Logs For Virus. Need Help, Please.

Hi,

I've been dealing with the Kernel Error 1256 problem...

Here's what I have done so far...and much of the trouble has subsided but still I have my doubts that I have cleaned everything or done it properly...and my OUTLOOK is now whacked and will not open or repair off of the CD-ROM.

I ran Vundo and Combo Fix. Deleted all the. tmp files. Installed and ran BitDefender and the ATF Cleaner.

Still get the 32]fwcplcxs.dll at start up, though.

Here's the deep scan log and hijack this log and the combo fix log

Thanks so much.

(PS...I understand these things probably at an intermediate level.)

//-----------------------------------------------------------------

//

// Product BitDefender Free Edition v10

// Product 10.2

//

// Created on: 21/02/2008 14:58:29

//

//-----------------------------------------------------------------

Virus Statistics

Scan path : C:\WINDOWS

C:\Program Files

Folders : 4979

Files : 34357

Memory processes scanned : 0

Archives : 1

Runtime packers : 2734

Identified viruses : 8

Infected files : 13

Memory processes infected : 0

Suspect files : 2

Warnings : 0

Disinfected files : 0

Deleted files : 0

Moved files : 8

I/O errors : 3

Scan time : 01:09:16

Scan speed (files/sec) : 8

Virus definitions : 982856

Scan plugins : 16

Archive plugins : 41

Unpack plugins : 7

Mail plugins : 6

System plugins : 5

Virus scan options

Detection

[X] Scan boot sectors

[ ] Memory Processes

[ ] Scan archives

[X] Scan runtime packers

[X] Scan email

File mask

[X] Programs

[ ] All files

[ ] User defined extensions:

[ ] Exclude extensions: ;

Action

Infected objects

[ ] Ignore

[X] Disinfect

[ ] Delete

[ ] Move to quarantine

[ ] Prompt user

Second action

[ ] Ignore

[ ] Delete

[X] Move to quarantine

[ ] Prompt user

Virus scan options

[X] Enable warnings

[ ] Enable heuristics

[ ] Show all files in log

[X] Report file: C:\DOCUME~1\RM\LOCALS~1\Temp\1203634709.log

Spyware scan options

[X] Scan for riskware

[ ] Skip dial and applications from scan

[ ] Registry keys

[ ] Cookies

Summary:

C:\WINDOWS\Installer\122bbd3.msi=>(Embedded EXE) Detected: Adware.Ezula.FD

C:\WINDOWS\Installer\122bbd3.msi=>(Embedded EXE) Disinfection failed

C:\WINDOWS\Installer\122bbd3.msi=>(Embedded EXE) Detected: Adware.Gator.AD

C:\WINDOWS\Installer\122bbd3.msi=>(Embedded EXE) Infected: Dropped:Trojan.Ebates.A

C:\WINDOWS\Installer\122bbd3.msi=>(Embedded EXE) Disinfection failed

C:\WINDOWS\Installer\122bbd3.msi Moved

C:\WINDOWS\Installer\f287b8.msi=>(Embedded EXE) Detected: Adware.Ezula.FD

C:\WINDOWS\Installer\f287b8.msi=>(Embedded EXE) Disinfection failed

C:\WINDOWS\Installer\f287b8.msi=>(Embedded EXE) Detected: Adware.Gator.AD

C:\WINDOWS\Installer\f287b8.msi=>(Embedded EXE) Infected: Dropped:Trojan.Ebates.A

C:\WINDOWS\Installer\f287b8.msi=>(Embedded EXE) Disinfection failed

C:\WINDOWS\Installer\f287b8.msi Moved

C:\WINDOWS\system32\a1\tliamdll2.exe Infected: Trojan.Downloader.Small.BUY

C:\WINDOWS\system32\a1\tliamdll2.exe Disinfection failed

C:\WINDOWS\system32\a1\tliamdll2.exe Moved

C:\WINDOWS\system32\oqstv.ini Infected: Trojan.Vundo.DVS

C:\WINDOWS\system32\oqstv.ini Disinfection failed

C:\WINDOWS\system32\oqstv.ini Moved

C:\WINDOWS\tk58.exe Infected: Trojan.BHO.AW

C:\WINDOWS\tk58.exe Disinfection failed

C:\WINDOWS\tk58.exe Moved

C:\WINDOWS\Uk0\asappsrv.dll Detected: Adware.CommAd.A

C:\WINDOWS\Uk0\asappsrv.dll Disinfection failed

C:\WINDOWS\Uk0\asappsrv.dll Move failed

C:\Program Files\MSN\lazup.dll Infected: Trojan.BHO.AW

C:\Program Files\MSN\lazup.dll Disinfection failed

C:\Program Files\MSN\lazup.dll Moved

C:\Program Files\MSN\lazup888.dll Infected: Trojan.BHO.AW

C:\Program Files\MSN\lazup888.dll Disinfection failed

C:\Program Files\MSN\lazup888.dll Moved

C:\Program Files\MSN\lazup919.dll Infected: Trojan.BHO.AW

C:\Program Files\MSN\lazup919.dll Disinfection failed

C:\Program Files\MSN\lazup919.dll Moved

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:10:02 AM, on 2/23/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\WINDOWS\system32\cisvc.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\system32\crypserv.exe

C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\system32\pctspk.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe

C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE

C:\COMPAQ\CPQINET\CPQInet.exe

C:\Compaq\EAKDRV\EAUSBKBD.EXE

C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe

C:\WINDOWS\system32\fxssvc.exe

C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Yahoo!\browser\ybrwicon.exe

C:\Program Files\quickenw\QAGENT.EXE

C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe

C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe

C:\PROGRA~1\Yahoo!\browser\ycommon.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\mrtMngr.EXE

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Program Files\Softwin\BitDefender10\bdmcon.exe

C:\Program Files\Softwin\BitDefender10\bdagent.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Pando Networks\Pando\Pando.exe

C:\Documents and Settings\RM\Local Settings\Application Data\Google\Update\1.0.103.3\GoogleUpdate.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

C:\Documents and Settings\RM\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE

C:\WINDOWS\explorer.exe

C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\RM\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.huffingtonpost.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://securityresponse.symantec.com/avcenter/fix_homepage

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll

O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll

O2 - BHO: (no name) - {66A12149-C2D5-4E22-A21A-D98ABC89D1E9} - C:\WINDOWS\system32\pmnno.dll (file missing)

O2 - BHO: 0 - {A2DA4664-3FCA-4AF9-BC91-210A33AF8138} - C:\Program Files\MSN\lazup888.dll (file missing)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll

O2 - BHO: {cd2901d2-75fa-0ffb-7934-bfcc275c114c} - {c411c572-ccfb-4397-bff0-af572d1092dc} - C:\WINDOWS\system32\mrburgah.dll (file missing)

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll

O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe

O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"

O4 - HKLM\..\Run: [smapp] rem Smtray.exe

O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe

O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe

O4 - HKLM\..\Run: [splash Screen] rem E:\SplashScreen\SplashScreen.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe

O4 - HKLM\..\Run: [iPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"

O4 - HKLM\..\Run: [userFaultCheck] rem %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [QAGENT] C:\Program Files\quickenw\QAGENT.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

O4 - HKLM\..\Run: [ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe

O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [e4b94219] rundll32.exe "C:\WINDOWS\system32\fwcplcxs.dll",b

O4 - HKLM\..\Run: [bDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg

O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\RM\Local Settings\Application Data\Google\Update\1.0.103.3\GoogleUpdate.exe"

O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

O4 - Startup: YouTube Uploader.lnk = C:\Documents and Settings\RM\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe

O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe

O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE

O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228

O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227

O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm

O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Office12\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: Support - {5DE92616-77D2-40A9-BA35-B095FD211534} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (HKCU)

O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll

O15 - Trusted Zone: *.amaena.com

O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813

O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab

O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab

O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200203...meInstaller.exe

O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab

O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab

O16 - DPF: {AE6C4705-0F11-4ACB-BDD4-37F138BEF289} (Image Uploader Control) - http://pc-photo.lifepics.com/net/Uploader/LPUploader45.cab

O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab

O16 - DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} (Plaxo Auto-Import Utility) - https://www.plaxo.com/activex/plx_upldr-2k-xp.cab

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: Compaq Advisor (Compaq_RBA) - NeoPlanet - C:\Program Files\Compaq\Compaq Advisor\bin\compaq-rba.exe

O23 - Service: Crypkey License - Unknown owner - C:\WINDOWS\SYSTEM32\crypserv.exe

O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows (file missing)

O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe

O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--

End of file - 15041 bytes

ComboFix 08-02-22 - RM 2008-02-23 9:22:15.2 - NTFSx86

Running from: C:\Documents and Settings\RM\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Program Files\Common Files\jupiw89104.dll

C:\WINDOWS\Downloaded Program Files\ODCTOOLS\ef6b26db-344d-4ad3-ba24-aca0bdaa999a.cab

C:\WINDOWS\Downloaded Program Files\ODCTOOLS\f04d289f-c60a-422b-8396-6c372047042e.cab

C:\WINDOWS\mrofinu1000106.exe

C:\WINDOWS\mrofinu572.exe

C:\WINDOWS\system32\mcrh.tmp

C:\WINDOWS\system32\nGpxx01\nGpxx011065.exe

C:\WINDOWS\system32\oqstv.ini

C:\WINDOWS\system32\oqstv.ini2

C:\WINDOWS\system32\p9\liopud89104.exe

C:\WINDOWS\system32\pac.txt

C:\WINDOWS\system32\vtsqo.dll

C:\WINDOWS\system32\w11\hiba3133.exe

C:\WINDOWS\system32\windows

C:\WINDOWS\system32\yayxyyy.dll

.

---- Previous Run -------

.

C:\Program Files\Common Files\jupiw89104.dll

C:\Program Files\sembly~1

C:\WINDOWS\Downloaded Program Files\ODCTOOLS

C:\WINDOWS\Downloaded Program Files\ODCTOOLS\ef6b26db-344d-4ad3-ba24-aca0bdaa999a.cab

C:\WINDOWS\Downloaded Program Files\ODCTOOLS\f04d289f-c60a-422b-8396-6c372047042e.cab

C:\WINDOWS\mrofinu1000106.exe

C:\WINDOWS\mrofinu572.exe

C:\WINDOWS\system32\a1

C:\WINDOWS\system32\mcrh.tmp

C:\WINDOWS\system32\nGpxx01

C:\WINDOWS\system32\nGpxx01\nGpxx011065.exe

C:\WINDOWS\system32\oqstv.ini

C:\WINDOWS\system32\oqstv.ini2

C:\WINDOWS\system32\p9

C:\WINDOWS\system32\p9\liopud89104.exe

C:\WINDOWS\system32\pac.txt

C:\WINDOWS\system32\vtsqo.dll

C:\WINDOWS\system32\w11

C:\WINDOWS\system32\w11\hiba3133.exe

C:\WINDOWS\system32\windows

C:\WINDOWS\system32\yayxyyy.dll

C:\WINDOWS\ymante~1

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\LEGACY_CMDSERVICE

-------\LEGACY_NETWORK_MONITOR

((((((((((((((((((((((((( Files Created from 2008-01-23 to 2008-02-23 )))))))))))))))))))))))))))))))

.

2008-02-23 03:00 . 2008-02-23 03:00 <DIR> d----c--- C:\WINDOWS\LastGood.Tmp

2008-02-21 17:24 . 2008-02-21 17:24 <DIR> d----c--- C:\sUBs

2008-02-21 16:32 . 2008-02-22 18:28 54,156 --ah-c--- C:\WINDOWS\QTFont.qfn

2008-02-21 16:32 . 2008-02-21 16:32 1,409 --a--c--- C:\WINDOWS\QTFont.for

2008-02-21 16:24 . 2008-02-21 16:24 <DIR> d----c--- C:\Documents and Settings\RM\Application Data\Bitdefender

2008-02-21 14:57 . 2008-02-23 09:38 81,984 --a--c--- C:\WINDOWS\system32\bdod.bin

2008-02-21 14:54 . 2008-02-21 14:54 <DIR> d----c--- C:\Program Files\Softwin

2008-02-21 14:54 . 2008-02-21 14:55 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\BitDefender

2008-02-21 14:52 . 2008-02-21 14:55 <DIR> d----c--- C:\Program Files\Common Files\Softwin

2008-02-21 12:39 . 2008-02-21 12:39 <DIR> d----c--- C:\Documents and Settings\RM\Application Data\Roxio

2008-02-20 22:30 . 2008-02-22 02:51 <DIR> d----c--- C:\VundoFix Backups

2008-02-19 15:37 . 2008-02-20 12:03 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Rabio

2008-02-19 15:32 . 2008-02-19 16:14 <DIR> d----c--- C:\WINDOWS\system32\dv6

2008-02-19 15:32 . 2008-02-19 15:32 36,864 --a--c--- C:\WINDOWS\mrofinu572.exe.tmp

2008-02-11 15:11 . 2008-02-11 15:13 <DIR> d----c--- C:\Documents and Settings\RM\Application Data\VideoEgg

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-02-23 05:13 --------- dc----w C:\Program Files\OFFICE11

2008-02-23 05:13 --------- dc----w C:\Program Files\EPSON

2008-02-22 16:53 --------- dc----w C:\Documents and Settings\All Users\Application Data\Microsoft Help

2008-02-22 16:51 --------- dc----w C:\Program Files\Office12

2008-02-22 16:51 --------- dc----w C:\Program Files\Document Themes 12

2008-02-22 16:50 --------- dc----w C:\Program Files\Microsoft Works

2008-02-22 01:34 --------- dc----w C:\Program Files\quickenw

2008-02-21 06:23 --------- dc----w C:\Program Files\SpywareBlaster

2008-02-20 00:16 --------- dc----w C:\Program Files\Common Files\Symantec Shared

2008-02-02 07:05 --------- dc----w C:\Documents and Settings\All Users\Application Data\Symantec

2008-01-30 20:00 --------- dc----w C:\Documents and Settings\RM\Application Data\AdobeUM

2008-01-18 23:48 --------- dc----w C:\Program Files\Sony

2008-01-15 17:54 10,537 -c--a-w C:\WINDOWS\system32\drivers\COH_Mon.cat

2008-01-15 13:28 706 -c--a-w C:\WINDOWS\system32\drivers\COH_Mon.inf

2008-01-13 19:04 --------- dc----w C:\Program Files\Microsoft Money Plus

2008-01-13 02:32 23,904 -c--a-w C:\WINDOWS\system32\drivers\COH_Mon.sys

2008-01-07 04:59 --------- dc----w C:\Program Files\microsoft frontpage

2008-01-04 20:31 --------- dc----w C:\Program Files\Microsoft Money

2008-01-04 08:31 57,344 -c--a-w C:\WINDOWS\uneng.exe

2008-01-04 08:31 30,662 -c--a-w C:\WINDOWS\system32\drivers\Mmc_2k.sys

2008-01-04 08:31 25,930 -c--a-w C:\WINDOWS\system32\drivers\Dvd_2k.sys

2008-01-04 08:31 241,280 -c--a-w C:\WINDOWS\system32\drivers\cdudf_xp.sys

2008-01-04 08:31 206,464 -c--a-w C:\WINDOWS\system32\drivers\udfreadr_xp.sys

2008-01-04 08:31 144,250 -c--a-w C:\WINDOWS\system32\drivers\pwd_2K.sys

2008-01-04 08:31 --------- dc----w C:\Program Files\Common Files\Adaptec Shared

2008-01-04 08:31 --------- dc----w C:\Program Files\Adaptec

2008-01-04 08:11 --------- dc----w C:\Program Files\Ashampoo

2008-01-04 08:07 --------- dc----w C:\Program Files\DivX

2008-01-04 07:01 --------- dc----w C:\Documents and Settings\RM\Application Data\DVD Flick

2008-01-04 05:54 167 -c--a-w C:\Program Files\INSTALL.LOG

2008-01-03 19:21 --------- dc----w C:\Documents and Settings\RM\Application Data\Pegasys Inc

2008-01-02 19:27 --------- dc--a-w C:\Documents and Settings\All Users\Application Data\TEMP

2008-01-02 06:17 13,531,608 -c--a-w C:\Program Files\videoeditmagic.exe

2008-01-01 19:53 --------- dc----w C:\Documents and Settings\RM\Application Data\OfficeUpdate12

2007-12-26 18:27 --------- dc----w C:\Program Files\Ableton

2007-12-26 18:01 --------- dc----w C:\Program Files\NCH Swift Sound

2007-12-26 17:57 --------- dc----w C:\Documents and Settings\All Users\Application Data\Skype

2007-12-26 17:31 --------- dc----w C:\Documents and Settings\RM\Application Data\Fisher-Price

2007-12-26 17:28 --------- dc----w C:\Program Files\Fisher-Price

2007-12-14 23:34 286,720 -c--a-w C:\WINDOWS\iun506.exe

2007-10-27 22:25 30,167,512 -c--a-w C:\Program Files\cdarchitect52c_enu.exe

2007-10-27 22:25 1,818,232 -c--a-w C:\Program Files\cdarchitect52_manual.exe

2007-10-27 22:23 6,730,272 -c--a-w C:\Program Files\masteringeffectsbundle_soundforge_setup.exe

2007-10-27 22:21 6,178,453 -c--a-w C:\Program Files\soundforge90_manual.exe

2007-10-27 22:19 72,924,904 -c--a-w C:\Program Files\soundforge90c_enu.exe

2007-09-18 03:58 751,768 -c--a-w C:\Program Files\db-directx.exe

2007-09-16 06:23 71,283,560 -c--a-w C:\Program Files\soundforge90a_enu.exe

2007-08-27 23:36 1,287,784 -c--a-w C:\Program Files\AudibleDM_iTunesSetup.exe

2007-07-26 19:01 192,614 -c--a-w C:\Program Files\TBFDropZoneInstaller.exe

2006-12-28 21:21 36,808,256 -c--a-w C:\Program Files\iTunesSetup.exe

2006-11-26 18:53 5,900,416 -c--a-w C:\Program Files\Firefox Setup 2.0.exe

2006-11-26 18:49 19,203,280 -c--a-w C:\Program Files\nsb-install-8-1-2.exe

2006-08-06 01:16 5,279,254 -c--a-w C:\Program Files\BackupDVD.exe

2006-05-20 01:45 14,650,070 -c--a-w C:\Program Files\StuffItStandard9.exe

2006-05-07 20:16 243,512 -c--a-w C:\Program Files\jre-1_5_0_06-windows-i586-p-iftw.exe

2006-05-06 21:01 47,633,576 -c--a-w C:\Program Files\iPodSetup.exe

2006-01-22 23:59 11,817,800 -c--a-w C:\Program Files\GoogleEarth.exe

2005-07-12 20:51 160 -c--a-w C:\Program Files\WS_FTP.LOG

2005-03-27 04:12 5,629,711 -c--a-w C:\Program Files\Chess Winboard.exe

2005-02-17 21:19 36,009,360 -c--a-w C:\Program Files\1201bandinaboxprowin.exe

2005-01-09 20:17 84,137 -c--a-w C:\Program Files\quickenw.QIF

2003-12-04 19:43 9,134,648 -c--a-w C:\Program Files\AdbeRdr60_enu.exe

2003-11-22 01:03 2,226,304 -c--a-w C:\Program Files\microsoft download 112103.exe

2002-05-18 18:25 5,617,948 -c--a-w C:\Program Files\STUFFIT7.EXE

2002-05-13 21:50 1,597,440 -c--a-w C:\Program Files\xerces-c_1_6.dll

2002-05-13 21:49 196,608 -c--a-w C:\Program Files\MMxpt.dll

2002-05-13 21:49 18,192 -c--a-w C:\Program Files\PSAPI.DLL

2002-05-13 21:49 14,848 -c--a-w C:\Program Files\MM.ASPNetDesignerMgr.dll

1999-06-25 18:55 149,504 -c--a-w C:\Program Files\UNWISE.EXE

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{66A12149-C2D5-4E22-A21A-D98ABC89D1E9}]

C:\WINDOWS\system32\pmnno.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A2DA4664-3FCA-4AF9-BC91-210A33AF8138}]

C:\Program Files\MSN\lazup888.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c411c572-ccfb-4397-bff0-af572d1092dc}]

C:\WINDOWS\system32\mrburgah.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [ ]

"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2006-11-30 21:49 4662776]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]

"Pando"="C:\Program Files\Pando Networks\Pando\Pando.exe" [2008-02-09 14:02 6051144]

"Google Update"="C:\Documents and Settings\RM\Local Settings\Application Data\Google\Update\1.0.103.3\GoogleUpdate.exe" [2008-02-15 11:45 21488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CPQEASYACC"="C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe" [2001-08-15 10:50 28672]

"WCOLOREAL"="C:\Program Files\COMPAQ\Coloreal\coloreal.exe" [2001-09-26 08:30 131072]

"Smapp"="rem Smtray.exe" []

"WorksFUD"="" []

"Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [2000-07-13 12:00 311350]

"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [ ]

"srmclean"="C:\Cpqs\Scom\srmclean.exe" [2001-07-24 13:34 36864]

"AdaptecDirectCD"="C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" [2008-01-04 00:31 684032]

"Splash Screen"="rem E:\SplashScreen\SplashScreen.exe" [ ]

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-12-16 19:45 180269]

"YBrowser"="C:\Program Files\Yahoo!\browser\ybrwicon.exe" [2003-07-11 12:51 57344]

"IPInSightMonitor 01"="C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe" [2003-07-14 11:30 98304]

"UserFaultCheck"="rem C:\WINDOWS\system32\dumprep 0 -u" [ ]

"QAGENT"="C:\Program Files\quickenw\QAGENT.EXE" [2001-08-01 12:30 94208]

"NvCplDaemon"="NvQTwk" []

"Ink Monitor"="C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe" [2001-10-16 10:10 258118]

"Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2005-08-24 06:51 442455]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24 286720]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-10 08:18 270648]

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 21:59 115816]

"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-01-13 23:11 771704]

"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 19:51 583048]

"e4b94219"="C:\WINDOWS\system32\fwcplcxs.dll" [ ]

"BDMCon"="C:\Program Files\Softwin\BitDefender10\bdmcon.exe" [2007-04-02 15:48 290816]

"BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [2007-03-26 14:49 69632]

C:\Documents and Settings\RM\Start Menu\Programs\Startup\

Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-11-19 12:39:17 344064]

YouTube Uploader.lnk - C:\Documents and Settings\RM\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe [2007-11-09 13:33:08 71152]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

AT&T Self Support Tool.lnk - C:\Program Files\SBC Self Support Tool\bin\matcli.exe [2007-07-24 16:49:58 217088]

EPSON Status Monitor 3 Environment Check 2.lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2007-06-15 10:23:35 127488]

Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 15:40:46 118784]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoBandCustomize"= 0 (0x0)

"NoMovingBands"= 0 (0x0)

"NoCloseDragDropBands"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=sockspy.dll

R2 mrtRate;mrtRate;C:\WINDOWS\system32\drivers\mrtRate.sys [2001-02-28 10:42]

R3 pae_1394;pae_1394;C:\WINDOWS\system32\Drivers\pae_1394.sys [2005-06-09 15:35]

R3 pae_avs;pae_avs;C:\WINDOWS\system32\Drivers\pae_avs.sys [2005-06-09 15:35]

R3 Ptserlp;PCTEL Serial Device Driver for PCI;C:\WINDOWS\system32\DRIVERS\ptserlp.sys [2001-08-17 05:28]

R3 WlanUIG;2Wire 802.11g USB Driver;C:\WINDOWS\system32\DRIVERS\WlanUIG.sys [2004-09-15 00:42]

S1 EACMOS;EACMOS;C:\WINDOWS\system32\drivers\EACMOS.SYS []

S3 Gcr432;Gcr432;C:\WINDOWS\system32\Drivers\gcr432.sys [2001-05-10 12:54]

S3 MA763010;M-Audio Fast Track;C:\WINDOWS\system32\drivers\MA763010.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9caadcfc-9a93-11db-88f3-0060b3bdec3e}]

\Shell\AutoRun\command - G:\LaunchU3.exe -a

*Newly Created Service* - COMHOST

.

Contents of the 'Scheduled Tasks' folder

"2008-02-19 04:13:31 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - RM.job"

- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:

"2001-12-27 20:04:33 C:\WINDOWS\Tasks\Registration reminder 1.job"

- C:\WINDOWS\System32\OOBE\oobebaln.exe

"2001-12-27 20:04:33 C:\WINDOWS\Tasks\Registration reminder 2.job"

- C:\WINDOWS\System32\OOBE\oobebaln.exe

"2001-12-27 20:04:34 C:\WINDOWS\Tasks\Registration reminder 3.job"

- C:\WINDOWS\System32\OOBE\oobebaln.exe

"2008-02-23 17:53:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"

- C:\Program Files\Symantec\LiveUpdate\NDetect.exe

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-02-23 09:42:07

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

C:\WINDOWS\System32\SCardSvr.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\WINDOWS\system32\cisvc.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\system32\crypserv.exe

C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\system32\pctspk.exe

C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE

C:\COMPAQ\CPQINET\CPQInet.exe

C:\Compaq\EAKDRV\EAUSBKBD.EXE

C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe

C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe

C:\WINDOWS\system32\fxssvc.exe

C:\PROGRA~1\Yahoo!\browser\ycommon.exe

C:\WINDOWS\system32\mrtMngr.EXE

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE

C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\WINDOWS\system32\SearchFilterHost.exe

.

**************************************************************************

.

Completion time: 2008-02-23 9:54:58 - machine was rebooted [RM]

ComboFix-quarantined-files.txt 2008-02-23 17:54:51

.

2008-02-23 11:03:05 --- E O F ---