jwdoc77

I am having a problem with the W32/Backdoor.BAM virus. I use F-prot antivirus on my windows XP machine and have been getting the message from my real time protector: F:\System Volume Information\restore{511FAD39-8DDE-4460-B085-E11020F6D742}\RP496\A0046375.EXE Infection: W32/Backdoor.BAM
When i run my f-prot virus scan to try to quarantine or delete the virus it finds nothing. So i followed the directions in the stickied thread at the top and ran adawear SE, but had no luck in resolving the problem. I then ran the online virus scan and again had no luck in getting rid or the virus. I then ran hijack this and the high jack this analyzer and the following is my log. Help analyzing this and any other suggestions would be greatly appreciated.

====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 4/1/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 9:04:34 PM, on 4/20/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\FSI\F-Prot\fpavupdm.exe
F:\WINDOWS\System32\nvsvc32.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\sstray.exe
F:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\WINDOWS\system32\rundll32.exe
F:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
F:\Program Files\Microsoft IntelliType Pro\type32.exe
F:\Program Files\Microsoft IntelliPoint\point32.exe
F:\Program Files\iTunes\iTunesHelper.exe
F:\WINDOWS\system32\RUNDLL32.EXE
F:\Program Files\iPod\bin\iPodService.exe
F:\WINDOWS\system32\NOTEPAD.EXE
F:\Program Files\Internet Explorer\iexplore.exe
F:\Documents and Settings\Joel\Desktop\HJT\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [FRISK FP-Scheduler] F:\Program Files\FSI\F-Prot\F-Sched.exe
O4 - HKLM\..\Run: [F-StopW] F:\Program Files\FSI\F-Prot\F-StopW.EXE
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "F:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [type32] "F:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "F:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [iTunesHelper] F:\Program Files\iTunes\iTunesHelper.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [AIM] F:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0F9B4CA4-A30F-480A-841D-69B45C50A8F8} (SekureL0gin.SekureKontrol) - http://secure2.comned.com/signuptemp...veSekurity.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10...o.cab32846.cab
O16 - DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} (dlControl.UserControl1) - https://stores.musictoday.com/store/...ugsActiveX.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/def...ploader_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{142C464F-B00F-425C-B3B6-05312EFC0596}: NameServer = 63.240.76.4,204.127.198.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{142C464F-B00F-425C-B3B6-05312EFC0596}: NameServer = 63.240.76.4,204.127.198.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{142C464F-B00F-425C-B3B6-05312EFC0596}: NameServer = 63.240.76.4,204.127.198.4
O23 - Service: F-Prot Antivirus Update Monitor - FRISK Software - F:\Program Files\FSI\F-Prot\fpavupdm.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\System32\nvsvc32.exe


End of KRC HijackThis Analyzer Log.
====================================================================

Again thanks in adavance to anyone who can help me with this.

Joel