
[Resolved] wowfx.dll errors
#1
Posted 14 January 2008 - 04:08 PM
Register to Remove
#2
Posted 18 January 2008 - 04:25 PM

The forum is run by volunteers who donate their time and expertise.
Want to help others? Join the ClassRoom and learn how.
Logs will be closed if you haven't replied within 3 days
If you would like to for the help you received.
Proud graduate of TC/WTT Classroom
#3
Posted 20 January 2008 - 07:07 PM
THE LOGFILE THAT CAME UP IN NOTEPAD IS AS FOLLOWS:
Logfile of HijackThis v1.99.1
Scan saved at 6:56:11 PM, on 1/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Muiltmedia keyboard utility\1.3\KbdAp32A.exe
C:\WINDOWS\avp.exe
C:\WINDOWS\mgrs.exe
C:\Program Files\Common Files\AOL\1200717662\ee\AOLSoftware.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
c:\program files\aol\aol toolbar 5.0\AolTbServer.exe
C:\WINDOWS\System32\svchost.exe
C:\DOCUME~1\APRILD~1\LOCALS~1\Temp\sv16.exe
C:\DOCUME~1\APRILD~1\LOCALS~1\Temp\sys16.exe
C:\DOCUME~1\APRILD~1\LOCALS~1\Temp\syn16.exe
C:\DOCUME~1\APRILD~1\LOCALS~1\Temp\6432.exe
C:\PROGRA~1\MICROS~4\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\April Davis\Application Data\printer.exe
C:\Program Files\Hijackthis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://browser.cdn.a...om/welcome.html
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (file missing)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe
O2 - BHO: (no name) - {18ACF5E8-132B-19AB-2175-39B60E3FF3BA} - C:\WINDOWS\system32\hrotfrns.dll (file missing)
O2 - BHO: (no name) - {35F67D63-9AA5-C525-F14D-EA2B58E18DB2} - C:\WINDOWS\system32\mfkl.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: (no name) - {7E19D5AD-6560-38E4-6321-4C71B20697EF} - C:\WINDOWS\system32\fpyo.dll (file missing)
O2 - BHO: BndDrive2 BHO Class - {8C6D5A56-791E-4fe8-9D64-81781FA15D68} - C:\Program Files\ISM\BndDrive6.dll (file missing)
O2 - BHO: BndBlock4 BHO Class - {8F9E2BE3-766D-4831-BB0E-766D5B819995} - C:\Program Files\QdrDrive\QdrDrive9.dll (file missing)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [FLMK08KB] C:\Program Files\Muiltmedia keyboard utility\1.3\MMKEYBD.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [avp] C:\WINDOWS\avp.exe
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1200717662\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Printer] C:\WINDOWS\system32\printer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\system32\spoolvs.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - Startup: findfast.exe
O4 - Startup: palmOne Registration.lnk.disabled
O4 - Global Startup: Adobe Gamma Loader.lnk.disabled
O4 - Global Startup: autorun.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk.disabled
O4 - Global Startup: Windows Desktop Search.lnk.disabled
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - ?p=ZKxdm021YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Post Image to Blog - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5003
O8 - Extra context menu item: Tag This Image - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5002
O8 - Extra context menu item: Upload All Images to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5000
O8 - Extra context menu item: Upload Image to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5001
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll,-115 - {BB8A8834-A0A1-4d70-A21A-72FF89AA737A} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll (file missing)
O9 - Extra 'Tools' menuitem: ImageShack Toolbar - {BB8A8834-A0A1-4d70-A21A-72FF89AA737A} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://toolbar.imageshack.us
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1005.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com...ageUploader.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1163568176015
O16 - DPF: {72C9EA8F-8965-40C2-ABAD-D460A5815F86} (hostCntrlIE Class) - http://host.oddcast....ostClientIE.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://atv.disney.go...y/OTOYAX29b.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} - http://a.download.to...28.9/ttinst.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai...l/installer.exe
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.aka...vex-2.2.2.1.cab
O18 - Filter: text/html - {07851C6A-1C43-41d9-8319-BC89154A8C00} - C:\Program Files\RcvSystem\httpdchk.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll
O20 - Winlogon Notify: __c004642F - C:\WINDOWS\system32\__c004642F.dat
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE (file missing)
THIS IS THE COPY OF WHAT THE HJT SCAN PICKED UP. I didn't select or try to fix anything because I wasn't sure whato get rid of. Just let me know where I need to go from here. Thanks! April
#4
Posted 20 January 2008 - 07:09 PM
Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Clear "Hide file extensions for known file types."
Under the "Hidden files" folder, select "Show hidden files and folders."
Clear "Hide protected operating system files."
Click Apply, and then click OK.
Please do not delete anything unless instructed to.
Next:
Please download ATF Cleaner by Atribune.
Download - ATF Cleaner»
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
(If you use FireFox or the Opera browser
To keep saved passwords, click No at the prompt.)
It's normal after running ATF cleaner that the PC will be slower to boot the first time.
Next:
Download ComboFix from Here to your Desktop.
**Note: In the event you already have Combofix, please delete it from your desktop and download this new version . It is important that it is saved directly to your desktop**
--------------------------------------------------------------------
- Close any open browsers and make sure you are disconnected from the net. Unplug the cable if need be before running combofix.
- WARNING: IF you have not already done so Combofix will disconnect your machine from the Internet when it starts
- Please do not re-connect your machine back to the Internet until Combofix has completely finished.
Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review
****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****
*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
The forum is run by volunteers who donate their time and expertise.
Want to help others? Join the ClassRoom and learn how.
Logs will be closed if you haven't replied within 3 days
If you would like to for the help you received.
Proud graduate of TC/WTT Classroom
#5
Posted 20 January 2008 - 09:41 PM
LOG FILE FOR COMBO.TXT
ComboFix 08-01-20.1 - April Davis 2008-01-20 20:52:02.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.521 [GMT -6:00]
Running from: C:\Documents and Settings\April Davis\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\3.tmp
C:\4.tmp
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\autorun.exe
C:\Documents and Settings\April Davis\Application Data.\Ultimate Cleaner
C:\Documents and Settings\April Davis\Application Data.\Ultimate Cleaner\settings.dat
C:\Documents and Settings\April Davis\Application Data\CROSOF~1
C:\Documents and Settings\April Davis\Application Data\FNTS~1
C:\Documents and Settings\April Davis\Application Data\macromedia\Flash Player\#SharedObjects\DL84ERMC\www.broadcaster.com
C:\Documents and Settings\April Davis\Application Data\macromedia\Flash Player\#SharedObjects\DL84ERMC\www.broadcaster.com\played_list.sol
C:\Documents and Settings\April Davis\Application Data\macromedia\Flash Player\#SharedObjects\DL84ERMC\www.broadcaster.com\video_queue.sol
C:\Documents and Settings\April Davis\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\April Davis\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Documents and Settings\April Davis\Application Data\printer.exe
C:\Documents and Settings\April Davis\Application Data\SSTEM3~1
C:\Documents and Settings\April Davis\Application Data\Ultimate Cleaner\settings.dat
C:\Documents and Settings\April Davis\Desktop\Find Spyware Remover.lnk
C:\Documents and Settings\April Davis\Desktop\Free Online Dating.lnk
C:\Documents and Settings\April Davis\Desktop\Go to Casino.lnk
C:\Documents and Settings\April Davis\My Documents\CURITY~1
C:\Documents and Settings\April Davis\My Documents\MANTEC~1
C:\Documents and Settings\April Davis\My Documents\MCROSO~1
C:\Documents and Settings\April Davis\My Documents\PPATCH~1
C:\Documents and Settings\April Davis\My Documents\YSTEM3~1
C:\Documents and Settings\April Davis\Start Menu\Programs\Internet Speed Monitor
C:\Documents and Settings\April Davis\Start Menu\Programs\Internet Speed Monitor\Check Now.lnk
C:\Documents and Settings\April Davis\Start Menu\Programs\Internet Speed Monitor\Uninstall.lnk
C:\Documents and Settings\April Davis\Start Menu\Programs\Startup\findfast.exe
C:\Program Files\asks~1
C:\Program Files\Common Files\asks~1
C:\Program Files\Common Files\crosof~1
C:\Program Files\Common Files\icroso~1.net
C:\Program Files\Common Files\ppatch~1
C:\Program Files\Helper
C:\Program Files\ISM2
C:\Program Files\ISM2\cringupd.exe
C:\Program Files\ISM2\dictionary.gz
C:\Program Files\ISM2\ISMPack7.exe
C:\Program Files\ISM2\ISMPack8.exe
C:\Program Files\ISM2\targets.gz
C:\Program Files\kernel
C:\Program Files\Movie Maker\rterememyk.html
C:\Program Files\QdrDrive
C:\Program Files\QdrDrive\qdrloader.exe
C:\Program Files\racle~1
C:\Program Files\smss.exe
C:\Program Files\spoolsv.exe
C:\Program Files\sstem3~1
C:\Program Files\Temporary
C:\Program Files\ucleaner_setup.exe
C:\Program Files\Ultimate Cleaner
C:\temp\tn3
C:\WINDOWS\avp.exe
C:\WINDOWS\Casino.ico
C:\WINDOWS\cookies.ini
C:\WINDOWS\dobe~1
C:\WINDOWS\dobe~1\?dobe\
C:\WINDOWS\Free Online Dating.ico
C:\WINDOWS\icroso~1.net
C:\WINDOWS\mcroso~1.net
C:\WINDOWS\mgrs.exe
C:\WINDOWS\shell.exe
C:\WINDOWS\Spyware Remover.ico
C:\WINDOWS\system32\__c004642F.dat
C:\WINDOWS\system32\__c00CFF04.dat
C:\WINDOWS\system32\asks~1
C:\WINDOWS\system32\crosof~1.net
C:\WINDOWS\system32\dobe~1
C:\WINDOWS\system32\fnts~1
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\printer.exe
C:\WINDOWS\system32\racle~1
C:\WINDOWS\system32\smante~1
C:\WINDOWS\system32\spoolvs.exe
C:\WINDOWS\system32\sstem3~1
C:\WINDOWS\system32\suspend.exe
C:\WINDOWS\system32\users32.dat
C:\WINDOWS\system32\wowfx.dll
C:\WINDOWS\system32\ymbols~1
C:\wsusupd.exe
C:\xcrashdump.dat
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_CORE
-------\LEGACY_NETWORK_MONITOR
((((((((((((((((((((((((( Files Created from 2007-12-21 to 2008-01-21 )))))))))))))))))))))))))))))))
.
2008-01-20 20:51 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-20 20:46 . 2008-01-20 20:47 50,688 --a------ C:\ATF-Cleaner.exe
2008-01-20 20:12 . 2008-01-20 20:12 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-20 20:12 . 2008-01-20 20:12 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-18 22:15 . 2008-01-18 22:17 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2008-01-18 22:08 . 2007-10-10 17:55 6,065,664 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-01-18 22:08 . 2007-06-30 21:31 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-01-18 22:08 . 2007-06-30 21:36 991,232 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-01-18 22:08 . 2007-10-10 17:55 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-01-18 22:08 . 2007-10-10 17:55 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-01-18 22:08 . 2007-10-10 17:55 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-01-18 22:08 . 2007-10-10 17:55 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2008-01-18 22:08 . 2007-10-10 17:55 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-01-18 22:08 . 2007-08-13 18:54 33,792 --a------ C:\WINDOWS\system32\dllcache\custsat.dll
2008-01-18 22:08 . 2007-10-10 04:59 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-01-13 18:52 . 2005-12-27 17:56 18,944 --a------ C:\WINDOWS\system32\wowfxoldd.dll
2008-01-13 18:52 . 2005-12-23 17:17 18,944 --a------ C:\WINDOWS\system32\wowfxold.dll
2008-01-12 15:19 . 2008-01-12 15:59 1,910,649 ---hs---- C:\WINDOWS\system32\40FFC00c__.ini2
2008-01-12 14:46 . 2008-01-12 14:46 1,910,649 ---hs---- C:\WINDOWS\system32\40FFC00c__.tmp
2008-01-11 23:45 . 2008-01-12 15:40 <DIR> d-------- C:\Program Files\Symantec
2008-01-11 23:45 . 2008-01-12 15:43 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-01-11 23:25 . 2008-01-11 23:25 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-11 23:24 . 2008-01-11 23:24 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-11 23:20 . 2008-01-12 14:46 1,910,589 ---hs---- C:\WINDOWS\system32\40FFC00c__.ini
2008-01-10 19:15 . 2008-01-18 17:24 80 --a------ C:\WINDOWS\system32\suspend.bin
2008-01-10 18:39 . 2008-01-10 18:39 88 --a------ C:\Documents and Settings\April Davis\del.bat
2008-01-09 18:51 . 2008-01-09 18:51 0 --a------ C:\WINDOWS\system32\REN11.tmp
2008-01-09 18:51 . 2008-01-09 18:51 0 --a------ C:\WINDOWS\system32\REN10.tmp
2008-01-09 00:06 . 2008-01-09 11:57 <DIR> d-------- C:\Program Files\Ares
2008-01-08 17:56 . 2008-01-08 17:56 118 --a------ C:\WINDOWS\system32\MRT.INI
2008-01-08 16:54 . 2008-01-11 23:14 1,073,624 ---hs---- C:\WINDOWS\system32\10E5C00c__.ini
2008-01-08 00:23 . 2008-01-08 00:23 <DIR> d-------- C:\Program Files\Common Files\AnswerWorks 5.0
2008-01-08 00:23 . 2008-01-08 00:23 <DIR> d-------- C:\Documents and Settings\April Davis\Application Data\Intuit
2008-01-08 00:23 . 2007-07-26 17:13 3,518,464 --a------ C:\WINDOWS\system32\cdintf300.dll
2008-01-08 00:23 . 2007-07-26 17:13 1,843,200 --a------ C:\WINDOWS\system32\acXMLParser.dll
2008-01-08 00:22 . 2008-01-08 00:29 <DIR> d-------- C:\Program Files\Quicken
2008-01-08 00:22 . 2008-01-08 00:22 <DIR> d-------- C:\Program Files\Common Files\Palo Alto Software
2008-01-08 00:22 . 2008-01-08 00:22 <DIR> d-------- C:\Program Files\Common Files\Intuit
2008-01-08 00:22 . 2008-01-08 00:23 120 --a------ C:\WINDOWS\QUICKEN.INI
2008-01-08 00:21 . 2008-01-08 00:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Intuit
2008-01-05 18:15 . 2008-01-05 18:15 0 --a------ C:\53.tmp
2008-01-05 18:14 . 2008-01-05 18:14 0 --a------ C:\40.tmp
2008-01-05 18:14 . 2008-01-05 18:14 0 --a------ C:\3D.tmp
2008-01-05 18:13 . 2008-01-05 18:13 0 --a------ C:\30.tmp
2008-01-05 18:13 . 2008-01-05 18:13 0 --a------ C:\20.tmp
2008-01-05 18:12 . 2008-01-05 18:12 286,288 --a------ C:\19.tmp
2008-01-05 18:12 . 2008-01-05 18:12 0 --a------ C:\1A.tmp
2008-01-05 18:11 . 2008-01-05 18:11 186,608 --a------ C:\13.tmp
2007-12-28 21:30 . 2007-12-28 21:30 0 --a------ C:\WINDOWS\iPlayer.INI
2007-12-28 21:29 . 2007-12-28 21:29 <DIR> d-------- C:\Program Files\InterActual
2007-12-28 00:58 . 2007-12-28 00:58 <DIR> d-------- C:\Program Files\RcvSystem
2007-12-27 09:42 . 2007-12-27 09:42 <DIR> d-------- C:\Program Files\iPod
2007-12-27 09:42 . 2007-12-27 09:42 <DIR> d-------- C:\Documents and Settings\April Davis\Application Data\Apple Computer
2007-12-27 09:41 . 2008-01-08 02:03 <DIR> d-------- C:\Program Files\iTunes
2007-12-27 09:40 . 2008-01-08 02:03 <DIR> d-------- C:\Program Files\QuickTime
2007-12-27 09:40 . 2007-12-27 09:40 <DIR> d-------- C:\Program Files\Apple Software Update
2007-12-27 09:40 . 2007-12-27 09:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-27 09:40 . 2007-10-31 14:09 30,464 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys
2007-12-27 09:39 . 2007-12-27 09:39 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-12-27 09:39 . 2007-12-27 09:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-12-24 18:33 . 2007-12-29 09:09 <DIR> d-------- C:\Program Files\FrostWire
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-19 04:41 --------- d-----w C:\Program Files\Common Files\AOL
2008-01-19 04:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-01-16 07:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\GTek
2008-01-16 07:43 --------- d-----w C:\Program Files\Yahoo!
2008-01-16 07:43 --------- d-----w C:\Program Files\Viewpoint
2008-01-16 07:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-01-16 07:39 --------- d-----w C:\Program Files\palmOne
2008-01-12 21:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-12 05:25 --------- d-----w C:\Documents and Settings\April Davis\Application Data\Lavasoft
2008-01-12 04:32 --------- d-----w C:\Program Files\Google
2008-01-11 00:39 4,224 ----a-w C:\WINDOWS\system32\drivers\beep.sys
2008-01-10 00:51 --------- d-----w C:\Program Files\Java
2008-01-08 08:03 --------- d-----w C:\Program Files\NoAds
2008-01-08 06:23 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-25 00:34 --------- d-----w C:\Documents and Settings\April Davis\Application Data\FrostWire
2007-12-23 01:47 --------- d-----w C:\Program Files\Dl_cats
2007-12-08 16:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\HotSync
2007-12-08 16:38 53,248 ----a-w C:\WINDOWS\PalmDevC.dll
2007-12-08 16:38 --------- d-----w C:\Documents and Settings\April Davis\Application Data\HotSync
2007-12-01 15:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia
2007-11-30 01:18 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2007-11-30 01:18 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_zumbus_01005.Wdf
2007-11-27 21:43 --------- d-----w C:\Program Files\Shutterfly
2007-11-27 21:42 --------- d-----w C:\Documents and Settings\April Davis\Application Data\Shutterfly
2007-01-25 00:25 181,729 ----a-w C:\Documents and Settings\April Davis\el_font_gohtic.zip
2006-12-03 01:05 2,522 ----a-w C:\Program Files\func.js
2006-11-25 07:57 482 ----a-w C:\Program Files\Del.js
2006-12-08 02:27 56 --sh--r C:\WINDOWS\system32\9230BF42B8.sys
2007-09-10 07:16 88 --sh--r C:\WINDOWS\system32\B842BF3092.sys
2007-09-10 08:07 6,580 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18ACF5E8-132B-19AB-2175-39B60E3FF3BA}]
C:\WINDOWS\system32\hrotfrns.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{35F67D63-9AA5-C525-F14D-EA2B58E18DB2}]
C:\WINDOWS\system32\mfkl.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E19D5AD-6560-38E4-6321-4C71B20697EF}]
C:\WINDOWS\system32\fpyo.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8C6D5A56-791E-4fe8-9D64-81781FA15D68}]
C:\Program Files\ISM\BndDrive6.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [ ]
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 04:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FLMK08KB"="C:\Program Files\Muiltmedia keyboard utility\1.3\MMKEYBD.EXE" [2006-11-22 00:25 207360]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [ ]
"HostManager"="C:\Program Files\Common Files\AOL\1200717662\ee\AOLSoftware.exe" [2006-04-13 14:36 50792]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 13:45 36040]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-10 04:00 53760 C:\WINDOWS\system32\narrator.exe]
C:\Documents and Settings\April Davis\Start Menu\Programs\Startup\
palmOne Registration.lnk.disabled [2008-01-05 17:41:04 803]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk.disabled [2006-07-12 20:20:43 1918]
HOTSYNCSHORTCUTNAME.lnk.disabled [2007-12-08 10:39:32 1556]
Windows Desktop Search.lnk.disabled [2006-04-28 22:43:39 2169]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c004642F]
C:\WINDOWS\system32\__c004642F.dat
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, , , , , , , , , ,
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ModemOnHold"=C:\Program Files\NetWaiting\netWaiting.exe
"Nmtjrlom"="C:\Documents and Settings\April Davis\My Documents\??pPatch\m?config.exe"
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background
"NoAds"="C:\Program Files\NoAds\NoAds.exe"
"ISMModule6"="C:\Program Files\ISM\ISMModule6.exe"
"ISMPack5"="C:\Program Files\ISM2\ISMPack5.exe"
"WinAble"=C:\Program Files\WinAble\winable.exe
"Uaol"="C:\WINDOWS\DOBE~1\rundll.exe" -vt ndrv
"ares"="C:\Program Files\Ares\Ares.exe" -h
"A00F8677D.exe"=C:\DOCUME~1\APRILD~1\LOCALS~1\Temp\_A00F8677D.exe
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
"kernel"=C:\Program Files\kernel\kernel.exe
"Kfakqj"=C:\WINDOWS\system32\?racle\??xplore.exe
"QdrModule11"="C:\Program Files\QdrModule\QdrModule11.exe"
"QdrPack11"="C:\Program Files\QdrPack\QdrPack11.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
"dlccmon.exe"="C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
"ehTray"=C:\WINDOWS\ehome\ehtray.exe
"MimBoot"=C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"MyWebSearch Email Plugin"=C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
"My Web Search Bar"=rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe
"RealTray"=C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
"ShareSearcher"=c:\AILT.exe
"Printer"=C:\WINDOWS\system32\printer.exe
"lsass"=C:\WINDOWS\lsass.exe
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"DLCCCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"68e3ad9d"=rundll32.exe "C:\WINDOWS\system32\__c00CFF04.dat",b
R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2007-11-15 21:38]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe
.
Contents of the 'Scheduled Tasks' folder
"2007-12-27 15:40:22 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-21 00:40:11 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-20 20:57:47
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-20 21:02:47 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-21 03:02:43
.
2008-01-21 02:06:00 --- E O F ---
HJT NEW LOG FILE AFTER RUNNING COMBOTXTLogfile of HijackThis v1.99.1
Scan saved at 9:21:42 PM, on 1/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\AOL\1200717662\ee\AOLSoftware.exe
C:\Program Files\Muiltmedia keyboard utility\1.3\KbdAp32A.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
c:\program files\common files\aol\1200717662\ee\aexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://browser.cdn.a...om/welcome.html
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (file missing)
O2 - BHO: (no name) - {18ACF5E8-132B-19AB-2175-39B60E3FF3BA} - C:\WINDOWS\system32\hrotfrns.dll (file missing)
O2 - BHO: (no name) - {35F67D63-9AA5-C525-F14D-EA2B58E18DB2} - C:\WINDOWS\system32\mfkl.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: (no name) - {7E19D5AD-6560-38E4-6321-4C71B20697EF} - C:\WINDOWS\system32\fpyo.dll (file missing)
O2 - BHO: BndDrive2 BHO Class - {8C6D5A56-791E-4fe8-9D64-81781FA15D68} - C:\Program Files\ISM\BndDrive6.dll (file missing)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [FLMK08KB] C:\Program Files\Muiltmedia keyboard utility\1.3\MMKEYBD.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1200717662\ee\AOLSoftware.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: palmOne Registration.lnk.disabled
O4 - Global Startup: Adobe Gamma Loader.lnk.disabled
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk.disabled
O4 - Global Startup: Windows Desktop Search.lnk.disabled
O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - ?p=ZKxdm021YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Post Image to Blog - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5003
O8 - Extra context menu item: Tag This Image - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5002
O8 - Extra context menu item: Upload All Images to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5000
O8 - Extra context menu item: Upload Image to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5001
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll,-115 - {BB8A8834-A0A1-4d70-A21A-72FF89AA737A} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll (file missing)
O9 - Extra 'Tools' menuitem: ImageShack Toolbar - {BB8A8834-A0A1-4d70-A21A-72FF89AA737A} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://toolbar.imageshack.us
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1005.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com...ageUploader.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1163568176015
O16 - DPF: {72C9EA8F-8965-40C2-ABAD-D460A5815F86} (hostCntrlIE Class) - http://host.oddcast....ostClientIE.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://atv.disney.go...y/OTOYAX29b.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} - http://a.download.to...28.9/ttinst.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai...l/installer.exe
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.aka...vex-2.2.2.1.cab
O20 - Winlogon Notify: __c004642F - C:\WINDOWS\system32\__c004642F.dat (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE (file missing)
#6
Posted 20 January 2008 - 10:09 PM
File::
C:\WINDOWS\system32\wowfxoldd.dll
C:\WINDOWS\system32\wowfxold.dll
C:\WINDOWS\system32\40FFC00c__.ini2
C:\WINDOWS\system32\40FFC00c__.tmp
C:\WINDOWS\system32\40FFC00c__.ini
C:\Documents and Settings\April Davis\del.bat
C:\WINDOWS\system32\REN11.tmp
C:\WINDOWS\system32\REN10.tmp
C:\WINDOWS\system32\10E5C00c__.ini
C:\53.tmp
C:\40.tmp
C:\3D.tmp
C:\30.tmp
C:\20.tmp
C:\19.tmp
C:\1A.tmp
C:\13.tmp
C:\WINDOWS\system32\drivers\beep.sys
C:\WINDOWS\system32\9230BF42B8.sys
C:\WINDOWS\system32\B842BF3092.sys
C:\WINDOWS\system32\hrotfrns.dll
C:\WINDOWS\system32\mfkl.dll
C:\WINDOWS\system32\fpyo.dll
C:\Program Files\ISM\BndDrive6.dll
C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
C:\WINDOWS\system32\__c004642F.dat
C:\Documents and Settings\April Davis\My Documents\??pPatch\m?config.exe
C:\Program Files\ISM\ISMModule6.exe
C:\Program Files\ISM2\ISMPack5.exe
C:\Program Files\WinAble\winable.exe
C:\WINDOWS\DOBE~1\rundll.exe" -vt ndrv
C:\WINDOWS\system32\?racle\??xplore.exe
C:\Program Files\QdrModule\QdrModule11.exe
C:\Program Files\QdrPack\QdrPack11.exe
C:\WINDOWS\system32\__c00CFF04.dat",b
Folder::
C:\Program Files\Viewpoint
C:\Documents and Settings\All Users\Application Data\Viewpoint
C:\Program Files\AskSBar
C:\Program Files\WinAble
C:\Program Files\QdrModule
C:\WINDOWS\system32\printer.exe
C:\WINDOWS\lsass.exe
Driver::
beep
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18ACF5E8-132B-19AB-2175-39B60E3FF3BA}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{35F67D63-9AA5-C525-F14D-EA2B58E18DB2}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E19D5AD-6560-38E4-6321-4C71B20697EF}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8C6D5A56-791E-4fe8-9D64-81781FA15D68}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"]
[-HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c004642F]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Nmtjrlom"=-
"ISMModule6"=-
"ISMPack5"=-
"WinAble"=-
"Uaol"=-
"Kfakqj"=-
"QdrModule11"=-
"QdrPack11"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Printer"=-
"lsass"=-
"68e3ad9d"=-
Save this as Save this as "CFScript"
drag CFScript.txt into ComboFix.exe
Then post the results log and a new HijackThis log.
Also please describe how your computer behaves at the moment.
The forum is run by volunteers who donate their time and expertise.
Want to help others? Join the ClassRoom and learn how.
Logs will be closed if you haven't replied within 3 days
If you would like to for the help you received.
Proud graduate of TC/WTT Classroom
#7
Posted 30 January 2008 - 03:22 PM
The forum is run by volunteers who donate their time and expertise.
Want to help others? Join the ClassRoom and learn how.
Logs will be closed if you haven't replied within 3 days
If you would like to for the help you received.
Proud graduate of TC/WTT Classroom
#8
Posted 31 January 2008 - 12:10 AM
#9
Posted 31 January 2008 - 03:41 PM
The forum is run by volunteers who donate their time and expertise.
Want to help others? Join the ClassRoom and learn how.
Logs will be closed if you haven't replied within 3 days
If you would like to for the help you received.
Proud graduate of TC/WTT Classroom
#10
Posted 04 February 2008 - 05:46 PM
The forum is run by volunteers who donate their time and expertise.
Want to help others? Join the ClassRoom and learn how.
Logs will be closed if you haven't replied within 3 days
If you would like to for the help you received.
Proud graduate of TC/WTT Classroom
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users