mon 11/12/2007
    The current time is: 19:06:43.43


    bak folders found
    ~~~~~~~~~~~


    Directory of C:\PROGRA~1\AT&TNE~1\BAK

    03/01/2004 07:00 AM 8,704 NetSP.exe
    1 File(s) 8,704 bytes

    Directory of C:\PROGRA~1\IBM\TIVOLI\DCD\CLIENT\ISSI\BAK

    0 File(s) 0 bytes


    Duplicate files of bak directory contents
    ~~~~~~~~~~~~~~~~~~~~~~~

    8704 Mar 1 2004 "C:\Program Files\AT&T Network Client\NetSP.exe"
    8704 Mar 1 2004 "C:\Program Files\AT&T Network Client\bak\NetSP.exe"
    3350 Nov 2 2007 "C:\Program Files\IBM\tivoli\dcd\client\ISSI\bak\cds\ISXuninst 1.bat.bak"


    end of report
  7. 13-11-2007  #6
    Neal
    Neal is offline Dedicated Member
    Find this folder in bold below thru search function on your computer and if it is empty delete the folder if not empty let me know what file is in there please.


    C:\Program Files\AT&T Network Client\bak
  8. 14-11-2007  #7
    ratnamg
    ratnamg is offline Newbie
    It wasnt empty. It had a file called NetSP.exe.
  9. 14-11-2007  #8
    Neal
    Neal is offline Dedicated Member
    that is fine.


    Double-click the FindAWF icon once again.
    Use the following option: Press 4 then Enter to reset domain zones.

    When the program returns to the main menu, use the following option:
    Press E then Enter to EXIT


    New hijackthis log please.
  10. 16-11-2007  #9
    ratnamg
    ratnamg is offline Newbie
    Here is the latest HJT Log


    Logfile of HijackThis v1.99.1
    Scan saved at 11:07:38 PM, on 11/15/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\ibmpmsvc.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\GtDetectSc.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\TpShocks.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~2\SYMANT~2\VPTray.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\C4ebreg\isamtray.exe
    C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
    C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.EXE
    C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
    C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
    C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
    C:\PROGRA~1\ThinkPad\UTILIT~1\NPDTray.exe
    C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    C:\WINDOWS\system32\Drivers\trcboot.exe
    C:\WINDOWS\system32\IPSSVC.EXE
    C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
    C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
    C:\notes\framework\shared\eclipse\plugins\com.ibm. productivity.tools.base.app.win32_3.0.0.20070725-1652\soffice.exe
    C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
    C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
    C:\WINDOWS\system32\acs.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\IBM\Infoprint Select\ipnotify.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
    C:\Program Files\IBM\tivoli\dcd\client\ISSI\cds\CDSWinSrv.exe
    C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\rpcnet.exe
    C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
    c:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
    C:\WINDOWS\System32\TPHDEXLG.EXE
    C:\WINDOWS\system32\TpKmpSVC.exe
    C:\WINDOWS\system32\vnxserv.exe
    C:\WINDOWS\wrtService.exe
    C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
    C:\WINDOWS\system32\Drivers\ldlcserv.exe
    C:\Program Files\IBM\tivoli\dcd\client\ISSI\_jvm\jre\bin\java .exe
    C:\Program Files\C4ebreg\c4ebreg.exe
    C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
    C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
    C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Administrator\Desktop\Installed Programs\hijackthis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://w3.ibm.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://w3.ibm.com/download/standardsoftware/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = www-blv-proxy.boeing.com:31060
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: VIPTToolbarManager Class - {1A2641AE-2C42-4C51-A05F-8ECEC3FDC94D} - C:\Program Files\Visual IP Trace\VisualIPTraceIE.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\IBM\Java50\jre\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\sw g.dll
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O3 - Toolbar: Visual IP Trace - {E70C26AE-DFF1-40A8-8D37-19180F56F0AA} - C:\Program Files\Visual IP Trace\VisualIPTraceIE.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
    O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
    O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [stgclean] c:\sdwork\w32main2.exe /cleanup
    O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrB kGndMonitor
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [ISSI EZUpdate Service] "c:\sdwork\issimsvc.exe"
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBa ttLog
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\SYMANT~2\VPTray.exe
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    O4 - HKLM\..\Run: [C4EBReg] "C:\Program Files\C4ebreg\c4ebreg.exe" /q
    O4 - HKLM\..\Run: [Isamtray] "C:\Program Files\C4ebreg\isamtray.exe"
    O4 - HKLM\..\Run: [TPTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
    O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
    O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
    O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
    O4 - HKLM\..\Run: [NPDTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1\NPDTray.exe
    O4 - HKLM\..\RunServices: [ISSI EZUpdate Service] "c:\sdwork\issimsvc.exe"
    O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [SODCPreLoad] C:\notes\framework\shared\eclipse\plugins\com.ibm. productivity.tools.base.app.win32_3.0.0.20070725-1652\preload.exe C:\notes\data\workspace\.sodc\
    O4 - HKCU\..\Run: [NetSP - restore settings on power failure] "C:\Program Files\AT&T Network Client\NetSP.exe" -show
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
    O4 - Global Startup: Bluetooth.lnk = ?
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: Infoprint Select Notification.lnk = C:\Program Files\IBM\Infoprint Select\ipnotify.exe
    O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O11 - Options group: [INTERNATIONAL] International*
    O11 - Options group: [JAVA_IBM] Java (IBM)
    O14 - IERESET.INF: START_PAGE_URL=http://w3.ibm.com
    O16 - DPF: {00191E43-49C2-48E2-A548-8F702D75622A} - https://conference.oracle.com/imtapp...ar/cnsload.cab
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1ACECAFE-0015-0000-0000-ABCDEFFEDCBA} (Java2 Runtime Environment 1.5.0) - http://
    O16 - DPF: {253A9D23-F982-11D4-8BE4-00D0B7E61414} (SiebelHTMLApplication Class) - https://w3-113.ibm.com/transform/crm...siebelhtml.cab
    O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) - http://moneycentral.msn.com/cabs/pmupd806.exe
    O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
    O16 - DPF: {4788DE0A-3552-49EA-AC8C-233DA52523B9} (AxLoaderPassword Class) - http://www.blackberry.com/devicesoftware/AxLoader.cab
    O16 - DPF: {68CDB19A-6305-4589-8C35-41E3502CD451} (Siebel Option Pack for IE 7.5.3) - https://w3-113.ibm.com/transform/crm...OptionPack.cab
    O16 - DPF: {84B74E82-3475-420E-9949-773B4FB91771} (IBM Tivoli Provisioning Manager Express Information Gatherer) - https://d02ntcl02.ibm.com/objects/NotesGatherer.cab
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java2 Runtime Environment 1.5.0) - http://
    O16 - DPF: {8F4F3368-54CA-4268-8225-0F4367472CF4} (MailClient Class) - https://w3-113.ibm.com/transform/crm...MailClient.cab
    O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} (SopCore Control) - http://download.sopcast.com/download/SOPCORE.CAB
    O16 - DPF: {9519B2A2-6592-4E41-8290-D0298459270C} (LNWebAssist Class) - http://w3.ibm.com/bluepages/scripts/lnwebassist.cab
    O16 - DPF: {A4B28810-11A2-4956-82D1-B2DCBA4B2AFD} (gpwsx.plugin) - http://w3-3.ibm.com/tools/print/plugin/gpwsx.cab
    O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} (Java2 Runtime Environment 1.5.0) - http://
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0) - http://
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://boeing.webex.com/client/v_my...ex/ieatgpc.cab
    O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://sslvpn.boeing.com/dana-cache...erSetupSP1.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{884EB2AF-EA97-471A-AD30-D8B7E76CFAEA}: Domain = ibm.com
    O17 - HKLM\System\CCS\Services\Tcpip\..\{884EB2AF-EA97-471A-AD30-D8B7E76CFAEA}: NameServer = 9.0.8.1,9.0.9.1
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8DBFDAD0-E09A-48DA-9351-E67327B496F1}: NameServer = 129.172.51.40,130.42.5.12
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ibm.com
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = ibm.com
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ibm.com
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
    O20 - Winlogon Notify: atmgrtok - atmgrtok.dll (file missing)
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
    O20 - Winlogon Notify: pcsinst - C:\WINDOWS\SYSTEM32\pcsinst.dll
    O20 - Winlogon Notify: tpfnf2 - C:\WINDOWS\SYSTEM32\notifyf2.dll
    O20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
    O23 - Service: Atheros Configuration Service (acs) - Atheros - C:\WINDOWS\system32\acs.exe
    O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AppnNode - IBM Corporation - C:\WINDOWS\system32\Drivers\appnnode.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Visualware CallerIP (CallerIP) - Unknown owner - C:\Program Files\CallerIP\cip-nt.exe (file missing)
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: IBM DCD Standard Client (DCDClient-ISSI) (DCDClient-ISSI) - Unknown owner - C:\Program Files\IBM\tivoli\dcd\client\ISSI\cds\CDSWinSrv.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
    O23 - Service: Contivity VPN Service (ExtranetAccess) - Nortel Networks NA, Inc. - C:\Program Files\Nortel Networks\Extranet_serv.exe
    O23 - Service: GT Detect (GtDetectSc) - OptionNV - C:\WINDOWS\system32\GtDetectSc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
    O23 - Service: IBM Standard Asset Manager Service (ISAMSvc) - IBM Global Services - C:\Program Files\C4ebreg\c4ebreg.exe
    O23 - Service: ISSI EZUpdate (ISSIMon) - Unknown owner - c:\sdwork\issimsvc.exe (file missing)
    O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
    O23 - Service: IBM Enterprise Extender (ldlcserv) - IBM Corporation - C:\WINDOWS\system32\Drivers\ldlcserv.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
    O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
    O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\WINDOWS\system32\rpcnet.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - c:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
    O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
    O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
    O23 - Service: IBM Trace Facility (TrcBoot) - IBM Corporation - C:\WINDOWS\system32\Drivers\trcboot.exe
    O23 - Service: Vsclient Service (VnxService) - Unknown owner - C:\WINDOWS\system32\vnxserv.exe
    O23 - Service: WRT Service (WRTService) - Unknown owner - C:\WINDOWS\wrtService.exe
  11. 16-11-2007  #10
    Neal
    Neal is offline Dedicated Member
    Save 20% on AVG Internet Security 2012 Suite!
    Do you know what this service is:

    O23 - Service: WRT Service (WRTService) - Unknown owner - C:\WINDOWS\wrtService.exe




    Run hijackthis and click on "scan system only" button and put checks next to these:


    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

    optional fixes if you did not set them yourself below in red

    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present




    Everything closed out but hijackthis and click on "fix checked"


    Reboot your PC


    Let me know about that service and how things are doing now.
+ Reply to Thread
« Ultimate defender and such | windows wallpapers wont work »