I found this file running on my pc imWl2X.exe I have no idea what it does.
I also have a trojan dropper.lnor.s I can't get rid of. I ran adware spybot and hijack this.
but it is still there the anti virus trys to remove it but it can only put it in a vault.here is my latest log. I put the files in bold, does anyone know what they do or what uses them?

Logfile of HijackThis v1.97.7
Scan saved at 2:33:26 PM, on 3/11/2004
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\msdtc.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\system32\regsvc.exe
C:\WINDOWS\system32\MSTask.exe
C:\WINDOWS\System32\snmp.exe
c:\program files\timbuktu pro\tb2launch.exe
c:\program files\timbuktu pro\tb2pro.exe
C:\WINDOWS\NetopiaRC\Tb2RCAssist.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\mspmspsv.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\mqsvc.exe
c:\program files\timbuktu pro\TNOTIFY.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\System32\atiptaxx.exe
C:\Program Files\ahead\InCD\InCD.exe
C:\program files\timbuktu pro\tb2logon.exe
C:\WINDOWS\SYSTEM32\3cmlink.exe
C:\WINDOWS\SYSTEM32\3cshtdwn.exe
C:\WINDOWS\SYSTEM32\3cmlink.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\WINDOWS\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe
C:\WINDOWS\imWl2X.exe
C:\PROGRA~1\IPMONI~1\IPMonitor.exe
C:\Program Files\EPSON\EPSON CardMonitor\EPSON CardMonitor1.1.exe
C:\Program Files\No-IP\DUC20.exe
C:\Program Files\Grisoft\AVG6\avgw.exe
C:\PROGRA~1\MICROS~3\Office\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\administrator\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer =
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT READER 5\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Tb2initPath] "c:\program files\timbuktu pro\tb2init.exe"
O4 - HKLM\..\Run: [TLogonPath] "c:\program files\timbuktu pro\tb2logon.exe"
O4 - HKLM\..\Run: [3c1807pd] C:\WINDOWS\SYSTEM32\3cmlink.exe RunServices \Device\3cpipe-3c1807pd
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [LVCOMS] C:\WINDOWS\Program Files\\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [f899MCESF] C:\WINDOWS\imWl2X.exe
O4 - HKCU\..\Run: [IPMonitor] C:\PROGRA~1\IPMONI~1\IPMonitor.exe
O4 - HKCU\..\Run: [IP Monitor] C:\Program Files\IPMonitor\IPMonitor.exe
O4 - Startup: DUC20.lnk = C:\Program Files\No-IP\DUC20.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: EPSON CardMonitor.lnk = C:\Program Files\EPSON\EPSON CardMonitor\EPSON CardMonitor1.1.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: Real.com (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{99E4CDDA-0311-4876-8A22-7FCF3F67F94F}: NameServer = 192.168.0.1

No idea...I would remove the reg keys for it and delete the file, might want to see if it could be related to something you've installed. I get nervous when Google hasn't heard of something...

Put your log up at the cexx forums. All they seem to do is fix up HJT logs.
http://boards.cexx.org/index.php?sid...b52a216c1cabcc

First put hijackthis.exe in it own folder on the desktop,for backups.

run hijack and fix this
O4 - HKLM\..\Run: [f899MCESF] C:\WINDOWS\imWl2X.exe

The NPDocBox entry is an Adobe Acrobat plugin
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll


Reboot into safe mode and delete this file

C:\WINDOWS\ imWl2X.exe>>> file only

Reboot and then post a fresh log

you could run the online virus scan in my signature

new hijack this log

Logfile of HijackThis v1.97.7
Scan saved at 8:55:03 AM, on 3/15/2004
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\msdtc.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\system32\regsvc.exe
C:\WINDOWS\system32\MSTask.exe
C:\WINDOWS\System32\snmp.exe
c:\program files\timbuktu pro\tb2launch.exe
c:\program files\timbuktu pro\tb2pro.exe
C:\WINDOWS\NetopiaRC\Tb2RCAssist.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\System32\mspmspsv.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\mqsvc.exe
c:\program files\timbuktu pro\TNOTIFY.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\System32\atiptaxx.exe
C:\Program Files\ahead\InCD\InCD.exe
C:\program files\timbuktu pro\tb2logon.exe
C:\WINDOWS\SYSTEM32\3cmlink.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\WINDOWS\SYSTEM32\3cshtdwn.exe
C:\WINDOWS\SYSTEM32\3cmlink.exe
C:\WINDOWS\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe
C:\PROGRA~1\IPMONI~1\IPMonitor.exe
C:\Program Files\EPSON\EPSON CardMonitor\EPSON CardMonitor1.1.exe
C:\Program Files\No-IP\DUC20.exe
C:\PROGRA~1\MICROS~3\Office\OUTLOOK.EXE
C:\GeoCenter\DMCenter.exe
C:\WINDOWS\system32\CLEANMGR.EXE
C:\WINDOWS\system32\CLEANMGR.EXE
C:\Documents and Settings\administrator\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer =
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT READER 5\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Tb2initPath] "c:\program files\timbuktu pro\tb2init.exe"
O4 - HKLM\..\Run: [TLogonPath] "c:\program files\timbuktu pro\tb2logon.exe"
O4 - HKLM\..\Run: [3c1807pd] C:\WINDOWS\SYSTEM32\3cmlink.exe RunServices \Device\3cpipe-3c1807pd
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [LVCOMS] C:\WINDOWS\Program Files\\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKCU\..\Run: [IPMonitor] C:\PROGRA~1\IPMONI~1\IPMonitor.exe
O4 - HKCU\..\Run: [IP Monitor] C:\Program Files\IPMonitor\IPMonitor.exe
O4 - Startup: DUC20.lnk = C:\Program Files\No-IP\DUC20.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: EPSON CardMonitor.lnk = C:\Program Files\EPSON\EPSON CardMonitor\EPSON CardMonitor1.1.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: Real.com (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{99E4CDDA-0311-4876-8A22-7FCF3F67F94F}: NameServer = 192.168.0.1

Looks like you've cleaned that up. I would suggest that you get the latest service pack too, which is SP4. Go to M$ update & get all the crucial updates.