I also have the b.whataboutadog virus. I and symantics have been trying to remove it for a week now. Do you guys have any suggestions?

Please download FindAWL from this link FindAWF

Double-click on the FindAWF.exe file to run it. It will open a command prompt and ask you to "Press any key to continue". You will be presented with a Menu.
1. Press 1 then Enter to scan for bak folders
2. Press 2 then Enter to restore files from bak folders
3. Press 3 then Enter to remove bak folders
4. Press 4 then Enter to reset domain zones
5. Press E then Enter to EXIT
Press 1 then press Enter. Copy and paste the contents of the AWF.txt file in your next reply.

Heres the AWF report and ty for the help again

Find AWF report by noahdfear ©2006
Version 1.40

The current date is: Mon 10/15/2007
The current time is: 16:52:14.57

bak folders found
~~~~~~~~~~~

Directory of C:\PROGRA~1\ITUNES\BAK

09/14/2007 10:00 AM 267,064 iTunesHelper.exe
1 File(s) 267,064 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

06/29/2007 06:24 AM 286,720 QTTask.exe
1 File(s) 286,720 bytes

Directory of C:\WINDOWS\EHOME\BAK

09/29/2005 11:01 PM 67,584 ehtray.exe
1 File(s) 67,584 bytes

Directory of C:\WINDOWS\SMINST\BAK

07/23/2005 12:14 AM 237,568 RECGUARD.EXE
1 File(s) 237,568 bytes

Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\HEWLET~1\HPBOOT~1\BAK

02/16/2006 12:34 AM 249,856 HPBootOp.exe
1 File(s) 249,856 bytes

Directory of C:\PROGRA~1\HP\HPSOFT~1\BAK

02/16/2005 11:11 PM 49,152 HPWuSchd2.exe
1 File(s) 49,152 bytes

Directory of C:\PROGRA~1\SCANSOFT\OMNIPA~1.0\BAK

10/11/2006 12:45 PM 75,304 OpwareSE4.exe
1 File(s) 75,304 bytes

Directory of C:\PROGRA~1\YAHOO!\SEARCH~1\BAK

06/08/2007 09:59 AM 224,248 SearchProtection.exe
1 File(s) 224,248 bytes

Directory of C:\PROGRA~1\COMMON~1\SCANSO~1\SSBKGD~1\BAK

09/28/2006 01:16 PM 185,896 SSBkgdupdate.exe
1 File(s) 185,896 bytes

Directory of C:\PROGRA~1\JAVA\JRE16~2.0_0\BIN\BAK

07/12/2007 04:00 AM 132,496 jusched.exe
1 File(s) 132,496 bytes

Directory of C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\BAK

09/20/2006 08:35 AM 20,480 WrtMon.exe
1 File(s) 20,480 bytes

Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

28176 Oct 2 2007 "C:\Program Files\iTunes\iTunesHelper.exe"
267064 Sep 14 2007 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
102400 Sep 18 2007 "C:\WINDOWS\Installer\{7FF9CD9C-6E0C-4462-9670-F424DCB32DAF}\iTunesIco.exe"
116024 Sep 18 2007 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.4.2.4\iTunesSetupAdmin.exe"
28176 Oct 2 2007 "C:\Program Files\QuickTime\QTTask.exe"
286720 Jun 29 2007 "C:\Program Files\QuickTime\bak\QTTask.exe"
64512 Aug 5 2005 "C:\WINDOWS\$NtUninstallKB908246$\ehtray.exe"
64512 Aug 5 2005 "C:\WINDOWS\ehome\ehtray.exe"
67584 Sep 29 2005 "C:\WINDOWS\ehome\bak\ehtray.exe"
28176 Oct 2 2007 "C:\WINDOWS\SMINST\RECGUARD.EXE"
237568 Jul 23 2005 "C:\WINDOWS\SMINST\bak\RECGUARD.EXE"
28176 Oct 2 2007 "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe"
249856 Feb 16 2006 "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.exe"
28176 Oct 2 2007 "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
49152 Feb 16 2005 "C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe"
28176 Oct 2 2007 "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
75304 Oct 11 2006 "C:\Program Files\ScanSoft\OmniPageSE4.0\bak\OpwareSE4.exe"
28176 Oct 2 2007 "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
224248 Jun 8 2007 "C:\Program Files\Yahoo!\Search Protection\bak\SearchProtection.exe"
28176 Oct 2 2007 "C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdupdate.exe"
185896 Sep 28 2006 "C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\bak\SSBkgdupdate.exe"
36975 Nov 10 2005 "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
49263 Nov 9 2006 "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
83608 Mar 14 2007 "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
28176 Oct 2 2007 "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
132496 Jul 12 2007 "C:\Program Files\Java\jre1.6.0_02\bin\bak\jusched.exe"
28176 Oct 2 2007 "C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe"
20480 Sep 20 2006 "C:\WINDOWS\system32\spool\drivers\w32x86\3\bak\WrtMon.exe"

end of report

Please download and install the latest version of HijackThis v2.0.2:

Download the HijackThis Installer from this link: HijackThis

1. Save " HJTInstall.exe" to your desktop.
2. Double click on HJTInstall.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
8. Paste the log in your next reply.
9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

Double-click the FindAWF icon once again

If a Security Alert shows, allow the program to run.
As instructed, press any key to continue.
Use the following option: Press 2 then Enter to restore files from bak folders

A text file opens called: files.txt
Click below the line and paste the following list of files to be restored:

"C:\Program Files\iTunes\bak\iTunesHelper.exe"
"C:\Program Files\QuickTime\bak\QTTask.exe"
"C:\WINDOWS\ehome\bak\ehtray.exe"
"C:\WINDOWS\SMINST\bak\RECGUARD.EXE"
"C:\Program Files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.exe"
"C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe"
"C:\Program Files\ScanSoft\OmniPageSE4.0\bak\OpwareSE4.exe"
"C:\Program Files\Yahoo!\Search Protection\bak\SearchProtection.exe"
"C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\bak\SSBkgdupdate.exe"
"C:\Program Files\Java\jre1.6.0_02\bin\bak\jusched.exe"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\bak\WrtMon.exe"

Next, close and click Yes to save the changes.

Once files.txt is saved, FindAWF does the following:
-It attempts to terminate the process represented by each filename on the list, if running
-Deletes the rogue file from the parent folder, if present
-Copies the original file to the parent folder

When done with the above, it automatically runs a new scan and opens a new log.
Please provide the new FindAWF log in your reply.

We still have work to do after this phase of the virus removal.

hijinks file

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:02:42 PM, on 10/15/2007
Platform: Windows XP SP2 (WinNT

5.01.2600)
MSIE: Internet Explorer v7.00

(7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec

Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec

Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec

Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec

Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F22

7FCA9A08}\PIFSvc.exe
c:\Program Files\Common Files\Symantec

Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec

Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec

Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common

Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common

Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile

Device

Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program

Files\Symantec\LiveUpdate\ALUSchedulerSv

c.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common

Files\LightScribe\LSSrvc.exe
c:\Program Files\Norton Internet

Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
c:\Program Files\Common Files\Symantec

Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec

Shared\ccApp.exe
C:\Program Files\Yahoo!\Search

Protection\SearchProtection.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Common

Files\AOL\ACS\AOLDial.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\COMMON~1\AOL\119189~1\EE\

AOLHOS~1.EXE
C:\PROGRA~1\COMMON~1\AOL\119189~1\EE\

AOLServiceHost.exe
C:\Program Files\Yahoo!\Search

Protection\bak\SearchProtection.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet

Explorer\IEXPLORE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend

Micro\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet

Explorer\Main,Start Page =

http://ie.redirect.hp.com/svs/rdr?T...

iehome&locale=EN_US&c=64&bd=PRESARIO

&pf=desktop
R0 - HKCU\Software\Microsoft\Internet

Explorer\Main,Local Page = \blank.htm
O2 - BHO: (no name) -

{02478D38-C3F9-4efb-9B51-7695ECA05670} -

(no file)
O2 - BHO: Adobe PDF Reader Link Helper -

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

- C:\Program Files\Adobe\Acrobat

7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class -

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

- C:\Program

Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: NAV Helper -

{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}

- c:\Program Files\Norton Internet

Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: hpWebHelper Class -

{AAAE832A-5FFF-4661-9C8F-369692D1DCB9}

-

C:\WINDOWS\pchealth\helpctr\Vendors\CN=H

ewlett-Packard,L=Cupertino,S=Ca,C=US\plug

in\WebHelper.dll
O3 - Toolbar: Norton AntiVirus -

{C4069E3A-68F1-403E-B40E-20066696354B} -

c:\Program Files\Norton Internet

Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "c:\Program

Files\Common Files\Symantec

Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng]

"C:\Program Files\Common Files\Symantec

Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F22

7FCA9A08}\PIFSvc.exe" /a /m "C:\Program

Files\Common Files\Symantec

Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F22

7FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [YSearchProtection]

"C:\Program Files\Yahoo!\Search

Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [WrtMon.exe]

C:\WINDOWS\system32\spool\drivers\w32x86\

3\WrtMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched]

"C:\Program

Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate]

"C:\Program Files\Common Files\Scansoft

Shared\SSBkgdUpdate\SSBkgdupdate.exe"

-Embedding -boot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Recguard]

C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [QuickTime Task]

"C:\Program

Files\QuickTime\bak\QTTask.exe"

-atboottime
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program

Files\ScanSoft\OmniPageSE4.0\OpwareSE4.e

xe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon]

RUNDLL32.EXE

C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [iTunesHelper]

"C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HPBootOp] "C:\Program

Files\Hewlett-Packard\HP Boot

Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update]

C:\Program Files\Hp\HP Software

Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HostManager] C:\Program

Files\Common

Files\AOL\1191896914\EE\AOLHostManager.e

xe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe

ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [ehTray]

C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program

Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AlwaysReady Power

Message APP] ARPWRMSG.EXE
O4 -

HKUS\S-1-5-21-917604045-547949620-33088

79918-1008\..\Run: [YSearchProtection]

C:\Program Files\Yahoo!\Search

Protection\SearchProtection.exe (User

'DEBORAH')
O4 -

HKUS\S-1-5-21-917604045-547949620-33088

79918-1008\..\Run: [AOL Fast Start]

"C:\Program Files\America Online

9.0\AOL.EXE" -b (User 'DEBORAH')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM]

C:\Program Files\MySpace\IM\MySpaceIM.exe

(User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM]

C:\Program Files\MySpace\IM\MySpaceIM.exe

(User 'Default user')
O4 -

S-1-5-21-917604045-547949620-3308879918-

1008 Startup: PinMcLnk.lnk =

C:\hp\bin\cloaker.exe (User 'DEBORAH')
O4 -

S-1-5-21-917604045-547949620-3308879918-

1008 User Startup: PinMcLnk.lnk =

C:\hp\bin\cloaker.exe (User 'DEBORAH')
O4 - .DEFAULT User Startup: Pin.lnk =

C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk =

C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed

Launch.lnk = C:\Program Files\Adobe\Acrobat

7.0\Reader\reader_sl.exe
O4 - Global Startup: Compaq

Connections.lnk = C:\Program Files\Compaq

Connections\5577497\Program\Compaq

Connections.exe
O4 - Global Startup: Kodak EasyShare

software.lnk = C:\Program

Files\Kodak\Kodak EasyShare

software\bin\EasyShare.exe
O8 - Extra context menu item: &AOL Toolbar

Search - c:\program files\aol\aol toolbar

5.0\resources\en-us\local\search.html
O8 - Extra context menu item: E&xport to

Microsoft Excel -

res://C:\PROGRA~1\MICROS~4\OFFICE11\EXC

EL.EXE/3000
O9 - Extra button: (no name) -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}

- C:\Program

Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java

Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}

- C:\Program

Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research -

{92780B25-18CC-41C8-B9BE-3C9C571A8263}

-

C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBA

R.DLL
O9 - Extra button: Internet Connection Help -

{E2D4D26B-0180-43a4-B05F-462D6D54C789}

-

C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\C

N=Hewlett-Packard,L=Cupertino,S=Ca,C=US\

IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet

Connection Help -

{E2D4D26B-0180-43a4-B05F-462D6D54C789}

-

C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\C

N=Hewlett-Packard,L=Cupertino,S=Ca,C=US\

IEButton\support.htm
O9 - Extra button: (no name) -

{e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem:

@xpsp3res.dll,-20001 -

{e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows

Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.whataboutadog.com
O16 - DPF:

{49232000-16E4-426C-A231-62846947304B}

(SysData Class) -

http://ipgweb.cce.hp.com/rdqcpqdktp...

ads/sysinfo.cab
O16 - DPF:

{DBA230D1-8467-4e69-987E-5FAE815A3B45}

-
O23 - Service: AOL Connectivity Service

(AOL ACS) - America Online - C:\Program

Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL

TopSpeedMonitor) - America Online, Inc -

C:\Program Files\Common

Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple,

Inc. - C:\Program Files\Common

Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate

Scheduler - Symantec Corporation -

C:\Program

Files\Symantec\LiveUpdate\ALUSchedulerSv

c.exe
O23 - Service: Symantec Event Manager

(ccEvtMgr) - Symantec Corporation -

c:\Program Files\Common Files\Symantec

Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security

Password Validation (ccISPwdSvc) -

Symantec Corporation - c:\Program

Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy

(ccProxy) - Symantec Corporation -

c:\Program Files\Common Files\Symantec

Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager

(ccSetMgr) - Symantec Corporation -

c:\Program Files\Common Files\Symantec

Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) -

Symantec Corporation - c:\Program

Files\Norton Internet Security\comHost.exe
O23 - Service: InstallDriver Table Manager

(IDriverT) - Macrovision Corporation -

C:\Program Files\Common

Files\InstallShield\Driver\1050\Intel

32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. -

C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct

Disc Labeling Service (LightScribeService) -

Hewlett-Packard Company - C:\Program

Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec

Corporation -

C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~

1.EXE
O23 - Service: LiveUpdate Notice Service -

Symantec Corporation - C:\Program

Files\Common Files\Symantec

Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F22

7FCA9A08}\PIFSvc.exe
O23 - Service: Norton AntiVirus Auto-Protect

Service (navapsvc) - Symantec Corporation -

c:\Program Files\Norton Internet

Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center

Service (NSCService) - Symantec

Corporation - c:\Program Files\Common

Files\Symantec Shared\Security

Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service

(NVSvc) - NVIDIA Corporation -

C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan)

- Symantec Corporation - c:\Program

Files\Norton Internet Security\Norton

AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers

Service (SNDSrvc) - Symantec Corporation -

c:\Program Files\Common Files\Symantec

Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc

(SPBBCSvc) - Symantec Corporation -

c:\Program Files\Common Files\Symantec

Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown

owner - C:\Program Files\Common

Files\Symantec

Shared\CCPD-LC\symlcsvc.exe

--
End of file - 11051 bytes

awf file

Find AWF report by noahdfear ©2006
Version 1.40
Option 2 run successfully

The current date is: Mon 10/15/2007
The current time is: 18:08:25.75

bak folders found
~~~~~~~~~~~

Directory of C:\PROGRA~1\ITUNES\BAK

09/14/2007 10:00 AM 267,064 iTunesHelper.exe
1 File(s) 267,064 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

06/29/2007 06:24 AM 286,720 QTTask.exe
1 File(s) 286,720 bytes

Directory of C:\WINDOWS\EHOME\BAK

09/29/2005 11:01 PM 67,584 ehtray.exe
1 File(s) 67,584 bytes

Directory of C:\WINDOWS\SMINST\BAK

07/23/2005 12:14 AM 237,568 RECGUARD.EXE
1 File(s) 237,568 bytes

Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\HEWLET~1\HPBOOT~1\BAK

02/16/2006 12:34 AM 249,856 HPBootOp.exe
1 File(s) 249,856 bytes

Directory of C:\PROGRA~1\HP\HPSOFT~1\BAK

02/16/2005 11:11 PM 49,152 HPWuSchd2.exe
1 File(s) 49,152 bytes

Directory of C:\PROGRA~1\SCANSOFT\OMNIPA~1.0\BAK

10/11/2006 12:45 PM 75,304 OpwareSE4.exe
1 File(s) 75,304 bytes

Directory of C:\PROGRA~1\YAHOO!\SEARCH~1\BAK

06/08/2007 09:59 AM 224,248 SearchProtection.exe
1 File(s) 224,248 bytes

Directory of C:\PROGRA~1\COMMON~1\SCANSO~1\SSBKGD~1\BAK

09/28/2006 01:16 PM 185,896 SSBkgdupdate.exe
1 File(s) 185,896 bytes

Directory of C:\PROGRA~1\JAVA\JRE16~2.0_0\BIN\BAK

07/12/2007 04:00 AM 132,496 jusched.exe
1 File(s) 132,496 bytes

Directory of C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\BAK

09/20/2006 08:35 AM 20,480 WrtMon.exe
1 File(s) 20,480 bytes

Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

28176 Oct 2 2007 "C:\Program Files\iTunes\iTunesHelper.exe"
267064 Sep 14 2007 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
102400 Sep 18 2007 "C:\WINDOWS\Installer\{7FF9CD9C-6E0C-4462-9670-F424DCB32DAF}\iTunesIco.exe"
116024 Sep 18 2007 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.4.2.4\iTunesSetupAdmin.exe"
286720 Jun 29 2007 "C:\Program Files\QuickTime\QTTask.exe"
286720 Jun 29 2007 "C:\Program Files\QuickTime\bak\QTTask.exe"
64512 Aug 5 2005 "C:\WINDOWS\$NtUninstallKB908246$\ehtray.exe"
64512 Aug 5 2005 "C:\WINDOWS\ehome\ehtray.exe"
67584 Sep 29 2005 "C:\WINDOWS\ehome\bak\ehtray.exe"
237568 Jul 23 2005 "C:\WINDOWS\SMINST\RECGUARD.EXE"
237568 Jul 23 2005 "C:\WINDOWS\SMINST\bak\RECGUARD.EXE"
249856 Feb 16 2006 "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe"
249856 Feb 16 2006 "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.exe"
49152 Feb 16 2005 "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
49152 Feb 16 2005 "C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe"
75304 Oct 11 2006 "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
75304 Oct 11 2006 "C:\Program Files\ScanSoft\OmniPageSE4.0\bak\OpwareSE4.exe"
224248 Jun 8 2007 "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
224248 Jun 8 2007 "C:\Program Files\Yahoo!\Search Protection\bak\SearchProtection.exe"
185896 Sep 28 2006 "C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdupdate.exe"
185896 Sep 28 2006 "C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\bak\SSBkgdupdate.exe"
36975 Nov 10 2005 "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
49263 Nov 9 2006 "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
83608 Mar 14 2007 "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
132496 Jul 12 2007 "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
132496 Jul 12 2007 "C:\Program Files\Java\jre1.6.0_02\bin\bak\jusched.exe"
20480 Sep 20 2006 "C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe"
20480 Sep 20 2006 "C:\WINDOWS\system32\spool\drivers\w32x86\3\bak\WrtMon.exe"

end of report

Option 3:
Double-click the FindAWF icon once again

If a Security Alert shows, allow the program to run.
As instructed, press any key to continue.
Use the following option: Press 3 then Enter to remove bak folders

A text file opens called: folders.txt
Click below the line and paste the following list of folders to be removed:

"C:\Program Files\iTunes\bak\iTunesHelper.exe"
"C:\Program Files\QuickTime\bak\QTTask.exe"
"C:\WINDOWS\ehome\bak\ehtray.exe"
"C:\WINDOWS\SMINST\bak\RECGUARD.EXE"
"C:\Program Files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.exe"
"C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe"
"C:\Program Files\ScanSoft\OmniPageSE4.0\bak\OpwareSE4.exe"
"C:\Program Files\Yahoo!\Search Protection\bak\SearchProtection.exe"
"C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\bak\SSBkgdupdate.exe"
"C:\Program Files\Java\jre1.6.0_02\bin\bak\jusched.exe"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\bak\WrtMon.exe"

Next, close and click Yes to save the changes.

Once folders.txt is saved, FindAWF does the following:
-It deletes the contents of the bak folders
-Removes the bak folders

When done with the above, it automatically runs a new scan and opens a new log.
Please provide the new FindAWF log in your reply.

Next Option 4.

Option 4:
Double-click the FindAWF icon once again

If a Security Alert shows, allow the program to run.
As instructed, press any key to continue.
Use the following option: Press 4 then Enter to reset domain zones

This removes all entries from the domain zones.
When the program returns to the main menu, use the following option:
Press E then Enter to EXIT

Next,

Launch Notepad, and copy/paste all the blue instructions below to it.
Save in: Desktop
File Name: fixme.reg
Save as Type: All files
Click: Save
REGEDIT4
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
Then, disconnect from the Internet!
Next,
Back on the Desktop, double-click on the fixme.reg file you just saved and click on Yes when asked to merge the information.
Optional if the following programs are in your computer.
Note that since the Domains are deleted SpywareBlaster protection must be re-enabled. Spybot's Immunize feature must be used again, also you have to re-install IE-SpyAd if installed.
Delete the fixme.reg file just created.

Next, go to start> run> type in notepad> click format> uncheck 'word wrap". Exit Notepad.

Post a new Hijack This log please.

Find AWF report by noahdfear ©2006
Version 1.40
Option 3 run successfully

The current date is: Tue 10/16/2007
The current time is: 6:24:06.18

bak folders found
~~~~~~~~~~~

Directory of C:\PROGRA~1\ITUNES\BAK

09/14/2007 10:00 AM 267,064 iTunesHelper.exe
1 File(s) 267,064 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

06/29/2007 06:24 AM 286,720 QTTask.exe
1 File(s) 286,720 bytes

Directory of C:\WINDOWS\EHOME\BAK

09/29/2005 11:01 PM 67,584 ehtray.exe
1 File(s) 67,584 bytes

Directory of C:\WINDOWS\SMINST\BAK

07/23/2005 12:14 AM 237,568 RECGUARD.EXE
1 File(s) 237,568 bytes

Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\HEWLET~1\HPBOOT~1\BAK

02/16/2006 12:34 AM 249,856 HPBootOp.exe
1 File(s) 249,856 bytes

Directory of C:\PROGRA~1\HP\HPSOFT~1\BAK

02/16/2005 11:11 PM 49,152 HPWuSchd2.exe
1 File(s) 49,152 bytes

Directory of C:\PROGRA~1\SCANSOFT\OMNIPA~1.0\BAK

10/11/2006 12:45 PM 75,304 OpwareSE4.exe
1 File(s) 75,304 bytes

Directory of C:\PROGRA~1\YAHOO!\SEARCH~1\BAK

06/08/2007 09:59 AM 224,248 SearchProtection.exe
1 File(s) 224,248 bytes

Directory of C:\PROGRA~1\COMMON~1\SCANSO~1\SSBKGD~1\BAK

09/28/2006 01:16 PM 185,896 SSBkgdupdate.exe
1 File(s) 185,896 bytes

Directory of C:\PROGRA~1\JAVA\JRE16~2.0_0\BIN\BAK

07/12/2007 04:00 AM 132,496 jusched.exe
1 File(s) 132,496 bytes

Directory of C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\BAK

09/20/2006 08:35 AM 20,480 WrtMon.exe
1 File(s) 20,480 bytes

Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

28176 Oct 2 2007 "C:\Program Files\iTunes\iTunesHelper.exe"
267064 Sep 14 2007 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
102400 Sep 18 2007 "C:\WINDOWS\Installer\{7FF9CD9C-6E0C-4462-9670-F424DCB32DAF}\iTunesIco.exe"
116024 Sep 18 2007 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.4.2.4\iTunesSetupAdmin.exe"
286720 Jun 29 2007 "C:\Program Files\QuickTime\QTTask.exe"
286720 Jun 29 2007 "C:\Program Files\QuickTime\bak\QTTask.exe"
64512 Aug 5 2005 "C:\WINDOWS\$NtUninstallKB908246$\ehtray.exe"
64512 Aug 5 2005 "C:\WINDOWS\ehome\ehtray.exe"
67584 Sep 29 2005 "C:\WINDOWS\ehome\bak\ehtray.exe"
237568 Jul 23 2005 "C:\WINDOWS\SMINST\RECGUARD.EXE"
237568 Jul 23 2005 "C:\WINDOWS\SMINST\bak\RECGUARD.EXE"
249856 Feb 16 2006 "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe"
249856 Feb 16 2006 "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.exe"
49152 Feb 16 2005 "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
49152 Feb 16 2005 "C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe"
75304 Oct 11 2006 "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
75304 Oct 11 2006 "C:\Program Files\ScanSoft\OmniPageSE4.0\bak\OpwareSE4.exe"
224248 Jun 8 2007 "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
224248 Jun 8 2007 "C:\Program Files\Yahoo!\Search Protection\bak\SearchProtection.exe"
185896 Sep 28 2006 "C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdupdate.exe"
185896 Sep 28 2006 "C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\bak\SSBkgdupdate.exe"
36975 Nov 10 2005 "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
49263 Nov 9 2006 "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
83608 Mar 14 2007 "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
132496 Jul 12 2007 "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
132496 Jul 12 2007 "C:\Program Files\Java\jre1.6.0_02\bin\bak\jusched.exe"
20480 Sep 20 2006 "C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe"
20480 Sep 20 2006 "C:\WINDOWS\system32\spool\drivers\w32x86\3\bak\WrtMon.exe"

end of report

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:32:21 AM, on 10/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\COMMON~1\AOL\119189~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\COMMON~1\AOL\119189~1\EE\AOLServiceHost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?T...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\bak\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1191896914\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKUS\S-1-5-21-917604045-547949620-3308879918-1008\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (User 'DEBORAH')
O4 - HKUS\S-1-5-21-917604045-547949620-3308879918-1008\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b (User 'DEBORAH')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - S-1-5-21-917604045-547949620-3308879918-1008 Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'DEBORAH')
O4 - S-1-5-21-917604045-547949620-3308879918-1008 User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'DEBORAH')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqcpqdktp...
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 10815 bytes

Looks good.

Update your java. Go to start> control panel> java> update> update now> uncheck/decline any google toolbar options.

One update go to control panel> add/remove programs and unistall all the other java versions on the computer except for the jre1.6.0_03 version you just installed. Those older version are one way you could have been infected.

Please download ATF-Cleaner to your desktop from this link
http://www.atribune.org/content/view/19/2/ We will need it later in safe mode

Run Hijack This, close all windows except Hijack This, place a check to the left of the following items and press "fix checked":

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.

Next, please reboot your computer in Safe Mode by doing the following :

Restart your computer

After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;

Instead of Windows loading as normal, a menu with options should appear;

Select the first option, to run Windows in Safe Mode, then press "Enter".

Choose your usual account.

Run ATF-Cleaner from safe mode.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Please download ComboFix to the desktop from this link:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to hang.)

Please post the log it produces.

You should add "Spywareblaster" to your arsenol of antispyware tools, just do a google search for spywareblaster, download it,install it, and update it. Its free and runs in the background, so you don't actually run it, and re-writes malicious script before it can install on your computer. Look for updates weekly as there is no auto-update on the free version.

ComboFix 07-10-16.1 - Compaq_Administrator 2007-10-16 19:59:06.2 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.283 [GMT -5:00]
Running from: C:\Documents and Settings\Compaq_Administrator\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\DEBORAH\Application Data\FunWebProducts
C:\Documents and Settings\DEBORAH\Application Data\FunWebProducts\Data\DEBORAH\avatar.dat
C:\Documents and Settings\DEBORAH\Application Data\FunWebProducts\Data\DEBORAH\register.dat
C:\Documents and Settings\DEBORAH\Application Data\FunWebProducts\Data\DEBORAH\zbucks.dat
C:\Documents and Settings\DEBORAH\Application Data\macromedia\Flash Player\#SharedObjects\VHKZXG3E\www.broadcaster.com
C:\Documents and Settings\DEBORAH\Application Data\macromedia\Flash Player\#SharedObjects\VHKZXG3E\www.broadcaster.com\played_list.sol
C:\Documents and Settings\DEBORAH\Application Data\macromedia\Flash Player\#SharedObjects\VHKZXG3E\www.broadcaster.com\video_queue.sol
C:\Documents and Settings\DEBORAH\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\DEBORAH\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\WINDOWS\system32\_000006_.tmp.dll
C:\WINDOWS\system32\_000007_.tmp.dll
C:\WINDOWS\system32\_000010_.tmp.dll
C:\WINDOWS\system32\_000011_.tmp.dll
C:\WINDOWS\system32\_000012_.tmp.dll
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2007-09-17 to 2007-10-17 )))))))))))))))))))))))))))))))
.

2007-10-16 19:37 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-15 18:02 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-15 04:57 <DIR> d-------- C:\Program Files\NoAdware5.0
2007-10-15 04:33 <DIR> d-------- C:\Program Files\XoftSpySE
2007-10-14 17:39 <DIR> d-------- C:\My Music
2007-10-14 11:44 <DIR> d----c--- C:\Documents and Settings\Compaq_Administrator\jrc
2007-10-13 20:42 <DIR> d-------- C:\WINDOWS\pss
2007-10-13 20:36 4,284 --a------ C:\WINDOWS\system32\tmp.reg
2007-10-12 09:34 <DIR> d-------- C:\Documents and Settings\Jannas Place to Surf\Application Data\MySpace
2007-10-11 21:23 <DIR> d-------- C:\Program Files\MySpace
2007-10-11 21:23 <DIR> d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\MySpace
2007-10-10 15:31 <DIR> d-------- C:\Documents and Settings\DEBORAH\Application Data\Template
2007-10-08 21:29 <DIR> d-------- C:\Program Files\Common Files\AolCoach
2007-10-08 21:29 173,184 --a------ C:\WINDOWS\system32\ygpss.scr
2007-10-08 21:28 <DIR> d-------- C:\Program Files\Common Files\aolshare
2007-10-08 21:28 <DIR> d-------- C:\Program Files\America Online 9.0
2007-10-08 15:59 230 --a------ C:\vrqtoolSREnable.reg
2007-10-08 15:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SupportSoft
2007-10-05 18:27 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-10-05 18:25 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-10-01 11:57 <DIR> d-------- C:\Documents and Settings\Jannas Place to Surf\Application Data\HP
2007-09-29 20:51 <DIR> d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\NewSoft
2007-09-19 18:17 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\Yahoo!
2007-09-19 12:23 <DIR> d-------- C:\Documents and Settings\Jannas Place to Surf\Application Data\WildTangent
2007-09-18 21:16 <DIR> d-------- C:\Program Files\iTunes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-17 00:20 --------- d-----w C:\Program Files\Java
2007-10-16 11:40 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-10-15 23:08 --------- d-----w C:\Program Files\QuickTime
2007-10-15 22:06 --------- d-----w C:\Documents and Settings\DEBORAH\Application Data\LimeWire
2007-10-15 11:04 --------- d-----w C:\Program Files\Yahoo!
2007-10-15 11:03 --------- d--h--r C:\Documents and Settings\Compaq_Administrator\Application Data\yahoo!
2007-10-15 11:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-10-14 04:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Zylom
2007-10-13 03:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation
2007-10-10 03:08 --------- d-----w C:\Documents and Settings\DEBORAH\Application Data\AOL
2007-10-09 02:30 --------- d-----w C:\Program Files\Common Files\AOL
2007-10-09 02:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-10-08 11:18 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-10-08 11:18 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-10-08 11:18 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-10-08 11:18 --------- d-----w C:\Program Files\Symantec
2007-10-05 19:20 --------- d-----w C:\Program Files\Norton Internet Security
2007-10-03 18:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-09-27 23:41 --------- d-----w C:\Program Files\DISC
2007-09-26 23:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\WildTangent
2007-09-23 15:48 102,664 ----a-w C:\WINDOWS\system32\drivers\tmcomm.sys
2007-09-19 02:16 --------- d-----w C:\Program Files\iPod
2007-09-19 02:10 --------- d-----w C:\Program Files\Apple Software Update
2007-09-10 04:10 --------- d-----w C:\Documents and Settings\Jannas Place to Surf\Application Data\Viewpoint
2007-09-10 04:10 --------- d-----w C:\Documents and Settings\Jannas Place to Surf\Application Data\AOL
2007-09-08 23:35 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-09-05 15:53 --------- d-----w C:\Program Files\MSN Games
2007-09-04 13:33 --------- d-----w C:\Documents and Settings\Jannas Place to Surf\Application Data\Yahoo!
2007-09-03 00:13 --------- d-----w C:\Program Files\Oberon Media
2007-08-28 01:22 --------- d-----w C:\Documents and Settings\DEBORAH\Application Data\Yahoo!
2007-08-27 22:13 97,672 ----a-w C:\WINDOWS\system32\drivers\symfw.sys
2007-08-27 22:13 31,624 ----a-w C:\WINDOWS\system32\drivers\symids.sys
2007-08-27 22:13 28,040 ----a-w C:\WINDOWS\system32\drivers\symndis.sys
2007-08-27 22:13 23,944 ----a-w C:\WINDOWS\system32\drivers\symredrv.sys
2007-08-27 22:13 189,320 ----a-w C:\WINDOWS\system32\drivers\symtdi.sys
2007-08-27 22:13 12,680 ----a-w C:\WINDOWS\system32\drivers\symdns.sys
2007-08-27 00:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\FunGames
2007-01-29 23:50 0 -c--a-w C:\Documents and Settings\Compaq_Administrator\Application Data\wklnhst.dat
2007-01-22 20:57 0 -c--a-w C:\Documents and Settings\DEBORAH\Application Data\wklnhst.dat
2006-02-19 17:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 185,896 2006-09-28 18:16:20 C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\bak\SSBkgdupdate.exe
----a-w 185,896 2006-09-28 18:16:20 C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdupdate.exe

----a-w 249,856 2006-02-16 05:34:58 C:\Program Files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.exe
----a-w 249,856 2006-02-16 05:34:58 C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe

----a-w 49,152 2005-02-17 04:11:42 C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe
----a-w 49,152 2005-02-17 04:11:42 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

----a-w 267,064 2007-09-14 15:00:06 C:\Program Files\iTunes\bak\iTunesHelper.exe
----a-w 28,176 2007-10-03 00:33:58 C:\Program Files\iTunes\iTunesHelper.exe

----a-w 132,496 2007-07-12 09:00:36 C:\Program Files\Java\jre1.6.0_02\bin\bak\jusched.exe

----a-w 286,720 2007-06-29 11:24:52 C:\Program Files\QuickTime\bak\QTTask.exe
----a-w 286,720 2007-06-29 11:24:52 C:\Program Files\QuickTime\QTTask.exe

----a-w 75,304 2006-10-11 17:45:12 C:\Program Files\ScanSoft\OmniPageSE4.0\bak\OpwareSE4.exe
----a-w 75,304 2006-10-11 17:45:12 C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe

----a-w 224,248 2007-06-08 14:59:38 C:\Program Files\Yahoo!\Search Protection\bak\SearchProtection.exe
----a-w 224,248 2007-06-08 14:59:38 C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

----a-w 67,584 2005-09-30 04:01:14 C:\WINDOWS\ehome\bak\ehtray.exe
----a-w 64,512 2005-08-06 03:56:34 C:\WINDOWS\ehome\ehtray.exe

----a-w 237,568 2005-07-23 05:14:00 C:\WINDOWS\SMINST\bak\RECGUARD.EXE
----a-w 237,568 2005-07-23 05:14:00 C:\WINDOWS\SMINST\RECGUARD.EXE

----a-w 20,480 2006-09-20 13:35:26 C:\WINDOWS\system32\spool\drivers\w32x86\3\bak\WrtMon.exe
----a-w 20,480 2006-09-20 13:35:26 C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-22 23:19]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 09:59]
"WrtMon.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 08:35]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 13:16]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-13 22:05 C:\WINDOWS\RTHDCPL.EXE]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-23 00:14]
"QuickTime Task"="C:\Program Files\QuickTime\bak\QTTask.exe" [2007-06-29 06:24]
"PCDrProfiler"="" []
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 12:45]
"nwiz"="nwiz.exe" [2006-05-09 17:50 C:\WINDOWS\system32\nwiz.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-05-09 17:50]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-10-02 19:33]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 00:34]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11]
"HostManager"="C:\Program Files\Common Files\AOL\1191896914\EE\AOLHostManager.exe" [2004-11-03 16:03]
"ftutil2"="ftutil2.dll" [2004-06-07 16:05 C:\WINDOWS\system32\ftutil2.dll]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 22:56]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2004-10-20 08:40]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 01:19 C:\WINDOWS\arpwrmsg.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Documents and Settings\DEBORAH\Start Menu\Programs\Startup\
PinMcLnk.lnk - C:\hp\bin\cloaker.exe [2006-09-11 19:49:49]

C:\Documents and Settings\Guest\Start Menu\Programs\Startup\
PinMcLnk.lnk - C:\hp\bin\cloaker.exe [2006-09-11 19:49:49]

C:\Documents and Settings\Jannas Place to Surf\Start Menu\Programs\Startup\
PinMcLnk.lnk - C:\hp\bin\cloaker.exe [2006-09-11 19:49:49]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
Compaq Connections.lnk - C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe [2006-09-11 20:38:53]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2006-06-02 05:29:26]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

S1 lusbaudio;Logitech USB Microphone;C:\WINDOWS\system32\drivers\OVSound2.sys
S3 QCEmerald;Logitech QuickCam Web;C:\WINDOWS\system32\DRIVERS\OVCE.sys

*Newly Created Service* - COMHOST
*Newly Created Service* - MDMXSDK
.
Contents of the 'Scheduled Tasks' folder
"2007-10-09 19:19:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
"2007-10-12 09:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Compaq_Administrator.job"
- c:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe
"2007-10-07 12:53:41 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - DEBORAH.job"
- c:\PROGRA~1\NORTON~1\NORTON~1\NAVW32.EXE
"2007-10-16 11:01:51 C:\WINDOWS\Tasks\Norton AntiVirus - Run Norton QuickScan - Compaq_Administrator.job"
"2007-10-07 12:52:57 C:\WINDOWS\Tasks\Norton AntiVirus - Run Norton QuickScan - DEBORAH.job"
"2007-10-16 04:34:21 C:\WINDOWS\Tasks\User_Feed_Synchronization-{A6069590-57C1-4AF5-A407-04B4B5CDD818}.job"
"2007-01-22 18:05:05 C:\WINDOWS\Tasks\Warranty Reminder 11 month.job"
- c:\windows\system32\pcintro\reminder\Warranty_Reminder_11_month\Warranty_Reminder_11_month.bat
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-16 20:02:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-16 20:03:24
.
--- E O F ---

Go to start> control panel>add/remove programs and uninstall all older versions of java. Theonly version you should have is jre1.6.0_03.

Do another AWF scan please.

Double-click on the FindAWF.exe file to run it. It will open a command prompt and ask you to "Press any key to continue". You will be presented with a Menu.
1. Press 1 then Enter to scan for bak folders
2. Press 2 then Enter to restore files from bak folders
3. Press 3 then Enter to remove bak folders
4. Press 4 then Enter to reset domain zones
5. Press E then Enter to EXIT
Press 1 then press Enter. Copy and paste the contents of the AWF.txt file in your next reply.

Find AWF report by noahdfear ©2006
Version 1.40

The current date is: Tue 10/16/2007
The current time is: 22:19:45.04

bak folders found
~~~~~~~~~~~

Directory of C:\PROGRA~1\ITUNES\BAK

09/14/2007 10:00 AM 267,064 iTunesHelper.exe
1 File(s) 267,064 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

06/29/2007 06:24 AM 286,720 QTTask.exe
1 File(s) 286,720 bytes

Directory of C:\WINDOWS\EHOME\BAK

09/29/2005 11:01 PM 67,584 ehtray.exe
1 File(s) 67,584 bytes

Directory of C:\WINDOWS\SMINST\BAK

07/23/2005 12:14 AM 237,568 RECGUARD.EXE
1 File(s) 237,568 bytes

Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\HEWLET~1\HPBOOT~1\BAK

02/16/2006 12:34 AM 249,856 HPBootOp.exe
1 File(s) 249,856 bytes

Directory of C:\PROGRA~1\HP\HPSOFT~1\BAK

02/16/2005 11:11 PM 49,152 HPWuSchd2.exe
1 File(s) 49,152 bytes

Directory of C:\PROGRA~1\SCANSOFT\OMNIPA~1.0\BAK

10/11/2006 12:45 PM 75,304 OpwareSE4.exe
1 File(s) 75,304 bytes

Directory of C:\PROGRA~1\YAHOO!\SEARCH~1\BAK

06/08/2007 09:59 AM 224,248 SearchProtection.exe
1 File(s) 224,248 bytes

Directory of C:\PROGRA~1\COMMON~1\SCANSO~1\SSBKGD~1\BAK

09/28/2006 01:16 PM 185,896 SSBkgdupdate.exe
1 File(s) 185,896 bytes

Directory of C:\PROGRA~1\JAVA\JRE16~2.0_0\BIN\BAK

07/12/2007 04:00 AM 132,496 jusched.exe
1 File(s) 132,496 bytes

Directory of C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\BAK

09/20/2006 08:35 AM 20,480 WrtMon.exe
1 File(s) 20,480 bytes

Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

28176 Oct 2 2007 "C:\Program Files\iTunes\iTunesHelper.exe"
267064 Sep 14 2007 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
102400 Sep 18 2007 "C:\WINDOWS\Installer\{7FF9CD9C-6E0C-4462-9670-F424DCB32DAF}\iTunesIco.exe"
116024 Sep 18 2007 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.4.2.4\iTunesSetupAdmin.exe"
286720 Jun 29 2007 "C:\Program Files\QuickTime\QTTask.exe"
286720 Jun 29 2007 "C:\Program Files\QuickTime\bak\QTTask.exe"
64512 Aug 5 2005 "C:\WINDOWS\$NtUninstallKB908246$\ehtray.exe"
64512 Aug 5 2005 "C:\WINDOWS\ehome\ehtray.exe"
67584 Sep 29 2005 "C:\WINDOWS\ehome\bak\ehtray.exe"
237568 Jul 23 2005 "C:\WINDOWS\SMINST\RECGUARD.EXE"
237568 Jul 23 2005 "C:\WINDOWS\SMINST\bak\RECGUARD.EXE"
249856 Feb 16 2006 "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe"
249856 Feb 16 2006 "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.exe"
49152 Feb 16 2005 "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
49152 Feb 16 2005 "C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe"
75304 Oct 11 2006 "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
75304 Oct 11 2006 "C:\Program Files\ScanSoft\OmniPageSE4.0\bak\OpwareSE4.exe"
224248 Jun 8 2007 "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
224248 Jun 8 2007 "C:\Program Files\Yahoo!\Search Protection\bak\SearchProtection.exe"
185896 Sep 28 2006 "C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdupdate.exe"
185896 Sep 28 2006 "C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\bak\SSBkgdupdate.exe"
132496 Sep 25 2007 "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
132496 Jul 12 2007 "C:\Program Files\Java\jre1.6.0_02\bin\bak\jusched.exe"
20480 Sep 20 2006 "C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe"
20480 Sep 20 2006 "C:\WINDOWS\system32\spool\drivers\w32x86\3\bak\WrtMon.exe"

end of report

OMG. I was checking something this morning and the virus showed up again. what do I do now. Thanks Jerrold

It has not left yet.

Double-click the FindAWF icon once again

If a Security Alert shows, allow the program to run.
As instructed, press any key to continue.
Use the following option: Press 2 then Enter to restore files from bak folders

A text file opens called: files.txt
Click below the line and paste the following list of files to be restored:

"C:\Program Files\iTunes\bak\iTunesHelper.exe"
"C:\Program Files\QuickTime\bak\QTTask.exe"
"C:\WINDOWS\ehome\bak\ehtray.exe"
"C:\WINDOWS\SMINST\bak\RECGUARD.EXE"
"C:\Program Files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.exe"
"C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe"
"C:\Program Files\ScanSoft\OmniPageSE4.0\bak\OpwareSE4.exe"
"C:\Program Files\Yahoo!\Search Protection\bak\SearchProtection.exe"
"C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\bak\SSBkgdupdate.exe"
"C:\Program Files\Java\jre1.6.0_02\bin\bak\jusched.exe"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\bak\WrtMon.exe"

Next, close and click Yes to save the changes.

Once files.txt is saved, FindAWF does the following:
-It attempts to terminate the process represented by each filename on the list, if running
-Deletes the rogue file from the parent folder, if present
-Copies the original file to the parent folder

When done with the above, it automatically runs a new scan and opens a new log.
Please provide the new FindAWF log in your reply.

Find AWF report by noahdfear ©2006
Version 1.40

The current date is: Wed 10/17/2007
The current time is: 11:42:55.21

bak folders found
~~~~~~~~~~~

Directory of C:\PROGRA~1\ITUNES\BAK

09/26/2007 02:42 PM 267,064 iTunesHelper.exe
1 File(s) 267,064 bytes

Directory of C:\PROGRA~1\LEXMAR~1\BAK

01/16/2004 05:04 AM 57,344 lxbmbmgr.exe
1 File(s) 57,344 bytes

Directory of C:\PROGRA~1\MESSEN~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

06/29/2007 06:24 AM 286,720 qttask.exe
1 File(s) 286,720 bytes

Directory of C:\WINDOWS\EHOME\BAK

08/10/2004 01:04 PM 59,392 ehtray.exe
1 File(s) 59,392 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

10/08/2004 11:52 AM 221,184 LVCOMSX.EXE
1 File(s) 221,184 bytes

Directory of C:\PROGRA~1\CYBERL~1\POWERDVD\BAK

11/02/2004 10:24 PM 32,768 PDVDServ.exe
1 File(s) 32,768 bytes

Directory of C:\PROGRA~1\LEXMAR~1\FAX\BAK

01/22/2004 10:59 AM 151,552 fm3032.exe
1 File(s) 151,552 bytes

Directory of C:\PROGRA~1\LOGITECH\VIDEO\BAK

10/08/2004 12:31 PM 458,752 ISStart.exe
10/08/2004 12:24 PM 217,088 LogiTray.exe
10/08/2004 12:06 PM 196,608 ManifestEngine.exe
3 File(s) 872,448 bytes

Directory of C:\PROGRA~1\MCAFEE\SPAMKI~1\BAK

09/26/2005 12:26 PM 110,592 MskAgent.exe
11/07/2006 02:49 PM 1,121,280 MSKDetct.exe
2 File(s) 1,231,872 bytes

Directory of C:\PROGRA~1\MCAFEE.COM\AGENT\BAK

09/22/2005 06:29 PM 303,104 mcagent.exe
01/11/2006 12:05 PM 212,992 mcupdate.exe
2 File(s) 516,096 bytes

Directory of C:\PROGRA~1\MCAFEE.COM\PERSON~1\BAK

11/11/2005 05:00 PM 1,005,096 MpfTray.exe
1 File(s) 1,005,096 bytes

Directory of C:\PROGRA~1\MCAFEE.COM\VSO\BAK

07/08/2005 06:18 PM 151,552 mcmnhdlr.exe
08/10/2005 02:49 PM 163,840 mcvsshld.exe
08/12/2005 12:02 AM 53,248 oasclnt.exe
3 File(s) 368,640 bytes

Directory of C:\PROGRA~1\ADOBE\READER~1.0\READER\BAK

05/11/2007 03:06 AM 40,048 Reader_sl.exe
1 File(s) 40,048 bytes

Directory of C:\PROGRA~1\COMMON~1\AHEAD\LIB\BAK

03/09/2007 06:53 PM 153,136 NeroCheck.exe
1 File(s) 153,136 bytes

Directory of C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK

05/18/2007 11:58 AM 185,896 realsched.exe
1 File(s) 185,896 bytes

Directory of C:\PROGRA~1\ADOBE\PHOTOS~1\3.2\APPS\BAK

03/09/2007 11:09 AM 63,712 apdproxy.exe
1 File(s) 63,712 bytes

Directory of C:\PROGRA~1\LOGITECH\DESKTO~1\8876480\PROGRAM\BAK

04/11/2007 08:44 AM 20,480 BackWeb-8876480.exe
1 File(s) 20,480 bytes

Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

26636 Oct 10 2007 "C:\Program Files\iTunes\iTunesHelper.exe"
267064 Sep 26 2007 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
102400 Sep 27 2007 "C:\WINDOWS\Installer\{B045B608-4A47-4C77-9EAD-06C394503306}\iTunesIco.exe"
116024 Sep 27 2007 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.4.3.1\iTunesSetupAdmin.exe"
116288 Jun 9 2007 "C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\APKPSJQB\iTunesSetupAdmin[1].exe"
26636 Oct 10 2007 "C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe"
57344 Jan 16 2004 "C:\Program Files\Lexmark 4200 Series\bak\lxbmbmgr.exe"
26636 Oct 10 2007 "C:\Program Files\QuickTime\qttask.exe"
286720 Jun 29 2007 "C:\Program Files\QuickTime\bak\qttask.exe"
26636 Oct 10 2007 "C:\WINDOWS\ehome\ehtray.exe"
59392 Aug 10 2004 "C:\WINDOWS\ehome\bak\ehtray.exe"
26636 Oct 10 2007 "C:\WINDOWS\system32\LVCOMSX.EXE"
221184 Oct 8 2004 "C:\WINDOWS\system32\bak\LVCOMSX.EXE"
26636 Oct 10 2007 "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
32768 Nov 2 2004 "C:\Program Files\CyberLink\PowerDVD\bak\PDVDServ.exe"
26636 Oct 10 2007 "C:\Program Files\Lexmark 4200 Series\Fax\fm3032.exe"
151552 Jan 22 2004 "C:\Program Files\Lexmark 4200 Series\Fax\bak\fm3032.exe"
26636 Oct 10 2007 "C:\Program Files\Logitech\Video\ISStart.exe"
458752 Oct 8 2004 "C:\Program Files\Logitech\Video\bak\ISStart.exe"
26636 Oct 10 2007 "C:\Program Files\Logitech\Video\LogiTray.exe"
217088 Oct 8 2004 "C:\Program Files\Logitech\Video\bak\LogiTray.exe"
26636 Oct 10 2007 "C:\Program Files\Logitech\Video\ManifestEngine.exe"
196608 Oct 8 2004 "C:\Program Files\Logitech\Video\bak\ManifestEngine.exe"
26636 Oct 10 2007 "C:\Program Files\McAfee\SpamKiller\MskAgent.exe"
110592 Sep 26 2005 "C:\Program Files\McAfee\SpamKiller\bak\MskAgent.exe"
26636 Oct 10 2007 "C:\Program Files\McAfee\SpamKiller\MSKDetct.exe"
1121280 Nov 7 2006 "C:\Program Files\McAfee\SpamKiller\bak\MSKDetct.exe"
26636 Oct 10 2007 "C:\Program Files\McAfee.com\Agent\mcagent.exe"
303104 Sep 22 2005 "C:\Program Files\McAfee.com\Agent\bak\mcagent.exe"
26636 Oct 10 2007 "C:\Program Files\McAfee.com\Agent\mcupdate.exe"
212992 Jan 11 2006 "C:\Program Files\McAfee.com\Agent\bak\mcupdate.exe"
26636 Oct 10 2007 "C:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe"
1005096 Nov 11 2005 "C:\Program Files\McAfee.com\Personal Firewall\bak\MpfTray.exe"
26636 Oct 10 2007 "C:\Program Files\McAfee.com\VSO\mcmnhdlr.exe"
151552 Jul 8 2005 "C:\Program Files\McAfee.com\VSO\bak\mcmnhdlr.exe"
26636 Oct 10 2007 "C:\Program Files\McAfee.com\VSO\mcvsshld.exe"
163840 Aug 10 2005 "C:\Program Files\McAfee.com\VSO\bak\mcvsshld.exe"
26636 Oct 10 2007 "C:\Program Files\McAfee.com\VSO\oasclnt.exe"
53248 Aug 12 2005 "C:\Program Files\McAfee.com\VSO\bak\oasclnt.exe"
26636 Oct 10 2007 "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
40048 May 11 2007 "C:\Program Files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe"
26636 Oct 10 2007 "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
153136 Mar 9 2007 "C:\Program Files\Common Files\Ahead\Lib\bak\NeroCheck.exe"
26636 Oct 10 2007 "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
185896 May 18 2007 "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
26636 Oct 10 2007 "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
63712 Mar 9 2007 "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\bak\apdproxy.exe"
26636 Oct 10 2007 "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe"
20480 Apr 11 2007 "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\bak\BackWeb-8876480.exe"

end of report

Jay Forrester, Please start a new thread of your own ans state the problem. Do not post any logs without being requested to do so, not my idea, forum rules.

Find AWF report by noahdfear ©2006
Version 1.40
Option 2 run successfully

The current date is: 2007-10-17
The current time is: 20:09:22.30

bak folders found
~~~~~~~~~~~

Directory of C:\PROGRA~1\ITUNES\BAK

2007-09-14 10:00 267,064 iTunesHelper.exe
1 File(s) 267,064 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

2007-06-29 06:24 286,720 QTTask.exe
1 File(s) 286,720 bytes

Directory of C:\WINDOWS\EHOME\BAK

2005-09-29 23:01 67,584 ehtray.exe
1 File(s) 67,584 bytes

Directory of C:\WINDOWS\SMINST\BAK

2005-07-23 00:14 237,568 RECGUARD.EXE
1 File(s) 237,568 bytes

Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\HEWLET~1\HPBOOT~1\BAK

2006-02-16 00:34 249,856 HPBootOp.exe
1 File(s) 249,856 bytes

Directory of C:\PROGRA~1\HP\HPSOFT~1\BAK

2005-02-16 23:11 49,152 HPWuSchd2.exe
1 File(s) 49,152 bytes

Directory of C:\PROGRA~1\SCANSOFT\OMNIPA~1.0\BAK

2006-10-11 12:45 75,304 OpwareSE4.exe
1 File(s) 75,304 bytes

Directory of C:\PROGRA~1\YAHOO!\SEARCH~1\BAK

2007-06-08 09:59 224,248 SearchProtection.exe
1 File(s) 224,248 bytes

Directory of C:\PROGRA~1\COMMON~1\SCANSO~1\SSBKGD~1\BAK

2006-09-28 13:16 185,896 SSBkgdupdate.exe
1 File(s) 185,896 bytes

Directory of C:\PROGRA~1\JAVA\JRE16~2.0_0\BIN\BAK

2007-07-12 04:00 132,496 jusched.exe
1 File(s) 132,496 bytes

Directory of C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\BAK

2006-09-20 08:35 20,480 WrtMon.exe
1 File(s) 20,480 bytes

Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

267064 Sep 14 2007 "C:\Program Files\iTunes\iTunesHelper.exe"
267064 Sep 14 2007 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
102400 Sep 18 2007 "C:\WINDOWS\Installer\{7FF9CD9C-6E0C-4462-9670-F424DCB32DAF}\iTunesIco.exe"
116024 Sep 18 2007 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.4.2.4\iTunesSetupAdmin.exe"
286720 Jun 29 2007 "C:\Program Files\QuickTime\QTTask.exe"
286720 Jun 29 2007 "C:\Program Files\QuickTime\bak\QTTask.exe"
64512 Aug 5 2005 "C:\WINDOWS\$NtUninstallKB908246$\ehtray.exe"
64512 Aug 5 2005 "C:\WINDOWS\ehome\ehtray.exe"
67584 Sep 29 2005 "C:\WINDOWS\ehome\bak\ehtray.exe"
237568 Jul 23 2005 "C:\WINDOWS\SMINST\RECGUARD.EXE"
237568 Jul 23 2005 "C:\WINDOWS\SMINST\bak\RECGUARD.EXE"
249856 Feb 16 2006 "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe"
249856 Feb 16 2006 "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.exe"
49152 Feb 16 2005 "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
49152 Feb 16 2005 "C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe"
75304 Oct 11 2006 "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
75304 Oct 11 2006 "C:\Program Files\ScanSoft\OmniPageSE4.0\bak\OpwareSE4.exe"
224248 Jun 8 2007 "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
224248 Jun 8 2007 "C:\Program Files\Yahoo!\Search Protection\bak\SearchProtection.exe"
185896 Sep 28 2006 "C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdupdate.exe"
185896 Sep 28 2006 "C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\bak\SSBkgdupdate.exe"
132496 Jul 12 2007 "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
132496 Sep 25 2007 "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
132496 Jul 12 2007 "C:\Program Files\Java\jre1.6.0_02\bin\bak\jusched.exe"
20480 Sep 20 2006 "C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe"
20480 Sep 20 2006 "C:\WINDOWS\system32\spool\drivers\w32x86\3\bak\WrtMon.exe"

end of report

Double-click the FindAWF icon once again

If a Security Alert shows, allow the program to run.
As instructed, press any key to continue.
Use the following option: Press 2 then Enter to restore files from bak folders

A text file opens called: files.txt
Click below the line and paste the following list of files to be restored:

"C:\Program Files\iTunes\bak\iTunesHelper.exe"
"C:\Program Files\QuickTime\bak\QTTask.exe"
"C:\WINDOWS\ehome\bak\ehtray.exe"
"C:\WINDOWS\SMINST\bak\RECGUARD.EXE"
"C:\Program Files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.exe"
"C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe"
"C:\Program Files\ScanSoft\OmniPageSE4.0\bak\OpwareSE4.exe"
"C:\Program Files\Yahoo!\Search Protection\bak\SearchProtection.exe"
"C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\bak\SSBkgdupdate.exe"
"C:\Program Files\Java\jre1.6.0_02\bin\bak\jusched.exe"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\bak\WrtMon.exe"

Next, close and click Yes to save the changes.

Once files.txt is saved, FindAWF does the following:
-It attempts to terminate the process represented by each filename on the list, if running
-Deletes the rogue file from the parent folder, if present
-Copies the original file to the parent folder

When done with the above, it automatically runs a new scan and opens a new log.
Please provide the new FindAWF log in your reply.

Find AWF report by noahdfear ©2006
Version 1.40
Option 2 run successfully

The current date is: 2007-10-17
The current time is: 21:29:35.32

bak folders found
~~~~~~~~~~~

Directory of C:\PROGRA~1\ITUNES\BAK

2007-09-14 10:00 267,064 iTunesHelper.exe
1 File(s) 267,064 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

2007-06-29 06:24 286,720 QTTask.exe
1 File(s) 286,720 bytes

Directory of C:\WINDOWS\EHOME\BAK

2005-09-29 23:01 67,584 ehtray.exe
1 File(s) 67,584 bytes

Directory of C:\WINDOWS\SMINST\BAK

2005-07-23 00:14 237,568 RECGUARD.EXE
1 File(s) 237,568 bytes

Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\HEWLET~1\HPBOOT~1\BAK

2006-02-16 00:34 249,856 HPBootOp.exe
1 File(s) 249,856 bytes

Directory of C:\PROGRA~1\HP\HPSOFT~1\BAK

2005-02-16 23:11 49,152 HPWuSchd2.exe
1 File(s) 49,152 bytes

Directory of C:\PROGRA~1\SCANSOFT\OMNIPA~1.0\BAK

2006-10-11 12:45 75,304 OpwareSE4.exe
1 File(s) 75,304 bytes

Directory of C:\PROGRA~1\YAHOO!\SEARCH~1\BAK

2007-06-08 09:59 224,248 SearchProtection.exe
1 File(s) 224,248 bytes

Directory of C:\PROGRA~1\COMMON~1\SCANSO~1\SSBKGD~1\BAK

2006-09-28 13:16 185,896 SSBkgdupdate.exe
1 File(s) 185,896 bytes

Directory of C:\PROGRA~1\JAVA\JRE16~2.0_0\BIN\BAK

2007-07-12 04:00 132,496 jusched.exe
1 File(s) 132,496 bytes

Directory of C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\BAK

2006-09-20 08:35 20,480 WrtMon.exe
1 File(s) 20,480 bytes

Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

267064 Sep 14 2007 "C:\Program Files\iTunes\iTunesHelper.exe"
267064 Sep 14 2007 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
102400 Sep 18 2007 "C:\WINDOWS\Installer\{7FF9CD9C-6E0C-4462-9670-F424DCB32DAF}\iTunesIco.exe"
116024 Sep 18 2007 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.4.2.4\iTunesSetupAdmin.exe"
286720 Jun 29 2007 "C:\Program Files\QuickTime\QTTask.exe"
286720 Jun 29 2007 "C:\Program Files\QuickTime\bak\QTTask.exe"
64512 Aug 5 2005 "C:\WINDOWS\$NtUninstallKB908246$\ehtray.exe"
64512 Aug 5 2005 "C:\WINDOWS\ehome\ehtray.exe"
67584 Sep 29 2005 "C:\WINDOWS\ehome\bak\ehtray.exe"
237568 Jul 23 2005 "C:\WINDOWS\SMINST\RECGUARD.EXE"
237568 Jul 23 2005 "C:\WINDOWS\SMINST\bak\RECGUARD.EXE"
249856 Feb 16 2006 "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe"
249856 Feb 16 2006 "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.exe"
49152 Feb 16 2005 "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
49152 Feb 16 2005 "C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe"
75304 Oct 11 2006 "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
75304 Oct 11 2006 "C:\Program Files\ScanSoft\OmniPageSE4.0\bak\OpwareSE4.exe"
224248 Jun 8 2007 "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
224248 Jun 8 2007 "C:\Program Files\Yahoo!\Search Protection\bak\SearchProtection.exe"
185896 Sep 28 2006 "C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdupdate.exe"
185896 Sep 28 2006 "C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\bak\SSBkgdupdate.exe"
132496 Jul 12 2007 "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
132496 Sep 25 2007 "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
132496 Jul 12 2007 "C:\Program Files\Java\jre1.6.0_02\bin\bak\jusched.exe"
20480 Sep 20 2006 "C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe"
20480 Sep 20 2006 "C:\WINDOWS\system32\spool\drivers\w32x86\3\bak\WrtMon.exe"

end of report

Option 3:
Double-click the FindAWF icon once again

If a Security Alert shows, allow the program to run.
As instructed, press any key to continue.
Use the following option: Press 3 then Enter to remove bak folders

A text file opens called: folders.txt
Click below the line and paste the following list of folders to be removed:

C:\Program Files\iTunes\bak
C:\Program Files\QuickTime\bak
C:\WINDOWS\ehome\bak
C:\WINDOWS\SMINST\bak
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\bak
C:\Program Files\HP\HP Software Update\bak
C:\Program Files\ScanSoft\OmniPageSE4.0\bak
C:\Program Files\Yahoo!\Search Protection\bak
C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\bak
C:\Program Files\Java\jre1.6.0_02\bin\bak
C:\WINDOWS\system32\spool\drivers\w32x86\3\bak
C:\PROGRA~1\COMMON~1\SYMANT~1\BAK\

Next, close and click Yes to save the changes.

Once folders.txt is saved, FindAWF does the following:
-It deletes the contents of the bak folders
-Removes the bak folders

When done with the above, it automatically runs a new scan and opens a new log.
Please provide the new FindAWF log in your reply.

Next Option 4.

Option 4:
Double-click the FindAWF icon once again

If a Security Alert shows, allow the program to run.
As instructed, press any key to continue.
Use the following option: Press 4 then Enter to reset domain zones

This removes all entries from the domain zones.
When the program returns to the main menu, use the following option:
Press E then Enter to EXIT

Next,

Launch Notepad, and copy/paste all the blue instructions below to it.
Save in: Desktop
File Name: fixme.reg
Save as Type: All files
Click: Save
REGEDIT4
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
Then, disconnect from the Internet!
Next,
Back on the Desktop, double-click on the fixme.reg file you just saved and click on Yes when asked to merge the information.
Optional if the following programs are in your computer.
Note that since the Domains are deleted SpywareBlaster protection must be re-enabled. Spybot's Immunize feature must be used again, also you have to re-install IE-SpyAd if installed.
Delete the fixme.reg file just created.

Double-click on the FindAWF.exe file to run it. It will open a command prompt and ask you to "Press any key to continue".

Press 1 then press Enter. Copy and paste the contents of the AWF.txt file in your next reply.

Find AWF report by noahdfear ©2006
Version 1.40
Option 3 run successfully

The current date is: 2007-10-18
The current time is: 7:23:35.36

bak folders found
~~~~~~~~~~~

Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

end of report

Find AWF report by noahdfear ©2006
Version 1.40

The current date is: 2007-10-18
The current time is: 21:20:17.23

bak folders found
~~~~~~~~~~~

Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

end of report

Much Better. How is the computer operating.

You should add "Spywareblaster" to your arsenol of antispyware tools, just do a google search for spywareblaster, download it,install it, and update it. Its free and runs in the background, so you don't actually run it, and re-writes malicious script before it can install on your computer. Look for updates weekly as there is no auto-update on the free version.

Thanks guys it is working greeeeeeeat now. I downloaded spywareblaster and have it running.
Any ideas of were i should get a good security software? I know thats for another log. :) Thanks again. Jerrold