Here is my Hijackthis log..

Well I dont know if I did this correctly because I cannot find anything weird in it.. buttt maybe you guys can.


I can't access Limewire or Bearshare because of "corrupted" files, so the programs wont start-up. I tried to access the "Shared" folder in my documents where all the files go that I download off Limewire but every time I hover/click on it a pop-up will come up saying that Windows has encountered an error and has to close.

And even sometimes I do scans but as soon as it comes to that folder it encounters an error as well.

Anyone know?

Logfile of HijackThis v1.99.1
Scan saved at 7:43:00 PM, on 2/11/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AIM\aim.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\DOCUME~1\SCOTTS~2\LOCALS~1\Temp\Rar$EX00.047\BFU.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\SCOTTS~2\LOCALS~1\Temp\Rar$EX00.984\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearflix.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://verizon.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://verizon.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: (no name) - {54698A2F-2247-4538-82FC-2B5443D66945} - C:\WINDOWS\system32\drivera.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {8716806B-3888-1E26-A29E-1244E3894EB4} - C:\WINDOWS\System32\dlnmkpv.dll (file missing)
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [{A0BC7B14-07CF-1033-0902-040804030001}] "C:\Program Files\Common Files\{A0BC7B14-07CF-1033-0902-040804030001}\Update.exe" te-110-12-0000213
O4 - HKLM\..\Run: [{A0BC7B14-07D0-1033-0902-040804030001}] "C:\Program Files\Common Files\{A0BC7B14-07D0-1033-0902-040804030001}\Update.exe" te-110-12-0000213
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [BearFlix] "C:\Program Files\BearFlix\BearFlix.exe" /pause
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.CPL,CMICtrlWnd
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Tuur] "C:\PROGRA~1\DOBE~1\mmc.exe" -vt ndrv
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Verizon Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3C5C4B39-FB6E-49FB-8268-6189496BC654}: NameServer = 85.255.116.139,85.255.112.7
O17 - HKLM\System\CCS\Services\Tcpip\..\{874AF504-5EB1-4240-8799-104D11560D5A}: NameServer = 85.255.116.139,85.255.112.7
O17 - HKLM\System\CCS\Services\Tcpip\..\{92B2DB6D-2136-4534-81FC-8FEEC0BCB4A2}: NameServer = 85.255.116.139,85.255.112.7
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.139 85.255.112.7
O17 - HKLM\System\CS1\Services\Tcpip\..\{3C5C4B39-FB6E-49FB-8268-6189496BC654}: NameServer = 85.255.116.139,85.255.112.7
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.139 85.255.112.7
O17 - HKLM\System\CS2\Services\Tcpip\..\{3C5C4B39-FB6E-49FB-8268-6189496BC654}: NameServer = 85.255.116.139,85.255.112.7
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.139 85.255.112.7
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

Hi Stevenson1,

yep... You're had. Probably thanks to Bearshare and/or Limewire.

Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts.
You will be asked to reboot your computer; please do so.
Your system may take longer than usual to load; this is normal.
Once the desktop loads post the text that will open (report.txt) and a new Hijackthis log in the forum please.

Install a firewall, for example Kerio Personal Firewall or ZoneLabs Zone Alarm.

Ok I have done what you have said.

HERE IS THE REPORT.TXT LOG:::::

Fixwareout Last edited 2/11/2007
Post this report in the forums please
...
»»»»»Prerun check
HKLM\SOFTWARE\~\Winlogon\ "System"="kduzs.exe"

»»»»» System restarted

»»»»» Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
....
»»»»» Misc files.
....
»»»»» Checking for older varients.
....

Search five digit cs, dm, kd, jb, other, files.
The following files NEED TO BE SUBMITTED to one of the following URL'S for further inspection.

The system cannot find the file specified.


Click browse, find the file then click submit.
http://www.virustotal.com/flash/index_en.html
Or http://virusscan.jotti.org/

»»»»» Other
C:\WINDOWS\Temp\kduzs.ren 63541 08/13/2003



»»»»» Current runs
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"VerizonServicepoint.exe"="\"C:\\Program Files\\Verizon\\Servicepoint\\VerizonServicepoint.exe\""
"Motive SmartBridge"="C:\\PROGRA~1\\Verizon\\SMARTB~1\\MotiveSB.exe"
"YBrowser"="C:\\PROGRA~1\\Yahoo!\\browser\\ybrwicon.exe"
"{A0BC7B14-07CF-1033-0902-040804030001}"="\"C:\\Program Files\\Common Files\\{A0BC7B14-07CF-1033-0902-040804030001}\\Update.exe\" te-110-12-0000213"
"{A0BC7B14-07D0-1033-0902-040804030001}"="\"C:\\Program Files\\Common Files\\{A0BC7B14-07D0-1033-0902-040804030001}\\Update.exe\" te-110-12-0000213"
"ISUSPM Startup"="\"C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe\" -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"winupdates"=""
"BearFlix"="\"C:\\Program Files\\BearFlix\\BearFlix.exe\" /pause"
"CmPCIaudio"="RunDll32 CMICNFG3.CPL,CMICtrlWnd"
"BDMCon"="\"C:\\Program Files\\Softwin\\BitDefender10\\bdmcon.exe\" /reg"
"BDAgent"="\"C:\\Program Files\\Softwin\\BitDefender10\\bdagent.exe\""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Yahoo! Pager"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet"

"AIM"="\"C:\\Program Files\\AIM\\aim.exe\" -cnetwait.odl"

"Tuur"="\"C:\\PROGRA~1\\DOBE~1\\mmc.exe\" -vt ndrv"
....
Hosts file was reset, If you use a custom hosts file please replace it
»»»»» End report »»»»»


AND HERE IS THE NEW HIJACKTHIS LOG:::::::
Logfile of HijackThis v1.99.1
Scan saved at 11:39:54 AM, on 2/12/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\SCOTTS~2\LOCALS~1\Temp\Rar$EX00.719\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearflix.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://verizon.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://verizon.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: (no name) - {54698A2F-2247-4538-82FC-2B5443D66945} - C:\WINDOWS\system32\drivera.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {8716806B-3888-1E26-A29E-1244E3894EB4} - C:\WINDOWS\System32\dlnmkpv.dll (file missing)
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [{A0BC7B14-07CF-1033-0902-040804030001}] "C:\Program Files\Common Files\{A0BC7B14-07CF-1033-0902-040804030001}\Update.exe" te-110-12-0000213
O4 - HKLM\..\Run: [{A0BC7B14-07D0-1033-0902-040804030001}] "C:\Program Files\Common Files\{A0BC7B14-07D0-1033-0902-040804030001}\Update.exe" te-110-12-0000213
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [BearFlix] "C:\Program Files\BearFlix\BearFlix.exe" /pause
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.CPL,CMICtrlWnd
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Tuur] "C:\PROGRA~1\DOBE~1\mmc.exe" -vt ndrv
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Verizon Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3C5C4B39-FB6E-49FB-8268-6189496BC654}: NameServer = 85.255.116.139,85.255.112.7
O17 - HKLM\System\CCS\Services\Tcpip\..\{874AF504-5EB1-4240-8799-104D11560D5A}: NameServer = 85.255.116.139,85.255.112.7
O17 - HKLM\System\CCS\Services\Tcpip\..\{92B2DB6D-2136-4534-81FC-8FEEC0BCB4A2}: NameServer = 85.255.116.139,85.255.112.7
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.139 85.255.112.7
O17 - HKLM\System\CS1\Services\Tcpip\..\{3C5C4B39-FB6E-49FB-8268-6189496BC654}: NameServer = 85.255.116.139,85.255.112.7
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.139 85.255.112.7
O17 - HKLM\System\CS2\Services\Tcpip\..\{3C5C4B39-FB6E-49FB-8268-6189496BC654}: NameServer = 85.255.116.139,85.255.112.7
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.139 85.255.112.7
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

Hi Stevenson1,

Please move HijackThis to another location, preferably c:\Program Files\HijackThis. Anywhere is fine, other than your Desktop or a Temp folder. If HijackThis is in a temporary folder you run the risk of accidentally deleting the backups or it clutters your desktop with all the backups.
If you use Windows XP it might be that you just double clicked on the file HijackThis.exe, but that only extracts the file to a temporary folder. Please select the file and Extract it to a folder.

How do you make a permanent folder:

Click "My Computer", then "C:\" and then on "Program Files".
In the menu bar, "File"->"New"->"Folder".
That will create a folder named "New Folder", which you can rename to "HJT" or "HijackThis".
Now you have "C:\Program Files\HijackThis". Put your HijackThis.exe there.

1. Download ComboFix.exe using either of these links:

* bleepingcomputer.com
http://download.bleepingcomputer.com/sUBs/combofix.exe
* techsupportforum.com
http://www.techsupportforum.com/sectools/combofix.exe

2. Double click on combofix.exe & follow the prompts.

3. When finished, it shall produce a log for you. Post that log & a fresh HJT log in your next reply

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
If the log is large You might need to post half in one reply half in another.

HERE IS THE COMBOFIX LOG:::::

"scott stevenson sr" - 07-02-13 11:49:39 Service Pack 1
ComboFix 07-02-11 - Running from: "C:\Program Files\Mozilla Firefox"

/wow section not completed - STAGE #4

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\DOCUME~1
C:\qoobox\purity\DOCUME~1\SCOTTS~2
C:\qoobox\purity\DOCUME~1\SCOTTS~2\Application Data
C:\qoobox\purity\DOCUME~1\SCOTTS~2\My Documents
C:\qoobox\purity\DOCUME~1\SCOTTS~2\Application Data\from.txt
C:\qoobox\purity\DOCUME~1\SCOTTS~2\Application Data\RACLE~1
C:\qoobox\purity\DOCUME~1\SCOTTS~2\My Documents\from.txt
C:\qoobox\purity\DOCUME~1\SCOTTS~2\My Documents\ICROSO~1.NET
C:\qoobox\purity\Program Files\DOBE~2
C:\qoobox\purity\Program Files\PPPATC~1
C:\qoobox\purity\Program Files\SKS~1
C:\qoobox\purity\Program Files\YMANTE~1
C:\qoobox\purity\Program Files\Common Files\ASEMBL~1
C:\qoobox\purity\Program Files\Common Files\RACLE~1
C:\qoobox\purity\WINDOWS\ASEMBL~1
C:\qoobox\purity\WINDOWS\SMANTE~1
C:\qoobox\purity\WINDOWS\WNSXS~1
C:\qoobox\purity\WINDOWS\system32\FNTS~1
C:\qoobox\purity\WINDOWS\system32\RACLE~1
C:\qoobox\purity\WINDOWS\system32\SCURIT~1
C:\qoobox\purity\WINDOWS\WNSXS~1\WNSXS~1
C:\qoobox\purity\WINDOWS\WNSXS~1\WNSXS~1\ctxad-527.0000
C:\qoobox\purity\WINDOWS\WNSXS~1\WNSXS~1\ctxad-527.0001
C:\qoobox\purity\WINDOWS\WNSXS~1\WNSXS~1\ctxad-527.0002
C:\qoobox\purity\WINDOWS\WNSXS~1\WNSXS~1\ctxad-527.0003
C:\qoobox\purity\WINDOWS\WNSXS~1\WNSXS~1\ctxad-527.0004
C:\qoobox\purity\WINDOWS\WNSXS~1\WNSXS~1\ctxad-527.0005
C:\qoobox\purity\WINDOWS\WNSXS~1\WNSXS~1\ctxad-527.0006


((((((((((((((((((((((((((((((( Files Created from 2007-01-13 to 2007-02-13 ))))))))))))))))))))))))))))))))))


2007-02-13 11:47 <DIR> d-------- C:\Program Files\HiJackThis
2007-02-12 11:33 <DIR> d-------- C:\fixwareout
2007-02-11 20:36 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-02-11 20:36 <DIR> d-------- C:\WINDOWS\system32\appmgmt
2007-02-11 19:04 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-02-11 13:59 465,176 --a------ C:\WINDOWS\system32\wuapi.dll
2007-02-11 13:59 41,240 --a------ C:\WINDOWS\system32\wups.dll
2007-02-11 13:59 194,328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-02-11 13:59 173,536 --a------ C:\WINDOWS\system32\wuweb.dll
2007-02-11 13:59 172,312 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-02-11 13:59 127,256 --a------ C:\WINDOWS\system32\wucltui.dll
2007-02-11 13:18 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\Application Data\Symantec
2007-02-10 13:16 <DIR> d-------- C:\VundoFix Backups
2007-02-09 20:51 <DIR> d-------- C:\Program Files\Outerinfo
2007-02-09 20:50 <DIR> d-------- C:\Program Files\àdobe
2007-02-09 20:29 <DIR> d-------- C:\Program Files\Activision Value
2007-02-09 20:29 <DIR> d-------- C:\DOCUME~1\SCOTTS~2\Application Data\BearShare
2007-02-09 20:26 <DIR> d-------- C:\Program Files\Spyware Terminator
2007-02-09 20:26 <DIR> d-------- C:\DOCUME~1\SCOTTS~2\Application Data\Spyware Terminator
2007-02-09 20:26 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\Application Data\Spyware Terminator
2007-02-09 19:42 <DIR> d--hs---- C:\WINDOWS\CSC
2007-02-09 19:35 <DIR> d-------- C:\DOCUME~1\ADMINI~1.BET\Application Data\Aim
2007-02-09 19:29 <DIR> d-------- C:\DOCUME~1\ADMINI~1.BET\Application Data\Spyware Terminator
2007-02-09 19:28 524,288 --ah----- C:\DOCUME~1\ADMINI~1.BET\NTUSER.DAT
2007-02-09 18:35 <DIR> d-------- C:\DOCUME~1\SCOTTS~2\Application Data\Bitdefender
2007-02-09 18:33 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\Application Data\BitDefender
2007-02-09 17:20 758,048 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-02-09 17:20 5,920 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-02-09 17:20 <DIR> d-------- C:\Program Files\Kaspersky Lab
2007-02-09 17:20 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\Application Data\Kaspersky Lab
2007-02-09 16:50 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\Application Data\McAfee
2007-02-09 16:36 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-02-09 15:44 <DIR> d-------- C:\DOCUME~1\LOCALS~1.NTA\Application Data\Spyware Terminator
2007-02-09 15:40 <DIR> d-------- C:\DOCUME~1\SCOTTS~2\Application Data\Webroot(2)
2007-02-09 13:49 <DIR> d-------- C:\Program Files\Outerinfo(2)
2007-02-01 23:54 1,835,008 --a------ C:\DOCUME~1\SCOTTS~2\ntuser.dat
2007-02-01 18:11 77,440 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2007-02-01 18:11 56,832 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2007-02-01 18:11 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2007-02-01 18:11 50,048 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2007-02-01 18:11 5,888 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-02-01 18:11 2,816 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2007-02-01 18:11 159,360 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2007-02-01 18:11 142,208 --a------ C:\WINDOWS\system32\drivers\aec.sys
2007-02-01 18:10 917,504 --a------ C:\WINDOWS\system\CMDS3D3.DLL
2007-02-01 18:10 712,704 --a------ C:\WINDOWS\system32\AUDIO3D3.DLL
2007-02-01 18:10 712,704 --a------ C:\WINDOWS\system32\a3d.dll
2007-02-01 18:10 57,856 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-02-01 18:10 53,248 --a------ C:\WINDOWS\CmiPCIUninstall.exe
2007-02-01 18:10 36,864 --a------ C:\WINDOWS\system32\CMUDA3.DLL
2007-02-01 18:10 32,768 --a------ C:\WINDOWS\system32\UDAPROP3.DLL
2007-02-01 18:10 28,672 --a------ C:\WINDOWS\system32\CMRMDRV3.DLL
2007-02-01 18:10 233,472 --a------ C:\WINDOWS\system32\CMRMDRV3.exe
2007-02-01 18:10 134,272 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2007-02-01 18:10 1,355,456 --a------ C:\WINDOWS\system32\drivers\cmuda3.sys
2007-02-01 18:10 <DIR> d-------- C:\Program Files\Xtreme Sound PCI
2007-02-01 18:08 <DIR> d-------- C:\Program Files\Xtreme Sound Driver Setup
2007-02-01 18:08 <DIR> d-------- C:\Diamond
2007-01-28 17:50 95,744 --a-s---- C:\WINDOWS\system32\monterreya_redux.exe
2007-01-28 17:50 95,744 --a------ C:\WINDOWS\system32\drivera.exe
2007-01-28 17:50 150,016 --a------ C:\WINDOWS\system32\drivera.dll
2007-01-26 16:03 <DIR> d-------- C:\Program Files\BearFlix
2007-01-25 18:06 <DIR> d-------- C:\DOCUME~1\SCOTTS~2\Application Data\Ulead Systems
2007-01-25 17:58 <DIR> d-------- C:\WINDOWS\system32\windows media
2007-01-25 17:58 <DIR> d-------- C:\DOCUME~1\SCOTTS~2\Application Data\Help
2007-01-25 17:57 241,664 --a------ C:\WINDOWS\system32\mpg4dmod.dll
2007-01-25 17:56 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2007-01-25 17:52 <DIR> d-------- C:\Program Files\Windows Media Components
2007-01-25 17:52 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\Application Data\Ulead Systems
2007-01-25 17:49 <DIR> d-------- C:\Program Files\DVR-530 Camera Manual
2007-01-23 16:28 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-01-23 16:28 <DIR> d-------- C:\DOCUME~1\SCOTTS~2\Application Data\Google
2007-01-23 16:06 <DIR> d-------- C:\DOCUME~1\SCOTTS~2\Application Data\Aim
2007-01-23 12:55 62,464 --a------ C:\WINDOWS\system32\bszip.dll
2007-01-23 12:55 <DIR> d--hs---- C:\Program Files\winupdates
2007-01-23 12:55 <DIR> d--hs---- C:\DOCUME~1\SCOTTS~2\Complete
2007-01-20 14:16 974,848 --a------ C:\WINDOWS\system32\dxdiag.exe
2007-01-20 14:16 83,968 --a------ C:\WINDOWS\system32\drivers\nabtsfec.sys
2007-01-20 14:16 79,360 --a------ C:\WINDOWS\system32\dpwsockx.dll
2007-01-20 14:16 52,096 --a------ C:\WINDOWS\system32\drivers\msdv.sys
2007-01-20 14:16 470,528 --a------ C:\WINDOWS\system32\qdvd.dll
2007-01-20 14:16 47,104 --a------ C:\WINDOWS\system32\wstdecod.dll
2007-01-20 14:16 46,592 --a------ C:\WINDOWS\system32\dxdllreg.exe
2007-01-20 14:16 381,952 --a------ C:\WINDOWS\system32\dsound.dll
2007-01-20 14:16 316,928 --a------ C:\WINDOWS\system32\qdv.dll
2007-01-20 14:16 292,864 --a------ C:\WINDOWS\system32\ddraw.dll
2007-01-20 14:16 230,400 --a------ C:\WINDOWS\system32\dplayx.dll
2007-01-20 14:16 181,248 --a------ C:\WINDOWS\system32\dmime.dll
2007-01-20 14:16 18,688 --a------ C:\WINDOWS\system32\drivers\wstcodec.sys
2007-01-20 14:16 16,896 --a------ C:\WINDOWS\system32\msyuv.dll
2007-01-20 14:16 16,384 --a------ C:\WINDOWS\system32\drivers\ccdecode.sys
2007-01-20 14:16 15,104 --a------ C:\WINDOWS\system32\drivers\mpe.sys
2007-01-20 14:16 14,976 --a------ C:\WINDOWS\system32\drivers\streamip.sys
2007-01-20 14:16 122,880 --a------ C:\WINDOWS\system32\dmusic.dll
2007-01-20 14:16 11,392 --a------ C:\WINDOWS\system32\drivers\bdasup.sys
2007-01-20 14:16 10,880 --a------ C:\WINDOWS\system32\drivers\slip.sys
2007-01-20 14:16 10,112 --a------ C:\WINDOWS\system32\drivers\ndisip.sys
2007-01-20 14:16 1,769,472 --a------ C:\WINDOWS\system32\dxdiagn.dll
2007-01-20 14:16 1,703,936 --a------ C:\WINDOWS\system32\d3d9.dll
2007-01-20 14:16 1,201,152 --a------ C:\WINDOWS\system32\d3d8.dll
2007-01-20 14:15 286,720 --a------ C:\WINDOWS\iun506.exe
2007-01-20 14:11 <DIR> d-------- C:\DirectX
2007-01-20 13:44 <DIR> d-------- C:\DOCUME~1\BETHST~1\Application Data\Sun
2007-01-19 23:18 <DIR> d-------- C:\DOCUME~1\SCOTTS~2\Application Data\Sun
2007-01-19 22:14 <DIR> d-------- C:\Program Files\uTorrent
2007-01-19 22:14 <DIR> d-------- C:\DOCUME~1\SCOTTS~2\Application Data\uTorrent
2007-01-18 16:16 <DIR> d-------- C:\Program Files\SiteTicket
2007-01-17 15:01 <DIR> d-------- C:\Program Files\X Software
2007-01-16 22:15 <DIR> d-------- C:\DOCUME~1\SCOTTS~2\Incomplete
2007-01-16 22:06 <DIR> d-------- C:\DOCUME~1\SCOTTS~2\.limewire
2007-01-16 21:15 <DIR> d-------- C:\DOCUME~1\JACOBS~2\Application Data\Verizon
2007-01-16 21:15 <DIR> d-------- C:\DOCUME~1\JACOBS~2\Application Data\Spyware Terminator
2007-01-16 21:14 524,288 --ah----- C:\DOCUME~1\JACOBS~2\ntuser.dat
2007-01-16 15:22 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\Application Data\Windows Genuine Advantage
2007-01-16 11:51 <DIR> d-------- C:\WUTemp
2007-01-15 22:16 1,168 --a------ C:\WINDOWS\mozver.dat
2007-01-15 21:20 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\Application Data\InstallShield
2007-01-14 11:39 <DIR> d-------- C:\DOCUME~1\BETHST~1\Application Data\acccore
2007-01-14 10:43 <DIR> dr-h----- C:\DOCUME~1\BETHST~1\Application Data\yahoo!
2007-01-14 10:43 <DIR> d---s---- C:\DOCUME~1\BETHST~1\UserData
2007-01-14 10:36 <DIR> d--h----- C:\WINDOWS\PIF
2007-01-14 10:32 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\Application Data\Freedom
2007-01-14 10:28 <DIR> d-------- C:\Program Files\Common Files\PestPatrol
2007-01-14 10:28 <DIR> d-------- C:\Program Files\Common Files\Command Software
2007-01-14 10:22 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\Application Data\Verizon
2007-01-14 08:19 <DIR> d-------- C:\Program Files\Full Tilt Poker
2007-01-13 16:18 <DIR> d-------- C:\Program Files\Common Files\{A0BC7B14-07CF-1033-0902-040804030001}


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-02-13 11:49 -------- d-------- C:\Program Files\mozilla firefox
2007-02-11 20:47 -------- d-------- C:\Program Files\symantec
2007-02-11 20:36 -------- d-------- C:\Program Files\Common Files\symantec shared
2007-02-11 20:36 -------- d-------- C:\Program Files\Common Files\{a0bc7b14-07d0-1033-0902-040804030001}
2007-02-11 20:35 -------- d-------- C:\Program Files\norton antivirus
2007-02-11 15:44 -------- d-------- C:\Program Files\Common Files\{a0bc7b14-07cf-1033-0902-040804030001}
2007-02-11 13:59 -------- d--h----- C:\Program Files\windowsupdate
2007-02-11 07:15 2 --a------ C:\WINDOWS\system32\wnsintsv.exe
2007-02-10 12:23 -------- d-------- C:\Program Files\yahoo!
2007-02-09 20:37 -------- d-------- C:\Program Files\limewire
2007-02-09 20:29 -------- d-------- C:\Program Files\java
2007-02-09 20:27 -------- d-------- C:\Program Files\mcafee
2007-02-03 14:17 187 --a------ C:\DOCUME~1\SCOTTS~2\Application Data\g-force prefs (windowsmediaplayer).txt
2007-02-02 20:43 -------- d-------- C:\Program Files\pokerstars
2007-01-31 11:53 -------- d-------- C:\Program Files\viewpoint
2007-01-30 15:23 -------- d-------- C:\Program Files\aim
2007-01-26 12:15 -------- d--h----- C:\Program Files\installshield installation information
2007-01-23 16:27 -------- d-------- C:\Program Files\google
2007-01-23 16:05 -------- d-------- C:\Program Files\aod
2007-01-23 12:54 -------- d-------- C:\Program Files\Common Files\aol
2007-01-16 22:03 -------- d---s---- C:\DOCUME~1\SCOTTS~2\Application Data\microsoft
2007-01-15 21:19 -------- d-------- C:\Program Files\sonic
2007-01-15 20:55 -------- d-------- C:\DOCUME~1\SCOTTS~2\Application Data\mozilla
2007-01-14 10:28 -------- d-------- C:\Program Files\verizon
2007-01-13 16:18 -------- d-------- C:\Program Files\Common Files\{30bc7b14-07cf-1033-0902-040804030001}
2007-01-11 18:56 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-01-11 11:35 -------- d-------- C:\DOCUME~1\SCOTTS~2\Application Data\viewpoint
2007-01-10 22:32 -------- d-------- C:\Program Files\divx
2007-01-07 21:33 -------- d-------- C:\DOCUME~1\SCOTTS~2\Application Data\acccore
2007-01-07 21:31 -------- d-------- C:\Program Files\Common Files\aolshare
2007-01-07 21:31 -------- d-------- C:\DOCUME~1\SCOTTS~2\Application Data\yahoo!
2007-01-07 21:30 335 --a------ C:\WINDOWS\nsreg.dat
2007-01-07 18:20 -------- d-------- C:\Program Files\movie maker
2007-01-07 18:17 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-01-07 18:14 -------- d-------- C:\Program Files\windows nt
2007-01-07 18:10 -------- d-------- C:\Program Files\illiminable
2007-01-07 18:10 -------- d-------- C:\Program Files\Common Files\surething shared
2007-01-07 17:48 -------- d-------- C:\Program Files\supportsoft
2007-01-07 17:48 -------- d-------- C:\Program Files\Common Files\motive
2007-01-07 17:46 -------- d-------- C:\DOCUME~1\SCOTTS~2\Application Data\verizon
2007-01-07 17:45 -------- d-------- C:\Program Files\playlinc
2007-01-07 16:00 -------- d-------- C:\DOCUME~1\SCOTTS~2\Application Data\macromedia
2007-01-07 15:58 -------- d-------- C:\DOCUME~1\SCOTTS~2\Application Data\identities
2007-01-07 15:57 -------- d-------- C:\Program Files\gemmaster
2007-01-07 15:57 -------- d-------- C:\Program Files\englishotto
2007-01-07 15:45 -------- d-------- C:\Program Files\managed directx (0901)
2007-01-07 13:47 -------- d-------- C:\Program Files\messenger
2007-01-07 09:49 62 --ahs---- C:\DOCUME~1\SCOTTS~2\Application Data\desktop.ini
2007-01-04 22:47 -------- d-------- C:\Program Files\callwave
2007-01-03 21:36 -------- d-------- C:\Program Files\siteadvisor
2007-01-03 21:35 -------- d-------- C:\Program Files\Common Files\mcafee
2007-01-03 21:34 -------- d-------- C:\Program Files\mcafee.com
2007-01-03 21:26 -------- d-------- C:\Program Files\partygaming
2007-01-03 20:23 -------- d-------- C:\Program Files\great lakes internet service
2006-12-29 14:34 -------- d-------- C:\Program Files\wildtangent
2006-12-29 04:14 -------- d-------- C:\Program Files\flvplayer


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Yahoo! Pager"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet"
"AIM"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"
"Tuur"="\"C:\\PROGRA~1\\DOBE~1\\mmc.exe\" -vt ndrv"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"VerizonServicepoint.exe"="\"C:\\Program Files\\Verizon\\Servicepoint\\VerizonServicepoint.exe\""
"Motive SmartBridge"="C:\\PROGRA~1\\Verizon\\SMARTB~1\\MotiveSB.exe"
"YBrowser"="C:\\PROGRA~1\\Yahoo!\\browser\\ybrwicon.exe"
"{A0BC7B14-07CF-1033-0902-040804030001}"="\"C:\\Program Files\\Common Files\\{A0BC7B14-07CF-1033-0902-040804030001}\\Update.exe\" te-110-12-0000213"
"{A0BC7B14-07D0-1033-0902-040804030001}"="\"C:\\Program Files\\Common Files\\{A0BC7B14-07D0-1033-0902-040804030001}\\Update.exe\" te-110-12-0000213"
"ISUSPM Startup"="\"C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe\" -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"winupdates"=""
"BearFlix"="\"C:\\Program Files\\BearFlix\\BearFlix.exe\" /pause"
"CmPCIaudio"="RunDll32 CMICNFG3.CPL,CMICtrlWnd"
"BDMCon"="\"C:\\Program Files\\Softwin\\BitDefender10\\bdmcon.exe\" /reg"
"BDAgent"="\"C:\\Program Files\\Softwin\\BitDefender10\\bdagent.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="sockspy.dll"


[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7c9b8f8b-9e5b-11db-a974-806d6172696f}]
Shell\AutoRun\command RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480


********************************************************************

catchme 0.1 W2K/XP - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-02-13 11:56:57


AND HERE IS THE NEW HIJACKTHIS LOG:::::::

Logfile of HijackThis v1.99.1
Scan saved at 12:05:05 PM, on 2/13/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\HiJackThis\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearflix.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://verizon.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://verizon.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: (no name) - {54698A2F-2247-4538-82FC-2B5443D66945} - C:\WINDOWS\system32\drivera.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {8716806B-3888-1E26-A29E-1244E3894EB4} - C:\WINDOWS\System32\dlnmkpv.dll (file missing)
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [{A0BC7B14-07CF-1033-0902-040804030001}] "C:\Program Files\Common Files\{A0BC7B14-07CF-1033-0902-040804030001}\Update.exe" te-110-12-0000213
O4 - HKLM\..\Run: [{A0BC7B14-07D0-1033-0902-040804030001}] "C:\Program Files\Common Files\{A0BC7B14-07D0-1033-0902-040804030001}\Update.exe" te-110-12-0000213
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [BearFlix] "C:\Program Files\BearFlix\BearFlix.exe" /pause
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.CPL,CMICtrlWnd
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Tuur] "C:\PROGRA~1\DOBE~1\mmc.exe" -vt ndrv
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Verizon Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3C5C4B39-FB6E-49FB-8268-6189496BC654}: NameServer = 85.255.116.139,85.255.112.7
O17 - HKLM\System\CCS\Services\Tcpip\..\{874AF504-5EB1-4240-8799-104D11560D5A}: NameServer = 85.255.116.139,85.255.112.7
O17 - HKLM\System\CCS\Services\Tcpip\..\{92B2DB6D-2136-4534-81FC-8FEEC0BCB4A2}: NameServer = 85.255.116.139,85.255.112.7
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.139 85.255.112.7
O17 - HKLM\System\CS1\Services\Tcpip\..\{3C5C4B39-FB6E-49FB-8268-6189496BC654}: NameServer = 85.255.116.139,85.255.112.7
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.139 85.255.112.7
O17 - HKLM\System\CS2\Services\Tcpip\..\{3C5C4B39-FB6E-49FB-8268-6189496BC654}: NameServer = 85.255.116.139,85.255.112.7
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.139 85.255.112.7
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

Hi Stevenson1,

You might want to save this page on your favorites, so you can find it again when you return. You can also click on your name and click on "Find All Posts" to find your thread.

Run HijackThis, click on "Scan" and check the boxes next to all these items.

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

O2 - BHO: (no name) - {54698A2F-2247-4538-82FC-2B5443D66945} - C:\WINDOWS\system32\drivera.dll
O2 - BHO: (no name) - {8716806B-3888-1E26-A29E-1244E3894EB4} - C:\WINDOWS\System32\dlnmkpv.dll (file missing)

O4 - HKCU\..\Run: [Tuur] "C:\PROGRA~1\DOBE~1\mmc.exe" -vt ndrv

O17 - HKLM\System\CCS\Services\Tcpip\..\{3C5C4B39-FB6E-49FB-8268-6189496BC654}: NameServer = 85.255.116.139,85.255.112.7
O17 - HKLM\System\CCS\Services\Tcpip\..\{874AF504-5EB1-4240-8799-104D11560D5A}: NameServer = 85.255.116.139,85.255.112.7
O17 - HKLM\System\CCS\Services\Tcpip\..\{92B2DB6D-2136-4534-81FC-8FEEC0BCB4A2}: NameServer = 85.255.116.139,85.255.112.7
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.139 85.255.112.7
O17 - HKLM\System\CS1\Services\Tcpip\..\{3C5C4B39-FB6E-49FB-8268-6189496BC654}: NameServer = 85.255.116.139,85.255.112.7
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.139 85.255.112.7
O17 - HKLM\System\CS2\Services\Tcpip\..\{3C5C4B39-FB6E-49FB-8268-6189496BC654}: NameServer = 85.255.116.139,85.255.112.7
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.139 85.255.112.7

Then close all windows, and browsers, except HijackThis. Tell HijackThis to "Fix checked".

Restart your computer in Safe Mode. How do I Safe Boot my computer?

Show hidden files. How do I show hidden files?
At the end if the fix you can return the files to hidden status if you want.

Launch Notepad, and copy/paste the box below into a new text file. Save it as fixme.reg and save it on your Desktop.

Locate fixme.reg on your Desktop and double-click on it.
You will receive a prompt similar to: "Do you wish to merge the information into the registry?".
Answer "Yes" and wait for a message to appear similar to "Merged Successfully".

The above Registry file was written specifically for this infection on this person's computer. It is NOT to be used on another computer, as it may cause damage that could result in a format!

Delete the following files in red (it could be that they are deleted already):

C:\WINDOWS\system32\drivera.dll
C:\WINDOWS\System32\dlnmkpv.dll

Delete the following folders in red (it could be that they are deleted already):

C:\Program Files\àdobe

Restart your computer and post a new log in this thread.

Alright I did everything that you said to do.. and those folders/files were already deleted (I take it) when I searched for them.

HERES THE NEW HIJACKTHIS LOG:::::::::

Logfile of HijackThis v1.99.1
Scan saved at 4:06:46 PM, on 2/14/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\HiJackThis\hijackthis\HijackThis.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\WINDOWS\System32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearflix.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://verizon.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://verizon.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: XBTP01621 - {D0285C32-F09A-49bd-BA67-FDAB0A58675E} - C:\PROGRA~1\BEARSH~1\BEARSH~2\MediaBar.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [{A0BC7B14-07CF-1033-0902-040804030001}] "C:\Program Files\Common Files\{A0BC7B14-07CF-1033-0902-040804030001}\Update.exe" te-110-12-0000213
O4 - HKLM\..\Run: [{A0BC7B14-07D0-1033-0902-040804030001}] "C:\Program Files\Common Files\{A0BC7B14-07D0-1033-0902-040804030001}\Update.exe" te-110-12-0000213
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [BearFlix] "C:\Program Files\BearFlix\BearFlix.exe" /pause
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.CPL,CMICtrlWnd
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Verizon Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

Hi Stevenson1,

You look clean. How's the system running?

I do see that you are running P2P programs like Bearshare. I would advise you to get rid of them as that is probably how you got infected in the first place.

Scratch that!

Colleagues have raised concerns about a file in your log that can be malware, but doesn't have to be.

As I don't have all the answers either I want you to check it out anyway. Go to Online malware scan and submit C:\Program Files\Common Files\{A0BC7B14-07CF-1033-0902-040804030001}\Update.exe.

Tell me the result.

The problem is that many programs use an update.exe, and I give programs the benefit of the doubt. But it does show a little too many lookalikes to be easily ignored.

So... Let's see if there is still bad guys around.