MS malicious SW tool found Zonebac. I have read postings this site. Downloaded and ran Hijackthis and Find AWF and have the two logs. Next steps beyond me. HELP??

--Ginger

Run the following scans and post their results please.

Please download and install the latest version of HijackThis v2.0.2:

Download the "HijackThis" Installer from this link:
Hijack This

1. Save " HJTInstall.exe" to your desktop.
2. Double click on HJTInstall.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
8. Paste the log in your next reply.
9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

Please download FindAWF from the following link:
http://noahdfear.geekstogo.com/FindAWF.exe

Double-click on the FindAWF.exe file to run it. It will open a command prompt and ask you to "Press any key to continue". You will be presented with a Menu.
1. Press 1 then Enter to scan for bak folders
2. Press 2 then Enter to restore files from bak folders
3. Press 3 then Enter to remove bak folders
4. Press 4 then Enter to reset domain zones
5. Press E then Enter to EXIT
Press 1 then press Enter. Copy and paste the contents of the AWF.txt file in your next reply.

Many, many thanks for help!

HJT Textfile:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:54:52 PM, on 3/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HPQ\Quick Launch Buttons\bak\EabServr.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\rpsupdaterR.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\VFH\Local Settings\Application Data\Trend Micro\HCMS\tsafe\en-US\tgui.exe
C:\Documents and Settings\VFH\Local Settings\Application Data\Trend Micro\HCMS\tsafe\en-US\tgsvc.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FOR...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FOR...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wapp.verizon.net/bookmarks/b...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FOR...
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Verizon\Verizon Internet Security Suite\pkR.dll
O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} - C:\PROGRA~1\VOL_TO~1\VOL_TO~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
O2 - BHO: IE - {D83A7B12-A4D4-4984-8F72-D41C6B4C1E6E} - C:\Program Files\eSoftware\studio.dll
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} - C:\PROGRA~1\VOL_TO~1\VOL_TO~1.DLL
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [Verizon Internet Security Suite] "C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Verizon\Verizon Internet Security Suite\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Verizon\Verizon Internet Security Suite\IdxClnR.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Verizon\Verizon Internet Security Suite\IdxClnR.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://info.mitre.org
O15 - Trusted Zone: www.carrollpub.com
O15 - Trusted Zone: http://*.winfo
O15 - Trusted Zone: www.carrollpub.com (HKLM)
O15 - Trusted Zone: http://*.communityshare (HKLM)
O15 - Trusted Zone: http://*.comshare (HKLM)
O15 - Trusted Zone: http://*.cslegacy (HKLM)
O15 - Trusted Zone: http://*.winfo (HKLM)
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framewor...
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://prerelease.trendmicro-europe...
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/re...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewo...
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Verizon Internet Security Suite Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Verizon\Verizon Internet Security Suite\rpsupdaterR.exe
O23 - Service: Verizon Internet Security Suite Firewall (RP_FWS) - Verizon - C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 9411 bytes

----------

FIND AWF TEXTFILE

Find AWF report by noahdfear ©2006
Version 1.40

The current date is: Thu 03/20/2008
The current time is: 19:56:42.73

bak folders found
~~~~~~~~~~~

Directory of C:\PROGRA~1\APOINT2K\BAK

10/07/2003 11:40 PM 159,744 Apoint.exe
1 File(s) 159,744 bytes

Directory of C:\PROGRA~1\VERIZON\BAK

09/28/2007 02:30 PM 936,960 McciTrayApp.exe
1 File(s) 936,960 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

08/04/2004 01:56 AM 15,360 ctfmon.exe
05/22/2003 11:55 PM 483,328 hphmon05.exe
2 File(s) 498,688 bytes

Directory of C:\PROGRA~1\ATITEC~1\ATICON~1\BAK

09/12/2003 01:10 AM 335,872 atiptaxx.exe
1 File(s) 335,872 bytes

Directory of C:\PROGRA~1\HEWLET~1\HPSOFT~1\BAK

12/17/2002 03:40 PM 49,152 HPWuSchd.exe
1 File(s) 49,152 bytes

Directory of C:\PROGRA~1\HEWLET~1\{45B61~1\BAK

05/23/2003 12:03 AM 49,152 hphupd05.exe
1 File(s) 49,152 bytes

Directory of C:\PROGRA~1\HPQ\DEFAUL~1\BAK

07/17/2003 01:50 PM 184,412 cpqset.exe
1 File(s) 184,412 bytes

Directory of C:\PROGRA~1\HPQ\QUICKL~1\BAK

09/26/2003 01:04 PM 237,568 EabServr.exe
1 File(s) 237,568 bytes

Directory of C:\PROGRA~1\MUSICM~1\MUSICM~1\BAK

03/28/2003 09:20 PM 143,360 mm_tray.exe
1 File(s) 143,360 bytes

Directory of C:\PROGRA~1\VERIZON\VERIZO~1\BAK

08/07/2007 06:31 PM 13,552 ZkRunOnceR.exe
1 File(s) 13,552 bytes

Directory of C:\PROGRA~1\VERIZON\VSP\BAK

05/11/2007 04:20 PM 2,061,816 VerizonServicepoint.exe
1 File(s) 2,061,816 bytes

Directory of C:\PROGRA~1\ADOBE\READER~1.0\READER\BAK

10/10/2007 08:51 PM 39,792 Reader_sl.exe
1 File(s) 39,792 bytes

Directory of C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK

11/24/2007 08:04 PM 180,269 realsched.exe
1 File(s) 180,269 bytes

Directory of C:\PROGRA~1\COMMON~1\ROXIOS~1\SYSTEM\BAK

05/01/2003 10:44 PM 65,536 EngUtil.exe
1 File(s) 65,536 bytes

Directory of C:\PROGRA~1\HEWLET~1\DIGITA~1\UNLOAD\BAK

10/07/2002 04:23 AM 90,112 hpqcmon.exe
1 File(s) 90,112 bytes

Directory of C:\PROGRA~1\ROXIO\EASYCD~1\DRAGTO~1\BAK

07/18/2003 09:23 PM 868,352 DrgToDsc.exe
1 File(s) 868,352 bytes

Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

14348 Feb 28 2008 "C:\Program Files\Apoint2K\Apoint.exe"
159744 Oct 7 2003 "C:\Swsetup\Misc3\Apoint.exe"
159744 Oct 7 2003 "C:\Program Files\Apoint2K\bak\Apoint.exe"
14348 Feb 28 2008 "C:\Program Files\Verizon\McciTrayApp.exe"
936960 Sep 28 2007 "C:\Program Files\Verizon\bak\McciTrayApp.exe"
15360 Aug 4 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 Aug 4 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
14348 Feb 28 2008 "C:\WINDOWS\system32\hphmon05.exe"
483328 May 22 2003 "C:\WINDOWS\system32\bak\hphmon05.exe"
483328 May 22 2003 "C:\hp\tmp\src\psptr\deu\HPHmon05.exe"
483328 May 22 2003 "C:\hp\tmp\src\psptr\enu\HPHmon05.exe"
483328 May 22 2003 "C:\hp\tmp\src\psptr\esm\HPHmon05.exe"
483328 May 22 2003 "C:\hp\tmp\src\psptr\fra\HPHmon05.exe"
483328 May 22 2003 "C:\hp\tmp\src\psptr\grk\HPHmon05.exe"
483328 May 22 2003 "C:\hp\tmp\src\psptr\ita\HPHmon05.exe"
483328 May 22 2003 "C:\hp\tmp\src\psptr\nld\HPHmon05.exe"
483328 May 22 2003 "C:\hp\tmp\src\psptr\ptb\HPHmon05.exe"
483328 May 22 2003 "C:\hp\tmp\src\psptr\rus\HPHmon05.exe"
14348 Feb 28 2008 "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
335872 Sep 12 2003 "C:\Program Files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe"
14348 Feb 28 2008 "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
49152 Dec 17 2002 "C:\Program Files\Hewlett-Packard\HP Software Update\bak\HPWuSchd.exe"
14348 Feb 28 2008 "C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe"
49152 May 23 2003 "C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\bak\hphupd05.exe"
49152 May 23 2003 "C:\hp\tmp\src\psptr\Patch\Uninst\HPHupd05.exe"
184412 Jul 17 2003 "C:\Swsetup\Default\Cpqset.exe"
14348 Feb 28 2008 "C:\Program Files\HPQ\Default Settings\cpqset.exe"
184412 Jul 17 2003 "C:\Program Files\HPQ\Default Settings\bak\cpqset.exe"
14348 Feb 28 2008 "C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe"
237568 Sep 26 2003 "C:\Program Files\HPQ\Quick Launch Buttons\bak\EabServr.exe"
143360 Mar 28 2003 "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\bak\mm_tray.exe"
14348 Feb 28 2008 "C:\Program Files\Verizon\Verizon Internet Security Suite\ZkRunOnceR.exe"
13552 Aug 7 2007 "C:\Program Files\Verizon\Verizon Internet Security Suite\bak\ZkRunOnceR.exe"
14348 Feb 28 2008 "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe"
2061816 May 11 2007 "C:\Program Files\Verizon\VSP\bak\VerizonServicepoint.exe"
14348 Feb 28 2008 "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
39792 Oct 10 2007 "C:\Program Files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe"
14348 Feb 28 2008 "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
180269 Nov 24 2007 "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
14348 Feb 28 2008 "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
65536 May 1 2003 "C:\Program Files\Common Files\Roxio Shared\System\bak\EngUtil.exe"
14348 Feb 28 2008 "C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe"
90112 Oct 7 2002 "C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\bak\hpqcmon.exe"
14348 Feb 28 2008 "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
868352 Jul 18 2003 "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\bak\DrgToDsc.exe"

end of report

--Ginger

Double-click the FindAWF icon once again
If a Security Alert shows, allow the program to run.
As instructed, press any key to continue.
Use the following option:

Press 2 then Enter to restore files from bak folders
A text file opens called: files.txt
Copy/paste the following list of bolded files to be restored:

"C:\Program Files\Apoint2K\bak\Apoint.exe"
"C:\Program Files\Verizon\bak\McciTrayApp.exe"
"C:\WINDOWS\system32\bak\ctfmon.exe"
"C:\WINDOWS\system32\bak\hphmon05.exe"
"C:\Program Files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe"
"C:\Program Files\Hewlett-Packard\HP Software Update\bak\HPWuSchd.exe"
"C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\bak\hphupd05.exe"
"C:\Program Files\HPQ\Default Settings\bak\cpqset.exe"
"C:\Program Files\HPQ\Quick Launch Buttons\bak\EabServr.exe"
"C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\bak\mm_tray.exe"
"C:\Program Files\Verizon\Verizon Internet Security Suite\bak\ZkRunOnceR.exe"
"C:\Program Files\Verizon\VSP\bak\VerizonServicepoint.exe"
"C:\Program Files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe"
"C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
"C:\Program Files\Common Files\Roxio Shared\System\bak\EngUtil.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\bak\hpqcmon.exe"
"C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\bak\DrgToDsc.exe"

Next, close and click Yes to save the changes.
Once files.txt is saved, FindAWF does the following:
-It attempts to terminate the process represented by each filename on the list, if running
-Deletes the rogue file from the parent folder, if present
-Copies the original file to the parent folder
When done with the above, it automatically runs a new scan and opens a new log.
Please provide the new FindAWF log in your reply.

Your java is out of date and can be exploited.
Download the latest version of java from this link Java
Click on the JDK 6 Update 5 download button.
Check the box that says: "Accept License Agreement". The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. It should have the "coffee cup" icon next to it.
Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed
Then from your desktop double-click on jdk-6u5-windows-i586-p.exe to install the newest version.

I'll do the Java now. Here's the next run.

"C:\Program Files\Apoint2K\bak\Apoint.exe"
"C:\Program Files\Verizon\bak\McciTrayApp.exe"
"C:\WINDOWS\system32\bak\ctfmon.exe"
"C:\WINDOWS\system32\bak\hphmon05.exe"
"C:\Program Files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe"
"C:\Program Files\Hewlett-Packard\HP Software Update\bak\HPWuSchd.exe"
"C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\bak\hphupd05.exe"
"C:\Program Files\HPQ\Default Settings\bak\cpqset.exe"
"C:\Program Files\HPQ\Quick Launch Buttons\bak\EabServr.exe"
"C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\bak\mm_tray.exe"
"C:\Program Files\Verizon\Verizon Internet Security Suite\bak\ZkRunOnceR.exe"
"C:\Program Files\Verizon\VSP\bak\VerizonServicepoint.exe"
"C:\Program Files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe"
"C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
"C:\Program Files\Common Files\Roxio Shared\System\bak\EngUtil.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\bak\hpqcmon.exe"
"C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\bak\DrgToDsc.exe"

--Ginger

Double-click the FindAWF icon once again
If a Security Alert shows, allow the program to run.
As instructed, press any key to continue.
Use the following option: Press 3 then Enter to remove bak folders
A text file opens called: folders.txt
Copy /paste the following list of bolded folders to be removed:

C:\Program Files\Apoint2K\bak
C:\Program Files\Verizon\bak
C:\WINDOWS\system32\bak
C:\WINDOWS\system32\bak
C:\Program Files\ATI Technologies\ATI Control Panel\bak
C:\Program Files\Hewlett-Packard\HP Software Update\bak
C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\bak
C:\Program Files\HPQ\Default Settings\bak
C:\Program Files\HPQ\Quick Launch Buttons\bak
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\bak
C:\Program Files\Verizon\Verizon Internet Security Suite\bak
C:\Program Files\Verizon\VSP\bak
C:\Program Files\Adobe\Reader 8.0\Reader\bak
C:\Program Files\Common Files\Real\Update_OB\bak
C:\Program Files\Common Files\Roxio Shared\System\bak
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\bak
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\bak

Next, close and click Yes to save the changes.
Once folders.txt is saved, FindAWF does the following:
-It deletes the contents of the bak folders
-Removes the bak folders
When done with the above, it automatically runs a new scan and opens a new log.
Please provide the new FindAWF log in your reply.

Please download ComboFix to the desktop from one of the following links:

Link1

Link 2

Link 3

Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to hang.)
Please post the log it produces.

New Java is loaded.

FIND AWF LOG

Find AWF report by noahdfear ©2006
Version 1.40
Option 3 run successfully

The current date is: Thu 03/20/2008
The current time is: 22:21:42.03

bak folders found
~~~~~~~~~~~

Directory of C:\PROGRA~1\HEWLET~1\HPSOFT~1\BAK

12/17/2002 03:40 PM 49,152 HPWuSchd.exe
1 File(s) 49,152 bytes

Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

49152 Dec 17 2002 "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
49152 Dec 17 2002 "C:\Program Files\Hewlett-Packard\HP Software Update\bak\HPWuSchd.exe"

end of report

COMBO FIX LOG

ComboFix 08-03-20.5 - VFH 2008-03-20 22:27:39.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.230 [GMT -4:00]
Running from: C:\Documents and Settings\VFH\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\WinBudget
C:\Program Files\WinBudget\bin\matrix.dat
C:\Program Files\WinBudget\bin\matrix.dll
C:\setup.exe

.
((((((((((((((((((((((((( Files Created from 2008-02-21 to 2008-03-21 )))))))))))))))))))))))))))))))
.

2008-03-20 22:14 . 2008-03-20 22:14 <DIR> d-------- C:\Program Files\Sun
2008-03-20 22:13 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-03-20 17:57 . 2008-03-20 17:57 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-18 20:16 . 2008-03-18 20:17 <DIR> d-------- C:\Documents and Settings\VFH\Application Data\AdwareAlert
2008-03-18 19:24 . 2007-08-01 16:47 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-03-18 19:02 . 2008-03-18 19:02 <DIR> d-------- C:\WINDOWS\system32\HouseCall 6.6
2008-03-18 19:02 . 2008-03-18 20:11 <DIR> d-------- C:\Documents and Settings\VFH\Application Data\HouseCall 6.6
2008-03-18 17:49 . 2008-03-18 17:49 <DIR> d-------- C:\Documents and Settings\VFH\Application Data\RegistrySmart
2008-03-13 02:19 . 2008-03-13 02:19 <DIR> d-------- C:\Program Files\Lavasoft
2008-03-13 02:19 . 2008-03-13 02:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-13 02:17 . 2008-03-13 02:17 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-12 22:44 . 2008-03-12 22:47 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-03-12 19:50 . 2008-03-12 19:50 5,841 --a------ C:\WINDOWS\system32\MRT.INI
2008-03-12 18:28 . 2008-03-12 18:30 <DIR> d-------- C:\Program Files\eSoftware

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-21 02:21 --------- d-----w C:\Program Files\Verizon
2008-03-21 02:21 --------- d-----w C:\Program Files\Apoint2K
2008-03-21 02:13 --------- d-----w C:\Program Files\Java
2008-03-21 00:54 --------- d-----w C:\Program Files\BigJig
2008-03-20 20:19 53,192 ----a-w C:\WINDOWS\system32\drivers\rp_skt32.sys
2008-03-13 01:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-13 01:06 --------- d-----w C:\Program Files\MUSICMATCH
2008-02-25 16:23 --------- d-----w C:\Program Files\Easy Internet signup
2008-01-11 05:53 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2003-10-03 18:20 121 ----a-w C:\Program Files\delete-hst.bat
2003-10-03 18:20 121 ----a-w C:\Program Files\delete-dll.bat
2003-03-24 13:18 10,050 ----a-w C:\Program Files\weeklyscan.reg
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-r 49,152 2002-12-17 19:40:22 C:\Program Files\Hewlett-Packard\HP Software Update\bak\HPWuSchd.exe
----a-w 49,152 2002-12-17 19:40:22 C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D83A7B12-A4D4-4984-8F72-D41C6B4C1E6E}]
2008-03-12 18:28 282636 --a------ C:\Program Files\eSoftware\studio.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"IndexCleaner"="C:\Program Files\Verizon\Verizon Internet Security Suite\IdxClnR.exe" [2007-08-07 18:31 61168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2003-10-07 23:40 159744]
"AGRSMMSG"="AGRSMMSG.exe" [2003-09-30 14:31 88363 C:\WINDOWS\AGRSMMSG.exe]
"ATIModeChange"="Ati2mdxx.exe" [2003-10-07 23:41 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2003-07-17 13:50 184412]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-09-12 01:10 335872]
"CamMonitor"="C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe" [2002-10-07 04:23 90112]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2003-09-26 13:04 237568]
"RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-01 22:44 65536]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-07-18 21:23 868352]
"HPHUPD05"="C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-05-23 00:03 49152]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2002-12-17 15:40 49152]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-05-22 23:55 483328]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-11-24 20:04 180269]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"Verizon_McciTrayApp"="C:\Program Files\Verizon\McciTrayApp.exe" [2007-09-28 14:30 936960]
"Verizon Internet Security Suite"="C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe" [2007-08-07 18:31 303344]
"-FreedomNeedsReboot"="C:\Program Files\Verizon\Verizon Internet Security Suite\ZkRunOnceR.exe" [2007-08-07 18:31 13552]
"VerizonServicepoint.exe"="C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" [2007-05-11 16:20 2061816]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoMSAppLogo5ChannelNotify"= 1 (0x1)
"NoToolbarCustomize"= 0 (0x0)
"NoBandCustomize"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"Btn_Back"= 0 (0x0)
"Btn_Forward"= 0 (0x0)
"Btn_Stop"= 0 (0x0)
"Btn_Refresh"= 0 (0x0)
"Btn_Home"= 0 (0x0)
"Btn_Search"= 0 (0x0)
"Btn_History"= 0 (0x0)
"Btn_Favorites"= 0 (0x0)
"Btn_Media"= 2 (0x2)
"SpecifyDefaultButtons"= 1 (0x1)
"Btn_Folders"= 0 (0x0)
"Btn_Fullscreen"= 0 (0x0)
"Btn_Tools"= 0 (0x0)
"Btn_MailNews"= 0 (0x0)
"Btn_Size"= 0 (0x0)
"Btn_Print"= 0 (0x0)
"Btn_Edit"= 0 (0x0)
"Btn_Discussions"= 2 (0x2)
"Btn_Cut"= 0 (0x0)
"Btn_Copy"= 0 (0x0)
"Btn_Paste"= 0 (0x0)
"Btn_Encoding"= 0 (0x0)
"Btn_PrintPreview"= 0 (0x0)
"NoFavoritesMenu"= 0 (0x0)
"NoLogoff"= 0 (0x0)
"EnforceShellExtensionSecurity"= 0 (0x0)
"NoDeletePrinter"= 0 (0x0)
"NoAddPrinter"= 0 (0x0)
"NoPrinterTabs"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=

S3 Radialpoint Security Services;Verizon Internet Security Suite;C:\WINDOWS\system32\dllhost.exe [2004-08-04 01:56]
S3 vsinstdv;vsinstdv;C:\DOCUME~1\VFH\LOCALS~1\Temp\{5B55B4A6-B232-4B6E-B565-E02183685DE9}\vsinstdv.sys []

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\TimeZoneTool]
C:\Program Files\Microsoft Office\Office12\Office Outlook Time Zone Data Update Tool\DSTTool.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{591B35E0-8287-4777-86E4-5739418F961C}]
msiexec /fu {591B35E0-8287-4777-86E4-5739418F961C} /qn

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{AC76BA86-7AD7-1033-7B44-A81100000003}]
msiexec /fu {AC76BA86-7AD7-1033-7B44-A81100000003} /qn
.
Contents of the 'Scheduled Tasks' folder
"2008-03-19 00:16:41 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
- C:\Program Files\AdwareAlert\AdwareAlert.ex
- C:\Program Files\AdwareAlert
"2008-02-25 16:23:48 C:\WINDOWS\Tasks\easy Internet sign-up.job"
- c:\Program Files\Easy Internet signup\HPSdpApp.exe
"2008-03-18 21:49:20 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
- C:\Program Files\RegistrySmart\RegistrySmart.ex
- C:\Program Files\RegistrySmart
"2008-03-20 20:25:23 C:\WINDOWS\Tasks\User_Feed_Synchronization-{75CDBCF6-8456-489C-8972-76E8AB029EB1}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-20 22:30:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe???????????????|?????? ?deB???????????????B? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-20 22:31:16
ComboFix-quarantined-files.txt 2008-03-21 02:30:58
.
2008-03-19 01:00:15 --- E O F ---

--Ginger

Navigate to and delete these files:

C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job
C:\Program Files\AdwareAlert\AdwareAlert.ex

Navigate to and delete these folders:

C:\Program Files\Hewlett-Packard\HP Software Update\bak
C:\Program Files\AdwareAlert

Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.

Download CCleaner from the following link:

http://filehippo.com/download_ccleaner/

After you download it to your desktop and begin installing it only allow the "install icon on desktop" to install . Then run it, use only as suggested, it's powerful use only the prechecked items.

Double-click the FindAWF icon once again
If a Security Alert shows, allow the program to run.
As instructed, press any key to continue.
Use the following option: Press 4 then Enter to reset domain zones
This removes all entries from the domain zones.
When the program returns to the main menu, use the following option:
Press E then Enter to EXIT
Next,
Launch Notepad, and copy/paste everything between the X's making "regedit4" the very top line.
Save in: Desktop
File Name: fixme.reg
Save as Type: All files
Click: Save
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
REGEDIT4
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Then, disconnect from the Internet!
Next,
Back on the Desktop, double-click on the fixme.reg file you just saved and click on Yes when asked to merge the information.
Optional if the following programs are in your computer.
Note that since the Domains are deleted SpywareBlaster protection must be re-enabled. Spybot's Immunize feature must be used again, also you have to re-install IE-SpyAd if installed.
Delete the fixme.reg file just created.

Let us know how the computer is operating.

your good jabuck

on the road again!!

Just now finished your instructions and everything is running well. That was pretty amazing and I thank you so very, very much!

--Ginger

Glad we could help.