Logs For Virus. Need Help, Please.

Hi,


I've been dealing with the Kernel Error 1256 problem...


Here's what I have done so far...and much of the trouble has subsided but still I have my doubts that I have cleaned everything or done it properly...and my OUTLOOK is now whacked and will not open or repair off of the CD-ROM.


I ran Vundo and Combo Fix. Deleted all the. tmp files. Installed and ran BitDefender and the ATF Cleaner.


Still get the 32]fwcplcxs.dll at start up, though.


Here's the deep scan log and hijack this log and the combo fix log


Thanks so much.


(PS...I understand these things probably at an intermediate level.)


//-----------------------------------------------------------------


//


// Product BitDefender Free Edition v10


// Product 10.2


//


// Created on: 21/02/2008 14:58:29


//


//-----------------------------------------------------------------


Virus Statistics


Scan path : C:\WINDOWS


C:\Program Files


Folders : 4979


Files : 34357


Memory processes scanned : 0


Archives : 1


Runtime packers : 2734


Identified viruses : 8


Infected files : 13


Memory processes infected : 0


Suspect files : 2


Warnings : 0


Disinfected files : 0


Deleted files : 0


Moved files : 8


I/O errors : 3


Scan time : 01:09:16


Scan speed (files/sec) : 8


Virus definitions : 982856


Scan plugins : 16


Archive plugins : 41


Unpack plugins : 7


Mail plugins : 6


System plugins : 5


Virus scan options


Detection


[X] Scan boot sectors


[ ] Memory Processes


[ ] Scan archives


[X] Scan runtime packers


[X] Scan email


File mask


[X] Programs


[ ] All files


[ ] User defined extensions:


[ ] Exclude extensions: ;


Action


Infected objects


[ ] Ignore


[X] Disinfect


[ ] Delete


[ ] Move to quarantine


[ ] Prompt user


Second action


[ ] Ignore


[ ] Delete


[X] Move to quarantine


[ ] Prompt user


Virus scan options


[X] Enable warnings


[ ] Enable heuristics


[ ] Show all files in log


[X] Report file: C:\DOCUME~1\RM\LOCALS~1\Temp\1203634709.log


Spyware scan options


[X] Scan for riskware


[ ] Skip dial and applications from scan


[ ] Registry keys


[ ] Cookies


Summary:


C:\WINDOWS\Installer\122bbd3.msi=>(Embedded EXE) Detected: Adware.Ezula.FD


C:\WINDOWS\Installer\122bbd3.msi=>(Embedded EXE) Disinfection failed


C:\WINDOWS\Installer\122bbd3.msi=>(Embedded EXE) Detected: Adware.Gator.AD


C:\WINDOWS\Installer\122bbd3.msi=>(Embedded EXE) Infected: Dropped:Trojan.Ebates.A


C:\WINDOWS\Installer\122bbd3.msi=>(Embedded EXE) Disinfection failed


C:\WINDOWS\Installer\122bbd3.msi Moved


C:\WINDOWS\Installer\f287b8.msi=>(Embedded EXE) Detected: Adware.Ezula.FD


C:\WINDOWS\Installer\f287b8.msi=>(Embedded EXE) Disinfection failed


C:\WINDOWS\Installer\f287b8.msi=>(Embedded EXE) Detected: Adware.Gator.AD


C:\WINDOWS\Installer\f287b8.msi=>(Embedded EXE) Infected: Dropped:Trojan.Ebates.A


C:\WINDOWS\Installer\f287b8.msi=>(Embedded EXE) Disinfection failed


C:\WINDOWS\Installer\f287b8.msi Moved


C:\WINDOWS\system32\a1\tliamdll2.exe Infected: Trojan.Downloader.Small.BUY


C:\WINDOWS\system32\a1\tliamdll2.exe Disinfection failed


C:\WINDOWS\system32\a1\tliamdll2.exe Moved


C:\WINDOWS\system32\oqstv.ini Infected: Trojan.Vundo.DVS


C:\WINDOWS\system32\oqstv.ini Disinfection failed


C:\WINDOWS\system32\oqstv.ini Moved


C:\WINDOWS\tk58.exe Infected: Trojan.BHO.AW


C:\WINDOWS\tk58.exe Disinfection failed


C:\WINDOWS\tk58.exe Moved


C:\WINDOWS\Uk0\asappsrv.dll Detected: Adware.CommAd.A


C:\WINDOWS\Uk0\asappsrv.dll Disinfection failed


C:\WINDOWS\Uk0\asappsrv.dll Move failed


C:\Program Files\MSN\lazup.dll Infected: Trojan.BHO.AW


C:\Program Files\MSN\lazup.dll Disinfection failed


C:\Program Files\MSN\lazup.dll Moved


C:\Program Files\MSN\lazup888.dll Infected: Trojan.BHO.AW


C:\Program Files\MSN\lazup888.dll Disinfection failed


C:\Program Files\MSN\lazup888.dll Moved


C:\Program Files\MSN\lazup919.dll Infected: Trojan.BHO.AW


C:\Program Files\MSN\lazup919.dll Disinfection failed


C:\Program Files\MSN\lazup919.dll Moved


Logfile of Trend Micro HijackThis v2.0.2


Scan saved at 10:10:02 AM, on 2/23/2008


Platform: Windows XP SP2 (WinNT 5.01.2600)


MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Boot mode: Normal


Running processes:


C:\WINDOWS\System32\smss.exe


C:\WINDOWS\system32\winlogon.exe


C:\WINDOWS\system32\services.exe


C:\WINDOWS\system32\lsass.exe


C:\WINDOWS\system32\svchost.exe


C:\WINDOWS\System32\svchost.exe


C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe


C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe


C:\WINDOWS\system32\spoolsv.exe


C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe


C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe


C:\WINDOWS\system32\cisvc.exe


C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe


C:\WINDOWS\system32\crypserv.exe


C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe


C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE


C:\WINDOWS\System32\nvsvc32.exe


C:\WINDOWS\system32\pctspk.exe


C:\WINDOWS\System32\svchost.exe


C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe


C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe


C:\WINDOWS\system32\SearchIndexer.exe


C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe


C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE


C:\COMPAQ\CPQINET\CPQInet.exe


C:\Compaq\EAKDRV\EAUSBKBD.EXE


C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe


C:\WINDOWS\system32\fxssvc.exe


C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe


C:\Program Files\Common Files\Real\Update_OB\realsched.exe


C:\Program Files\Yahoo!\browser\ybrwicon.exe


C:\Program Files\quickenw\QAGENT.EXE


C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe


C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe


C:\PROGRA~1\Yahoo!\browser\ycommon.exe


C:\Program Files\QuickTime\qttask.exe


C:\Program Files\iTunes\iTunesHelper.exe


C:\WINDOWS\system32\mrtMngr.EXE


C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe


C:\Program Files\Softwin\BitDefender10\bdmcon.exe


C:\Program Files\Softwin\BitDefender10\bdagent.exe


C:\WINDOWS\system32\ctfmon.exe


C:\Program Files\Pando Networks\Pando\Pando.exe


C:\Documents and Settings\RM\Local Settings\Application Data\Google\Update\1.0.103.3\GoogleUpdate.exe


C:\Program Files\Windows Desktop Search\WindowsSearch.exe


C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe


C:\Documents and Settings\RM\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe


C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE


C:\WINDOWS\explorer.exe


C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe


C:\Program Files\iPod\bin\iPodService.exe


C:\WINDOWS\system32\cidaemon.exe


C:\WINDOWS\system32\SearchProtocolHost.exe


C:\Program Files\Internet Explorer\IEXPLORE.EXE


C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe


C:\WINDOWS\system32\rundll32.exe


C:\WINDOWS\system32\wuauclt.exe


C:\Documents and Settings\RM\Desktop\HiJackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.huffingtonpost.com/


R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage


R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://securityresponse.symantec.com/avcenter/fix_homepage


R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1


R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll


O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll


O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll


O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll


O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll


O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll


O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll


O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll


O2 - BHO: (no name) - {66A12149-C2D5-4E22-A21A-D98ABC89D1E9} - C:\WINDOWS\system32\pmnno.dll (file missing)


O2 - BHO: 0 - {A2DA4664-3FCA-4AF9-BC91-210A33AF8138} - C:\Program Files\MSN\lazup888.dll (file missing)


O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll


O2 - BHO: {cd2901d2-75fa-0ffb-7934-bfcc275c114c} - {c411c572-ccfb-4397-bff0-af572d1092dc} - C:\WINDOWS\system32\mrburgah.dll (file missing)


O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll


O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll


O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe


O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"


O4 - HKLM\..\Run: [smapp] rem Smtray.exe


O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers


O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe


O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe


O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe


O4 - HKLM\..\Run: [splash Screen] rem E:\SplashScreen\SplashScreen.exe


O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot


O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe


O4 - HKLM\..\Run: [iPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"


O4 - HKLM\..\Run: [userFaultCheck] rem %systemroot%\system32\dumprep 0 -u


O4 - HKLM\..\Run: [QAGENT] C:\Program Files\quickenw\QAGENT.EXE


O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize


O4 - HKLM\..\Run: [ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe


O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe


O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime


O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"


O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"


O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"


O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"


O4 - HKLM\..\Run: [e4b94219] rundll32.exe "C:\WINDOWS\system32\fwcplcxs.dll",b


O4 - HKLM\..\Run: [bDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg


O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"


O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background


O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet


O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe


O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized


O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\RM\Local Settings\Application Data\Google\Update\1.0.103.3\GoogleUpdate.exe"


O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe


O4 - Startup: YouTube Uploader.lnk = C:\Documents and Settings\RM\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe


O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe


O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE


O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe


O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm


O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228


O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227


O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm


O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm


O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm


O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll


O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Office12\REFIEBAR.DLL


O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll


O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe


O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe


O9 - Extra button: Support - {5DE92616-77D2-40A9-BA35-B095FD211534} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (HKCU)


O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll


O15 - Trusted Zone: *.amaena.com


O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813


O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab


O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab


O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab


O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204


O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll


O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200203...meInstaller.exe


O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab


O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab


O16 - DPF: {AE6C4705-0F11-4ACB-BDD4-37F138BEF289} (Image Uploader Control) - http://pc-photo.lifepics.com/net/Uploader/LPUploader45.cab


O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab


O16 - DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} (Plaxo Auto-Import Utility) - https://www.plaxo.com/activex/plx_upldr-2k-xp.cab


O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe


O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe


O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe


O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe


O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe


O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe


O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe


O23 - Service: Compaq Advisor (Compaq_RBA) - NeoPlanet - C:\Program Files\Compaq\Compaq Advisor\bin\compaq-rba.exe


O23 - Service: Crypkey License - Unknown owner - C:\WINDOWS\SYSTEM32\crypserv.exe


O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe


O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe


O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe


O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe


O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe


O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe


O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE


O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe


O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe


O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows (file missing)


O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)


O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe


O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe


O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe


O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe


O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe


O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE


--


End of file - 15041 bytes


ComboFix 08-02-22 - RM 2008-02-23 9:22:15.2 - NTFSx86


Running from: C:\Documents and Settings\RM\Desktop\ComboFix.exe


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!


.


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


.


C:\Program Files\Common Files\jupiw89104.dll


C:\WINDOWS\Downloaded Program Files\ODCTOOLS\ef6b26db-344d-4ad3-ba24-aca0bdaa999a.cab


C:\WINDOWS\Downloaded Program Files\ODCTOOLS\f04d289f-c60a-422b-8396-6c372047042e.cab


C:\WINDOWS\mrofinu1000106.exe


C:\WINDOWS\mrofinu572.exe


C:\WINDOWS\system32\mcrh.tmp


C:\WINDOWS\system32\nGpxx01\nGpxx011065.exe


C:\WINDOWS\system32\oqstv.ini


C:\WINDOWS\system32\oqstv.ini2


C:\WINDOWS\system32\p9\liopud89104.exe


C:\WINDOWS\system32\pac.txt


C:\WINDOWS\system32\vtsqo.dll


C:\WINDOWS\system32\w11\hiba3133.exe


C:\WINDOWS\system32\windows


C:\WINDOWS\system32\yayxyyy.dll


.


---- Previous Run -------


.


C:\Program Files\Common Files\jupiw89104.dll


C:\Program Files\sembly~1


C:\WINDOWS\Downloaded Program Files\ODCTOOLS


C:\WINDOWS\Downloaded Program Files\ODCTOOLS\ef6b26db-344d-4ad3-ba24-aca0bdaa999a.cab


C:\WINDOWS\Downloaded Program Files\ODCTOOLS\f04d289f-c60a-422b-8396-6c372047042e.cab


C:\WINDOWS\mrofinu1000106.exe


C:\WINDOWS\mrofinu572.exe


C:\WINDOWS\system32\a1


C:\WINDOWS\system32\mcrh.tmp


C:\WINDOWS\system32\nGpxx01


C:\WINDOWS\system32\nGpxx01\nGpxx011065.exe


C:\WINDOWS\system32\oqstv.ini


C:\WINDOWS\system32\oqstv.ini2


C:\WINDOWS\system32\p9


C:\WINDOWS\system32\p9\liopud89104.exe


C:\WINDOWS\system32\pac.txt


C:\WINDOWS\system32\vtsqo.dll


C:\WINDOWS\system32\w11


C:\WINDOWS\system32\w11\hiba3133.exe


C:\WINDOWS\system32\windows


C:\WINDOWS\system32\yayxyyy.dll


C:\WINDOWS\ymante~1


.


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


.


-------\LEGACY_CMDSERVICE


-------\LEGACY_NETWORK_MONITOR


((((((((((((((((((((((((( Files Created from 2008-01-23 to 2008-02-23 )))))))))))))))))))))))))))))))


.


2008-02-23 03:00 . 2008-02-23 03:00 <DIR> d----c--- C:\WINDOWS\LastGood.Tmp


2008-02-21 17:24 . 2008-02-21 17:24 <DIR> d----c--- C:\sUBs


2008-02-21 16:32 . 2008-02-22 18:28 54,156 --ah-c--- C:\WINDOWS\QTFont.qfn


2008-02-21 16:32 . 2008-02-21 16:32 1,409 --a--c--- C:\WINDOWS\QTFont.for


2008-02-21 16:24 . 2008-02-21 16:24 <DIR> d----c--- C:\Documents and Settings\RM\Application Data\Bitdefender


2008-02-21 14:57 . 2008-02-23 09:38 81,984 --a--c--- C:\WINDOWS\system32\bdod.bin


2008-02-21 14:54 . 2008-02-21 14:54 <DIR> d----c--- C:\Program Files\Softwin


2008-02-21 14:54 . 2008-02-21 14:55 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\BitDefender


2008-02-21 14:52 . 2008-02-21 14:55 <DIR> d----c--- C:\Program Files\Common Files\Softwin


2008-02-21 12:39 . 2008-02-21 12:39 <DIR> d----c--- C:\Documents and Settings\RM\Application Data\Roxio


2008-02-20 22:30 . 2008-02-22 02:51 <DIR> d----c--- C:\VundoFix Backups


2008-02-19 15:37 . 2008-02-20 12:03 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Rabio


2008-02-19 15:32 . 2008-02-19 16:14 <DIR> d----c--- C:\WINDOWS\system32\dv6


2008-02-19 15:32 . 2008-02-19 15:32 36,864 --a--c--- C:\WINDOWS\mrofinu572.exe.tmp


2008-02-11 15:11 . 2008-02-11 15:13 <DIR> d----c--- C:\Documents and Settings\RM\Application Data\VideoEgg


.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))


.


2008-02-23 05:13 --------- dc----w C:\Program Files\OFFICE11


2008-02-23 05:13 --------- dc----w C:\Program Files\EPSON


2008-02-22 16:53 --------- dc----w C:\Documents and Settings\All Users\Application Data\Microsoft Help


2008-02-22 16:51 --------- dc----w C:\Program Files\Office12


2008-02-22 16:51 --------- dc----w C:\Program Files\Document Themes 12


2008-02-22 16:50 --------- dc----w C:\Program Files\Microsoft Works


2008-02-22 01:34 --------- dc----w C:\Program Files\quickenw


2008-02-21 06:23 --------- dc----w C:\Program Files\SpywareBlaster


2008-02-20 00:16 --------- dc----w C:\Program Files\Common Files\Symantec Shared


2008-02-02 07:05 --------- dc----w C:\Documents and Settings\All Users\Application Data\Symantec


2008-01-30 20:00 --------- dc----w C:\Documents and Settings\RM\Application Data\AdobeUM


2008-01-18 23:48 --------- dc----w C:\Program Files\Sony


2008-01-15 17:54 10,537 -c--a-w C:\WINDOWS\system32\drivers\COH_Mon.cat


2008-01-15 13:28 706 -c--a-w C:\WINDOWS\system32\drivers\COH_Mon.inf


2008-01-13 19:04 --------- dc----w C:\Program Files\Microsoft Money Plus


2008-01-13 02:32 23,904 -c--a-w C:\WINDOWS\system32\drivers\COH_Mon.sys


2008-01-07 04:59 --------- dc----w C:\Program Files\microsoft frontpage


2008-01-04 20:31 --------- dc----w C:\Program Files\Microsoft Money


2008-01-04 08:31 57,344 -c--a-w C:\WINDOWS\uneng.exe


2008-01-04 08:31 30,662 -c--a-w C:\WINDOWS\system32\drivers\Mmc_2k.sys


2008-01-04 08:31 25,930 -c--a-w C:\WINDOWS\system32\drivers\Dvd_2k.sys


2008-01-04 08:31 241,280 -c--a-w C:\WINDOWS\system32\drivers\cdudf_xp.sys


2008-01-04 08:31 206,464 -c--a-w C:\WINDOWS\system32\drivers\udfreadr_xp.sys


2008-01-04 08:31 144,250 -c--a-w C:\WINDOWS\system32\drivers\pwd_2K.sys


2008-01-04 08:31 --------- dc----w C:\Program Files\Common Files\Adaptec Shared


2008-01-04 08:31 --------- dc----w C:\Program Files\Adaptec


2008-01-04 08:11 --------- dc----w C:\Program Files\Ashampoo


2008-01-04 08:07 --------- dc----w C:\Program Files\DivX


2008-01-04 07:01 --------- dc----w C:\Documents and Settings\RM\Application Data\DVD Flick


2008-01-04 05:54 167 -c--a-w C:\Program Files\INSTALL.LOG


2008-01-03 19:21 --------- dc----w C:\Documents and Settings\RM\Application Data\Pegasys Inc


2008-01-02 19:27 --------- dc--a-w C:\Documents and Settings\All Users\Application Data\TEMP


2008-01-02 06:17 13,531,608 -c--a-w C:\Program Files\videoeditmagic.exe


2008-01-01 19:53 --------- dc----w C:\Documents and Settings\RM\Application Data\OfficeUpdate12


2007-12-26 18:27 --------- dc----w C:\Program Files\Ableton


2007-12-26 18:01 --------- dc----w C:\Program Files\NCH Swift Sound


2007-12-26 17:57 --------- dc----w C:\Documents and Settings\All Users\Application Data\Skype


2007-12-26 17:31 --------- dc----w C:\Documents and Settings\RM\Application Data\Fisher-Price


2007-12-26 17:28 --------- dc----w C:\Program Files\Fisher-Price


2007-12-14 23:34 286,720 -c--a-w C:\WINDOWS\iun506.exe


2007-10-27 22:25 30,167,512 -c--a-w C:\Program Files\cdarchitect52c_enu.exe


2007-10-27 22:25 1,818,232 -c--a-w C:\Program Files\cdarchitect52_manual.exe


2007-10-27 22:23 6,730,272 -c--a-w C:\Program Files\masteringeffectsbundle_soundforge_setup.exe


2007-10-27 22:21 6,178,453 -c--a-w C:\Program Files\soundforge90_manual.exe


2007-10-27 22:19 72,924,904 -c--a-w C:\Program Files\soundforge90c_enu.exe


2007-09-18 03:58 751,768 -c--a-w C:\Program Files\db-directx.exe


2007-09-16 06:23 71,283,560 -c--a-w C:\Program Files\soundforge90a_enu.exe


2007-08-27 23:36 1,287,784 -c--a-w C:\Program Files\AudibleDM_iTunesSetup.exe


2007-07-26 19:01 192,614 -c--a-w C:\Program Files\TBFDropZoneInstaller.exe


2006-12-28 21:21 36,808,256 -c--a-w C:\Program Files\iTunesSetup.exe


2006-11-26 18:53 5,900,416 -c--a-w C:\Program Files\Firefox Setup 2.0.exe


2006-11-26 18:49 19,203,280 -c--a-w C:\Program Files\nsb-install-8-1-2.exe


2006-08-06 01:16 5,279,254 -c--a-w C:\Program Files\BackupDVD.exe


2006-05-20 01:45 14,650,070 -c--a-w C:\Program Files\StuffItStandard9.exe


2006-05-07 20:16 243,512 -c--a-w C:\Program Files\jre-1_5_0_06-windows-i586-p-iftw.exe


2006-05-06 21:01 47,633,576 -c--a-w C:\Program Files\iPodSetup.exe


2006-01-22 23:59 11,817,800 -c--a-w C:\Program Files\GoogleEarth.exe


2005-07-12 20:51 160 -c--a-w C:\Program Files\WS_FTP.LOG


2005-03-27 04:12 5,629,711 -c--a-w C:\Program Files\Chess Winboard.exe


2005-02-17 21:19 36,009,360 -c--a-w C:\Program Files\1201bandinaboxprowin.exe


2005-01-09 20:17 84,137 -c--a-w C:\Program Files\quickenw.QIF


2003-12-04 19:43 9,134,648 -c--a-w C:\Program Files\AdbeRdr60_enu.exe


2003-11-22 01:03 2,226,304 -c--a-w C:\Program Files\microsoft download 112103.exe


2002-05-18 18:25 5,617,948 -c--a-w C:\Program Files\STUFFIT7.EXE


2002-05-13 21:50 1,597,440 -c--a-w C:\Program Files\xerces-c_1_6.dll


2002-05-13 21:49 196,608 -c--a-w C:\Program Files\MMxpt.dll


2002-05-13 21:49 18,192 -c--a-w C:\Program Files\PSAPI.DLL


2002-05-13 21:49 14,848 -c--a-w C:\Program Files\MM.ASPNetDesignerMgr.dll


1999-06-25 18:55 149,504 -c--a-w C:\Program Files\UNWISE.EXE


.


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


.


.


*Note* empty entries & legit default entries are not shown


REGEDIT4


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{66A12149-C2D5-4E22-A21A-D98ABC89D1E9}]


C:\WINDOWS\system32\pmnno.dll


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A2DA4664-3FCA-4AF9-BC91-210A33AF8138}]


C:\Program Files\MSN\lazup888.dll


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c411c572-ccfb-4397-bff0-af572d1092dc}]


C:\WINDOWS\system32\mrburgah.dll


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]


"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [ ]


"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2006-11-30 21:49 4662776]


"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]


"Pando"="C:\Program Files\Pando Networks\Pando\Pando.exe" [2008-02-09 14:02 6051144]


"Google Update"="C:\Documents and Settings\RM\Local Settings\Application Data\Google\Update\1.0.103.3\GoogleUpdate.exe" [2008-02-15 11:45 21488]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]


"CPQEASYACC"="C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe" [2001-08-15 10:50 28672]


"WCOLOREAL"="C:\Program Files\COMPAQ\Coloreal\coloreal.exe" [2001-09-26 08:30 131072]


"Smapp"="rem Smtray.exe" []


"WorksFUD"="" []


"Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [2000-07-13 12:00 311350]


"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [ ]


"srmclean"="C:\Cpqs\Scom\srmclean.exe" [2001-07-24 13:34 36864]


"AdaptecDirectCD"="C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" [2008-01-04 00:31 684032]


"Splash Screen"="rem E:\SplashScreen\SplashScreen.exe" [ ]


"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-12-16 19:45 180269]


"YBrowser"="C:\Program Files\Yahoo!\browser\ybrwicon.exe" [2003-07-11 12:51 57344]


"IPInSightMonitor 01"="C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe" [2003-07-14 11:30 98304]


"UserFaultCheck"="rem C:\WINDOWS\system32\dumprep 0 -u" [ ]


"QAGENT"="C:\Program Files\quickenw\QAGENT.EXE" [2001-08-01 12:30 94208]


"NvCplDaemon"="NvQTwk" []


"Ink Monitor"="C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe" [2001-10-16 10:10 258118]


"Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2005-08-24 06:51 442455]


"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24 286720]


"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-10 08:18 270648]


"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 21:59 115816]


"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-01-13 23:11 771704]


"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 19:51 583048]


"e4b94219"="C:\WINDOWS\system32\fwcplcxs.dll" [ ]


"BDMCon"="C:\Program Files\Softwin\BitDefender10\bdmcon.exe" [2007-04-02 15:48 290816]


"BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [2007-03-26 14:49 69632]


C:\Documents and Settings\RM\Start Menu\Programs\Startup\


Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-11-19 12:39:17 344064]


YouTube Uploader.lnk - C:\Documents and Settings\RM\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe [2007-11-09 13:33:08 71152]


C:\Documents and Settings\All Users\Start Menu\Programs\Startup\


AT&T Self Support Tool.lnk - C:\Program Files\SBC Self Support Tool\bin\matcli.exe [2007-07-24 16:49:58 217088]


EPSON Status Monitor 3 Environment Check 2.lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2007-06-15 10:23:35 127488]


Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 15:40:46 118784]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]


"NoBandCustomize"= 0 (0x0)


"NoMovingBands"= 0 (0x0)


"NoCloseDragDropBands"= 0 (0x0)


[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]


"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]


"AppInit_DLLs"=sockspy.dll


R2 mrtRate;mrtRate;C:\WINDOWS\system32\drivers\mrtRate.sys [2001-02-28 10:42]


R3 pae_1394;pae_1394;C:\WINDOWS\system32\Drivers\pae_1394.sys [2005-06-09 15:35]


R3 pae_avs;pae_avs;C:\WINDOWS\system32\Drivers\pae_avs.sys [2005-06-09 15:35]


R3 Ptserlp;PCTEL Serial Device Driver for PCI;C:\WINDOWS\system32\DRIVERS\ptserlp.sys [2001-08-17 05:28]


R3 WlanUIG;2Wire 802.11g USB Driver;C:\WINDOWS\system32\DRIVERS\WlanUIG.sys [2004-09-15 00:42]


S1 EACMOS;EACMOS;C:\WINDOWS\system32\drivers\EACMOS.SYS []


S3 Gcr432;Gcr432;C:\WINDOWS\system32\Drivers\gcr432.sys [2001-05-10 12:54]


S3 MA763010;M-Audio Fast Track;C:\WINDOWS\system32\drivers\MA763010.sys []


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9caadcfc-9a93-11db-88f3-0060b3bdec3e}]


\Shell\AutoRun\command - G:\LaunchU3.exe -a


*Newly Created Service* - COMHOST


.


Contents of the 'Scheduled Tasks' folder


"2008-02-19 04:13:31 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - RM.job"


- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:


"2001-12-27 20:04:33 C:\WINDOWS\Tasks\Registration reminder 1.job"


- C:\WINDOWS\System32\OOBE\oobebaln.exe


"2001-12-27 20:04:33 C:\WINDOWS\Tasks\Registration reminder 2.job"


- C:\WINDOWS\System32\OOBE\oobebaln.exe


"2001-12-27 20:04:34 C:\WINDOWS\Tasks\Registration reminder 3.job"


- C:\WINDOWS\System32\OOBE\oobebaln.exe


"2008-02-23 17:53:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"


- C:\Program Files\Symantec\LiveUpdate\NDetect.exe


.


**************************************************************************


catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net


Rootkit scan 2008-02-23 09:42:07


Windows 5.1.2600 Service Pack 2 NTFS


scanning hidden processes ...


scanning hidden autostart entries ...


scanning hidden files ...


scan completed successfully


hidden files: 0


**************************************************************************


.


------------------------ Other Running Processes ------------------------


.


C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe


C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe


C:\WINDOWS\System32\SCardSvr.exe


C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe


C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe


C:\WINDOWS\system32\cisvc.exe


C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe


C:\WINDOWS\system32\crypserv.exe


C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe


C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE


C:\WINDOWS\System32\nvsvc32.exe


C:\WINDOWS\system32\pctspk.exe


C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe


C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe


C:\WINDOWS\system32\SearchIndexer.exe


C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE


C:\COMPAQ\CPQINET\CPQInet.exe


C:\Compaq\EAKDRV\EAUSBKBD.EXE


C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe


C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe


C:\WINDOWS\system32\fxssvc.exe


C:\PROGRA~1\Yahoo!\browser\ycommon.exe


C:\WINDOWS\system32\mrtMngr.EXE


C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE


C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe


C:\Program Files\iPod\bin\iPodService.exe


C:\WINDOWS\system32\cidaemon.exe


C:\WINDOWS\system32\SearchProtocolHost.exe


C:\WINDOWS\system32\SearchFilterHost.exe


.


**************************************************************************


.


Completion time: 2008-02-23 9:54:58 - machine was rebooted [RM]


ComboFix-quarantined-files.txt 2008-02-23 17:54:51


.


2008-02-23 11:03:05 --- E O F ---

Comments

  • First of all your Hijackthis is installed in the wrong location, please reinstall Hijackthis on your C: drive


    Also, you must rename C:\Program Files\Trend Micro\HijackThis\HijackThis.exe to anything.exe you feel comfortable with, as new baddies are now able to detect and hide from hijackthis.exe. Change it to something like clear.exe


    Double click clear.exe and make a new log and post it to your reply

  • First of all your Hijackthis is installed in the wrong location, please reinstall Hijackthis on your C: drive


    Also, you must rename C:\Program Files\Trend Micro\HijackThis\HijackThis.exe to anything.exe you feel comfortable with, as new baddies are now able to detect and hide from hijackthis.exe. Change it to something like clear.exe


    Double click clear.exe and make a new log and post it to your reply

  • is the same true for most spyware programs? I loaded vundo, bitdefender, atfcleaner and combofix onto my desktop as I thought I could get to them easier. hmmm? Thanks for the help thus far! Will re-install hijackthis now.

  • Hello,


    Please try sending us the files "C:\WINDOWS\system32\fwcplcxs.dll", "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll", "C:\WINDOWS\system32\mrtMngr.EXE". If you cannot copy fwcplcxs.dll try terminating rundll32.exe process first.

  • Logfile of Trend Micro HijackThis v2.0.2


    Scan saved at 12:55:32 PM, on 2/23/2008


    Platform: Windows XP SP2 (WinNT 5.01.2600)


    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


    Boot mode: Normal


    Running processes:


    C:\WINDOWS\System32\smss.exe


    C:\WINDOWS\system32\winlogon.exe


    C:\WINDOWS\system32\services.exe


    C:\WINDOWS\system32\lsass.exe


    C:\WINDOWS\system32\svchost.exe


    C:\WINDOWS\System32\svchost.exe


    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe


    C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe


    C:\WINDOWS\system32\spoolsv.exe


    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe


    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe


    C:\WINDOWS\system32\cisvc.exe


    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe


    C:\WINDOWS\system32\crypserv.exe


    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe


    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE


    C:\WINDOWS\System32\nvsvc32.exe


    C:\WINDOWS\system32\pctspk.exe


    C:\WINDOWS\System32\svchost.exe


    C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe


    C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe


    C:\WINDOWS\system32\SearchIndexer.exe


    C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe


    C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE


    C:\COMPAQ\CPQINET\CPQInet.exe


    C:\Compaq\EAKDRV\EAUSBKBD.EXE


    C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe


    C:\WINDOWS\system32\fxssvc.exe


    C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe


    C:\Program Files\Common Files\Real\Update_OB\realsched.exe


    C:\Program Files\Yahoo!\browser\ybrwicon.exe


    C:\Program Files\quickenw\QAGENT.EXE


    C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe


    C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe


    C:\PROGRA~1\Yahoo!\browser\ycommon.exe


    C:\Program Files\QuickTime\qttask.exe


    C:\Program Files\iTunes\iTunesHelper.exe


    C:\WINDOWS\system32\mrtMngr.EXE


    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe


    C:\Program Files\Softwin\BitDefender10\bdmcon.exe


    C:\Program Files\Softwin\BitDefender10\bdagent.exe


    C:\WINDOWS\system32\ctfmon.exe


    C:\Program Files\Pando Networks\Pando\Pando.exe


    C:\Documents and Settings\RM\Local Settings\Application Data\Google\Update\1.0.103.3\GoogleUpdate.exe


    C:\Program Files\Windows Desktop Search\WindowsSearch.exe


    C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe


    C:\Documents and Settings\RM\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe


    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE


    C:\WINDOWS\explorer.exe


    C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe


    C:\Program Files\iPod\bin\iPodService.exe


    C:\WINDOWS\system32\cidaemon.exe


    C:\Program Files\Internet Explorer\IEXPLORE.EXE


    C:\PROGRA~1\Office12\OUTLOOK.EXE


    C:\Program Files\Office12\OUTLOOK.EXE


    C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe


    C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE


    C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE


    C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe


    C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe


    C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe


    C:\Program Files\rosesthis.exe


    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.huffingtonpost.com/


    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage


    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://securityresponse.symantec.com/avcenter/fix_homepage


    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1


    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll


    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll


    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll


    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll


    O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll


    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll


    O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll


    O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll


    O2 - BHO: (no name) - {66A12149-C2D5-4E22-A21A-D98ABC89D1E9} - C:\WINDOWS\system32\pmnno.dll (file missing)


    O2 - BHO: 0 - {A2DA4664-3FCA-4AF9-BC91-210A33AF8138} - C:\Program Files\MSN\lazup888.dll (file missing)


    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll


    O2 - BHO: {cd2901d2-75fa-0ffb-7934-bfcc275c114c} - {c411c572-ccfb-4397-bff0-af572d1092dc} - C:\WINDOWS\system32\mrburgah.dll (file missing)


    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll


    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll


    O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe


    O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"


    O4 - HKLM\..\Run: [smapp] rem Smtray.exe


    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers


    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe


    O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe


    O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe


    O4 - HKLM\..\Run: [splash Screen] rem E:\SplashScreen\SplashScreen.exe


    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot


    O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe


    O4 - HKLM\..\Run: [iPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"


    O4 - HKLM\..\Run: [userFaultCheck] rem %systemroot%\system32\dumprep 0 -u


    O4 - HKLM\..\Run: [QAGENT] C:\Program Files\quickenw\QAGENT.EXE


    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize


    O4 - HKLM\..\Run: [ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe


    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe


    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime


    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"


    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"


    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"


    O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"


    O4 - HKLM\..\Run: [e4b94219] rundll32.exe "C:\WINDOWS\system32\fwcplcxs.dll",b


    O4 - HKLM\..\Run: [bDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg


    O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"


    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background


    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet


    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe


    O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized


    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\RM\Local Settings\Application Data\Google\Update\1.0.103.3\GoogleUpdate.exe"


    O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe


    O4 - Startup: YouTube Uploader.lnk = C:\Documents and Settings\RM\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe


    O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe


    O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE


    O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe


    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm


    O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228


    O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227


    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm


    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm


    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm


    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll


    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Office12\REFIEBAR.DLL


    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll


    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe


    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe


    O9 - Extra button: Support - {5DE92616-77D2-40A9-BA35-B095FD211534} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (HKCU)


    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll


    O15 - Trusted Zone: *.amaena.com


    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813


    O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab


    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab


    O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab


    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204


    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll


    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200203...meInstaller.exe


    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab


    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab


    O16 - DPF: {AE6C4705-0F11-4ACB-BDD4-37F138BEF289} (Image Uploader Control) - http://pc-photo.lifepics.com/net/Uploader/LPUploader45.cab


    O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab


    O16 - DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} (Plaxo Auto-Import Utility) - https://www.plaxo.com/activex/plx_upldr-2k-xp.cab


    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe


    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe


    O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe


    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe


    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe


    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe


    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe


    O23 - Service: Compaq Advisor (Compaq_RBA) - NeoPlanet - C:\Program Files\Compaq\Compaq Advisor\bin\compaq-rba.exe


    O23 - Service: Crypkey License - Unknown owner - C:\WINDOWS\SYSTEM32\crypserv.exe


    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe


    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe


    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe


    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe


    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe


    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe


    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE


    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe


    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe


    O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows (file missing)


    O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)


    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe


    O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe


    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe


    O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe


    O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe


    O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE


    --


    End of file - 15250 bytes

  • Here's the new HIJACK THIS LOG and the 2 files I could upload.....


    there is no 32\fwcplcxs.dll and no rundll to terminate....


    Logfile of Trend Micro HijackThis v2.0.2


    Scan saved at 12:55:32 PM, on 2/23/2008


    Platform: Windows XP SP2 (WinNT 5.01.2600)


    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


    Boot mode: Normal


    Running processes:


    C:\WINDOWS\System32\smss.exe


    C:\WINDOWS\system32\winlogon.exe


    C:\WINDOWS\system32\services.exe


    C:\WINDOWS\system32\lsass.exe


    C:\WINDOWS\system32\svchost.exe


    C:\WINDOWS\System32\svchost.exe


    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe


    C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe


    C:\WINDOWS\system32\spoolsv.exe


    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe


    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe


    C:\WINDOWS\system32\cisvc.exe


    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe


    C:\WINDOWS\system32\crypserv.exe


    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe


    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE


    C:\WINDOWS\System32\nvsvc32.exe


    C:\WINDOWS\system32\pctspk.exe


    C:\WINDOWS\System32\svchost.exe


    C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe


    C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe


    C:\WINDOWS\system32\SearchIndexer.exe


    C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe


    C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE


    C:\COMPAQ\CPQINET\CPQInet.exe


    C:\Compaq\EAKDRV\EAUSBKBD.EXE


    C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe


    C:\WINDOWS\system32\fxssvc.exe


    C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe


    C:\Program Files\Common Files\Real\Update_OB\realsched.exe


    C:\Program Files\Yahoo!\browser\ybrwicon.exe


    C:\Program Files\quickenw\QAGENT.EXE


    C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe


    C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe


    C:\PROGRA~1\Yahoo!\browser\ycommon.exe


    C:\Program Files\QuickTime\qttask.exe


    C:\Program Files\iTunes\iTunesHelper.exe


    C:\WINDOWS\system32\mrtMngr.EXE


    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe


    C:\Program Files\Softwin\BitDefender10\bdmcon.exe


    C:\Program Files\Softwin\BitDefender10\bdagent.exe


    C:\WINDOWS\system32\ctfmon.exe


    C:\Program Files\Pando Networks\Pando\Pando.exe


    C:\Documents and Settings\RM\Local Settings\Application Data\Google\Update\1.0.103.3\GoogleUpdate.exe


    C:\Program Files\Windows Desktop Search\WindowsSearch.exe


    C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe


    C:\Documents and Settings\RM\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe


    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE


    C:\WINDOWS\explorer.exe


    C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe


    C:\Program Files\iPod\bin\iPodService.exe


    C:\WINDOWS\system32\cidaemon.exe


    C:\Program Files\Internet Explorer\IEXPLORE.EXE


    C:\PROGRA~1\Office12\OUTLOOK.EXE


    C:\Program Files\Office12\OUTLOOK.EXE


    C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe


    C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE


    C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE


    C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe


    C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe


    C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe


    C:\Program Files\rosesthis.exe


    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.huffingtonpost.com/


    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage


    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://securityresponse.symantec.com/avcenter/fix_homepage


    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1


    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll


    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll


    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll


    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll


    O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll


    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll


    O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll


    O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll


    O2 - BHO: (no name) - {66A12149-C2D5-4E22-A21A-D98ABC89D1E9} - C:\WINDOWS\system32\pmnno.dll (file missing)


    O2 - BHO: 0 - {A2DA4664-3FCA-4AF9-BC91-210A33AF8138} - C:\Program Files\MSN\lazup888.dll (file missing)


    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll


    O2 - BHO: {cd2901d2-75fa-0ffb-7934-bfcc275c114c} - {c411c572-ccfb-4397-bff0-af572d1092dc} - C:\WINDOWS\system32\mrburgah.dll (file missing)


    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll


    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll


    O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe


    O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"


    O4 - HKLM\..\Run: [smapp] rem Smtray.exe


    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers


    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe


    O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe


    O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe


    O4 - HKLM\..\Run: [splash Screen] rem E:\SplashScreen\SplashScreen.exe


    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot


    O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe


    O4 - HKLM\..\Run: [iPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"


    O4 - HKLM\..\Run: [userFaultCheck] rem %systemroot%\system32\dumprep 0 -u


    O4 - HKLM\..\Run: [QAGENT] C:\Program Files\quickenw\QAGENT.EXE


    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize


    O4 - HKLM\..\Run: [ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe


    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe


    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime


    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"


    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"


    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"


    O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"


    O4 - HKLM\..\Run: [e4b94219] rundll32.exe "C:\WINDOWS\system32\fwcplcxs.dll",b


    O4 - HKLM\..\Run: [bDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg


    O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"


    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background


    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet


    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe


    O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized


    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\RM\Local Settings\Application Data\Google\Update\1.0.103.3\GoogleUpdate.exe"


    O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe


    O4 - Startup: YouTube Uploader.lnk = C:\Documents and Settings\RM\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe


    O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe


    O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE


    O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe


    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm


    O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228


    O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227


    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm


    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm


    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm


    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll


    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Office12\REFIEBAR.DLL


    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll


    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe


    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe


    O9 - Extra button: Support - {5DE92616-77D2-40A9-BA35-B095FD211534} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (HKCU)


    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll


    O15 - Trusted Zone: *.amaena.com


    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813


    O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab


    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab


    O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab


    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204


    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll


    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200203...meInstaller.exe


    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab


    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab


    O16 - DPF: {AE6C4705-0F11-4ACB-BDD4-37F138BEF289} (Image Uploader Control) - http://pc-photo.lifepics.com/net/Uploader/LPUploader45.cab


    O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab


    O16 - DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} (Plaxo Auto-Import Utility) - https://www.plaxo.com/activex/plx_upldr-2k-xp.cab


    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe


    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe


    O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe


    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe


    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe


    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe


    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe


    O23 - Service: Compaq Advisor (Compaq_RBA) - NeoPlanet - C:\Program Files\Compaq\Compaq Advisor\bin\compaq-rba.exe


    O23 - Service: Crypkey License - Unknown owner - C:\WINDOWS\SYSTEM32\crypserv.exe


    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe


    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe


    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe


    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe


    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe


    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe


    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE


    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe


    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe


    O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows (file missing)


    O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)


    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe


    O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe


    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe


    O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe


    O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe


    O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE


    --


    End of file - 15250 bytes

    /applications/core/interface/file/attachment.php?id=1559" data-fileid="1559" rel="">MSNLNamespaceMgr.zip

    /applications/core/interface/file/attachment.php?id=1560" data-fileid="1560" rel="">mrtMngr.zip

  • Anybody out there????????????