From earlier forum responses I have run HIJACKTHIS followed by FindAWF. I am posting thes two files here. I hope someone can help me....Thanks CinciDave:
HJT
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:19:19 PM, on 11/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: NormalRunning processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\Hummingbird\Connectivity\7.10\Inetd\inetd32.exe
C:\WINDOWS\system32\Hummingbird\Connectivity\7.10\Jconfig\jconfigdnt.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\system32\Hummingbird\Connectivity\7.10\Jconfig\hjavaw.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.6.0_03\bin\javaw.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSGTAG Status\MSGTAG Status\bak\MSGTAGStatus.exe
G:\RegRuns\REGRUN~1\WatchDog.exe
G:\AllChars\AllChars.exe
G:\JGsoft\EditPadLite\EditPad.exe
H:\PgmDownloads\HiJackThis\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://broadband.zoomtown.com/index...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [HP Lamp] C:\SCANJET\PrecisionScanPro\HPLamp.exe
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"
O4 - HKLM\..\Run: [Net-It Launcher] C:\WINDOWS\system32\NILaunch.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [RegRun WinBait] C:\WINDOWS\winbait.exe
O4 - HKLM\..\Run: [@RegRunOnSecure] G:\RegRuns\REGRUN~1\OnSecure.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSGTAG] "C:\Program Files\MSGTAG Status\MSGTAG Status\bak\MSGTAGStatus.exe" /startup
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] G:\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Regrun2] G:\RegRuns\REGRUN~1\WatchDog.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AllChars.lnk = G:\AllChars\AllChars.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe
O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.doginhispen.com
O15 - Trusted Zone: *.whataboutadog.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52...
O16 - DPF: {051D0E35-F4E3-4C8D-B411-AB0875F4C683} (Anark Client 4.0 ActiveX Control) - http://install.anark.com/client/ver...
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanag...
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (Installer Class) - http://www.nanoscan.com/as/v1/cabs/...
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/re...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoin...
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/active...
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driver...
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/i...
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Hummingbird Inetd (HCLInetd) - Hummingbird Ltd. - C:\WINDOWS\system32\Hummingbird\Connectivity\7.10\Inetd\inetd32.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Hummingbird Jconfig Daemon (Jconfigd) - Hummingbird Ltd. - C:\WINDOWS\system32\Hummingbird\Connectivity\7.10\Jconfig\jconfigdnt.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
--
End of file - 10657 bytes
FindAWF
Find AWF report by noahdfear ©2006
Version 1.40
The current date is: Fri 11/30/2007
The current time is: 15:28:05.50
bak folders found
~~~~~~~~~~~
Directory of C:\PROGRA~1\DELLSU~1\BAK
08/28/2006 08:57 PM 395,776 DSAgnt.exe
1 File(s) 395,776 bytes
Directory of C:\PROGRA~1\QUICKT~1\BAK
0 File(s) 0 bytes
Directory of C:\SCANJET\PRECIS~1\BAK
07/23/1999 12:11 AM 42,496 HPLamp.exe
1 File(s) 42,496 bytes
Directory of C:\WINDOWS\SYSTEM32\BAK
08/04/2004 05:00 AM 15,360 ctfmon.exe
02/05/1998 02:16 PM 24,576 NILaunch.exe
2 File(s) 39,936 bytes
Directory of C:\PROGRA~1\ATITEC~1\ATICON~1\BAK
02/09/2006 09:05 PM 344,064 atiptaxx.exe
1 File(s) 344,064 bytes
Directory of C:\PROGRA~1\HP\HPSOFT~1\BAK
02/16/2005 10:11 PM 49,152 HPWuSchd2.exe
1 File(s) 49,152 bytes
Directory of C:\PROGRA~1\MSGTAG~1\MSGTAG~1\BAK
07/10/2007 08:38 PM 1,820,160 MSGTAGStatus.exe
1 File(s) 1,820,160 bytes
Directory of C:\PROGRA~1\NETWOR~1\COMMON~1\BAK
08/06/2004 03:50 AM 139,320 UpdaterUI.exe
1 File(s) 139,320 bytes
Directory of C:\PROGRA~1\NETWOR~1\VIRUSS~1\BAK
0 File(s) 0 bytes
Directory of C:\PROGRA~1\QUICKT~1\BAK\BAK
06/29/2007 05:24 AM 286,720 qttask.exe
1 File(s) 286,720 bytes
Directory of C:\WINDOWS\SYSTEM32\DLA\BAK
11/07/2005 04:20 AM 122,940 DLACTRLW.EXE
1 File(s) 122,940 bytes
Directory of C:\PROGRA~1\ADOBE\READER~1.0\READER\BAK
05/11/2007 02:06 AM 40,048 Reader_sl.exe
1 File(s) 40,048 bytes
Directory of C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\BAK
07/27/2004 03:50 PM 81,920 issch.exe
07/27/2004 03:50 PM 221,184 ISUSPM.exe
2 File(s) 303,104 bytes
Directory of C:\PROGRA~1\COMMON~1\NETWOR~1\TALKBACK\BAK
10/07/2003 09:48 AM 147,514 tbmon.exe
1 File(s) 147,514 bytes
Directory of C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK
04/29/2007 09:28 PM 185,896 realsched.exe
1 File(s) 185,896 bytes
Directory of C:\PROGRA~1\COREL\WORDPE~1\PROGRAMS\BAK
12/10/2003 12:56 PM 77,887 QFSCHD100.EXE
1 File(s) 77,887 bytes
Directory of C:\PROGRA~1\JAVA\JRE16~3.0_0\BIN\BAK
09/25/2007 12:11 AM 132,496 jusched.exe
1 File(s) 132,496 bytes
Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~
395776 Aug 28 2006 "C:\Program Files\Dell Support\bak\DSAgnt.exe"
286720 Oct 19 2007 "C:\Program Files\QuickTime\QTTask.exe"
286720 Jun 29 2007 "C:\Program Files\QuickTime\bak\bak\qttask.exe"
42496 Jul 23 1999 "C:\SCANJET\PrecisionScanPro\bak\HPLamp.exe"
15360 Aug 4 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 Aug 4 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
24576 Feb 5 1998 "C:\Program Files\Net-It Now! Starter Edition\NTPrint\NILaunch.exe"
24576 Feb 5 1998 "C:\WINDOWS\system32\bak\NILaunch.exe"
344064 Feb 9 2006 "C:\Program Files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe"
49152 Feb 16 2005 "C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe"
1940992 Feb 6 2007 "C:\Program Files\MSGTAG Status\MSGTAGStatus.exe"
1820160 Jul 10 2007 "C:\Program Files\MSGTAG Status\MSGTAG Status\bak\MSGTAGStatus.exe"
1175952 Jan 19 2007 "H:\PgmDownloads\MSGTAG\MSGTAG145.exe"
139320 Aug 6 2004 "C:\Program Files\Network Associates\Common Framework\bak\UpdaterUI.exe"
249856 Mar 25 2007 "C:\Documents and Settings\David B. Greenberg\Local Settings\Temp\HPSU89GO.48G\UpdateDatFix.exe"
20480 Aug 23 2007 "G:\Paint.NET\UpdateMonitor.exe"
286720 Oct 19 2007 "C:\Program Files\QuickTime\QTTask.exe"
286720 Jun 29 2007 "C:\Program Files\QuickTime\bak\bak\qttask.exe"
122940 Nov 7 2005 "C:\WINDOWS\system32\DLA\bak\DLACTRLW.EXE"
122940 Nov 7 2005 "C:\Program Files\Roxio\Creator MyDVD LE Dell Edition\DLA\install\dlactrlw.exe"
40048 May 11 2007 "C:\Program Files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe"
81920 Jul 27 2004 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\issch.exe"
221184 Jul 27 2004 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe"
147514 Oct 7 2003 "C:\Program Files\Common Files\Network Associates\TalkBack\bak\tbmon.exe"
185632 Oct 19 2007 "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
185896 Apr 29 2007 "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
77887 Dec 10 2003 "C:\Program Files\Corel\WordPerfect Office 2002\Programs\bak\QFSCHD100.EXE"
36975 Nov 10 2005 "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
75520 Dec 15 2006 "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
83608 Mar 14 2007 "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
132496 Jul 12 2007 "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
132496 Sep 25 2007 "C:\Program Files\Java\jre1.6.0_03\bin\bak\jusched.exe"
end of report
Version Tracker Pro
Driver Agent