[Wowfx.dll Is Not A Valid Windows Image[RESOLVED][INACTIVE]]

thanks a lot, greatly appreciated...

[Wowfx.dll Is Not A Valid Windows Image[RESOLVED][INACTIVE]]

all the things that we've done come to naught. I left it last night while it was processing Combofix. The last time i saw screen shows "C:\POS24F1.tmp" something like that. My friend thought that his computer was broke and unfixable. He went ahead and format it. Bummer. I would have like to get it fixed myself with your help of course. Having said that, i would like to thank you for your time and effort helping me out. God bless...

[Wowfx.dll Is Not A Valid Windows Image[RESOLVED][INACTIVE]]

hi, it has been a while SDFix has been running( computer in Safe Mode without network). Right now the screens shows:

Restoring Windows Registry Values

Restoring Default Host File

Checking File

Please Wait

25% Checked

in that order.

Just curious, the message box (wowfx.dll) still comes up and everytime i clicked OK the header in the message box shows find.exe & MD5File.exe alternately. Now, do i have to click OK so that the process will continue or just leave it as it is ( as it's processing in the background sorta ) . Please let me know. thanks..

[Wowfx.dll Is Not A Valid Windows Image[RESOLVED][INACTIVE]]

here it is, sorry about the delay computer just wont almost boot up.

Deckard's System Scanner v20071014.68

Run by jessica ahlers on 2008-01-08 14:40:00

Computer is in Normal Mode.

--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Failed to create restore point; unknown error code 0x00000001

Backed up registry hives.

Performed disk cleanup.

Total Physical Memory: 254 MiB (512 MiB recommended).

-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2

Scan saved at 2008-01-08 14:43:23

Platform: Windows XP Service Pack 2 (5.01.2600)

MSIE: Internet Explorer (7.00.6000.16574)

Boot mode: Normal

Running processes:

C:\WINDOWS\system32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Boomerang Software\Guardian PC Security Tools\PfftWrk.exe

C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

C:\Program Files\WS_FTP Pro\ftpsched.exe

C:\WINDOWS\system32\PGPserv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\searchindexer.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\taskmgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\jessica ahlers\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cl...&channel=us

R3 - Default URLSearchHook is missing

F0 - system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe

O1 - Hosts: 10.18.250.4 ad.doubleclick.net

O1 - Hosts: 10.18.250.4 ad.fastclick.net

O1 - Hosts: 10.18.250.4 ads.fastclick.net

O1 - Hosts: 10.18.250.4 ar.atwola.com

O1 - Hosts: 10.18.250.4 atdmt.com

O1 - Hosts: 10.18.250.4 avp.ch

O1 - Hosts: 10.18.250.4 avp.com

O1 - Hosts: 10.18.250.4 avp.ru

O1 - Hosts: 10.18.250.4 awaps.net

O1 - Hosts: 10.18.250.4 banner.fastclick.net

O1 - Hosts: 10.18.250.4 banners.fastclick.net

O1 - Hosts: 10.18.250.4 ca.com

O1 - Hosts: 10.18.250.4 click.atdmt.com

O1 - Hosts: 10.18.250.4 clicks.atdmt.com

O1 - Hosts: 10.18.250.4 customer.symantec.com

O1 - Hosts: 10.18.250.4 dispatch.mcafee.com

O1 - Hosts: 10.18.250.4 download.mcafee.com

O1 - Hosts: 10.18.250.4 download.microsoft.com

O1 - Hosts: 10.18.250.4 downloads-us1.kaspersky-labs.com

O1 - Hosts: 10.18.250.4 downloads-us2.kaspersky-labs.com

O1 - Hosts: 10.18.250.4 downloads-us3.kaspersky-labs.com

O1 - Hosts: 10.18.250.4 downloads.microsoft.com

O1 - Hosts: 10.18.250.4 downloads1.kaspersky-labs.com

O1 - Hosts: 10.18.250.4 downloads2.kaspersky-labs.com

O1 - Hosts: 10.18.250.4 downloads3.kaspersky-labs.com

O1 - Hosts: 10.18.250.4 downloads4.kaspersky-labs.com

O1 - Hosts: 10.18.250.4 engine.awaps.net

O1 - Hosts: 10.18.250.4 f-secure.com

O1 - Hosts: 10.18.250.4 fastclick.net

O1 - Hosts: 10.18.250.4 ftp.avp.ch

O1 - Hosts: 10.18.250.4 ftp.downloads1.kaspersky-labs.com

O1 - Hosts: 10.18.250.4 ftp.downloads2.kaspersky-labs.com

O1 - Hosts: 10.18.250.4 ftp.downloads3.kaspersky-labs.com

O1 - Hosts: 10.18.250.4 ftp.f-secure.com

O1 - Hosts: 10.18.250.4 ftp.kasperskylab.ru

O1 - Hosts: 10.18.250.4 ftp.sophos.com

O1 - Hosts: 10.18.250.4 go.microsoft.com

O1 - Hosts: 10.18.250.4 ids.kaspersky-labs.com

O1 - Hosts: 10.18.250.4 kaspersky-labs.com

O1 - Hosts: 10.18.250.4 kaspersky.com

O1 - Hosts: 10.18.250.4 liveupdate.symantec.com

O1 - Hosts: 10.18.250.4 liveupdate.symantecliveupdate.com

O1 - Hosts: 10.18.250.4 mast.mcafee.com

O1 - Hosts: 10.18.250.4 mcafee.com

O1 - Hosts: 10.18.250.4 media.fastclick.net

O1 - Hosts: 10.18.250.4 microsoft.com

O1 - Hosts: 10.18.250.4 msdn.microsoft.com

O1 - Hosts: 10.18.250.4 my-etrust.com

O1 - Hosts: 10.18.250.4 nai.com

O1 - Hosts: 10.18.250.4 networkassociates.com

O1 - Hosts: 10.18.250.4 norton.com

O1 - Hosts: 10.18.250.4 office.microsoft.com

O1 - Hosts: 10.18.250.4 pandasoftware.com

O1 - Hosts: 10.18.250.4 phx.corporate-ir.net

O1 - Hosts: 10.18.250.4 rads.mcafee.com

O1 - Hosts: 10.18.250.4 secure.nai.com

O1 - Hosts: 10.18.250.4 securityresponse.symantec.com

O1 - Hosts: 10.18.250.4 service1.symantec.com

O1 - Hosts: 10.18.250.4 sophos.com

O1 - Hosts: 10.18.250.4 spd.atdmt.com

O1 - Hosts: 10.18.250.4 support.microsoft.com

O1 - Hosts: 10.18.250.4 symantec.com

O1 - Hosts: 10.18.250.4 trendmicro.com

O1 - Hosts: 10.18.250.4 update.symantec.com

O1 - Hosts: 10.18.250.4 updates.symantec.com

O1 - Hosts: 10.18.250.4 updates1.kaspersky-labs.com

O1 - Hosts: 10.18.250.4 updates2.kaspersky-labs.com

O1 - Hosts: 10.18.250.4 updates3.kaspersky-labs.com

O1 - Hosts: 10.18.250.4 updates4.kaspersky-labs.com

O1 - Hosts: 10.18.250.4 updates5.kaspersky-labs.com

O1 - Hosts: 10.18.250.4 us.mcafee.com

O1 - Hosts: 10.18.250.4 vil.nai.com

O1 - Hosts: 10.18.250.4 viruslist.com

O1 - Hosts: 10.18.250.4 viruslist.ru

O1 - Hosts: 10.18.250.4 virusscan.jotti.org

O1 - Hosts: 10.18.250.4 virustotal.com

O1 - Hosts: 10.18.250.4 windowsupdate.microsoft.com

O1 - Hosts: 10.18.250.4 www.avp.ch

O1 - Hosts: 10.18.250.4 www.avp.com

O1 - Hosts: 10.18.250.4 www.avp.ru

O1 - Hosts: 10.18.250.4 www.awaps.net

O1 - Hosts: 10.18.250.4 www.ca.com

O1 - Hosts: 10.18.250.4 www.f-secure.com

O1 - Hosts: 10.18.250.4 www.fastclick.net

O1 - Hosts: 10.18.250.4 www.grisoft.com

O1 - Hosts: 10.18.250.4 www.kaspersky-labs.com

O1 - Hosts: 10.18.250.4 www.kaspersky.com

O1 - Hosts: 10.18.250.4 www.kaspersky.ru

O1 - Hosts: 10.18.250.4 www.mcafee.com

O1 - Hosts: 10.18.250.4 www.microsoft.com

O1 - Hosts: 10.18.250.4 www.my-etrust.com

O1 - Hosts: 10.18.250.4 www.nai.com

O1 - Hosts: 10.18.250.4 www.networkassociates.com

O1 - Hosts: 10.18.250.4 www.pandasoftware.com

O1 - Hosts: 10.18.250.4 www.sophos.com

O1 - Hosts: 10.18.250.4 www.symantec.com

O1 - Hosts: 10.18.250.4 www.trendmicro.com

O1 - Hosts: 10.18.250.4 www.viruslist.com

O1 - Hosts: 10.18.250.4 www.viruslist.ru

O1 - Hosts: 10.18.250.4 www.virustotal.com

O2 - BHO: (no name) - {56636fa0-466e-4fa3-9d81-80c53e8a9973} - C:\WINDOWS\system32\phmxoiv.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll

O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\grjlloin.dll

O2 - BHO: (no name) - {AEBF6926-DBA6-4100-A838-1CED0169AB78} - C:\WINDOWS\system32\xxyayay.dll

O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684BB} - C:\Program Files\Helper\Helper6.dll

O4 - HKLM\..\Run: [avp] C:\WINDOWS\avp.exe

O4 - HKLM\..\Run: [lsass] C:\WINDOWS\lsass.exe

O4 - HKLM\..\Run: [smgr] mgrs.exe

O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe

O4 - HKLM\..\Run: [Printer] C:\WINDOWS\system32\printer.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

O4 - HKCU\..\Run: [WebBuying] C:\Program Files\Web Buying\v1.8.6\webbuying.exe

O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe

O4 - HKCU\..\Run: [spoolsv] C:\WINDOWS\system32\spoolvs.exe

O4 - Startup: AutoSpell 5.lnk = C:\Program Files\autospell50\Aswatc32.exe

O4 - Startup: findfast.exe

O4 - Global Startup: autorun.exe

O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe

O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: PGPtray.exe.lnk = ?

O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr=1

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Encarta &Definition - http://encarta.msn.com/encnet/features/dic...kDictionary.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - (file missing)

O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - (file missing)

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe

O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: *.amaena.com (HKLM)

O15 - Trusted Zone: *.avsystemcare.com (HKLM)

O15 - Trusted Zone: *.gomyhit.com (HKLM)

O15 - Trusted Zone: *.imageservr.com (HKLM)

O15 - Trusted Zone: *.imagesrvr.com (HKLM)

O15 - Trusted Zone: *.onerateld.com (HKLM)

O15 - Trusted Zone: *.trustedantivirus.com (HKLM)

O15 - Trusted Zone: *.virusschlacht.com (HKLM)

O15 - Trusted Zone: *.amaena.com (HKCU)

O15 - Trusted Zone: *.avsystemcare.com (HKCU)

O15 - Trusted Zone: *.gomyhit.com (HKCU)

O15 - Trusted Zone: *.imageservr.com (HKCU)

O15 - Trusted Zone: *.imagesrvr.com (HKCU)

O15 - Trusted Zone: *.onerateld.com (HKCU)

O15 - Trusted Zone: *.trustedantivirus.com (HKCU)

O15 - Trusted Zone: *.virusschlacht.com (HKCU)

O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.microsoft.com/download/e/7.../OGAControl.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/ru...cat-no-eula.cab

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab

O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc4.cab

O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll

O20 - Winlogon Notify: grjlloin - C:\WINDOWS\system32\grjlloin.dll

O20 - Winlogon Notify: xxyayay - C:\WINDOWS\system32\xxyayay.dll

O23 - Service: AntiSpy Server - Boomerang Software, Inc. - C:\Program Files\Boomerang Software\Guardian PC Security Tools\PfftWrk.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: Ipswitch WS_FTP Queue (ftpqueue) - Ipswitch, Inc., 81 Hartwell Ave, Lexington MA 02421 - C:\Program Files\WS_FTP Pro\ftpsched.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: PGPserv - PGP Corporation - C:\WINDOWS\system32\PGPserv.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--

End of file - 13398 bytes

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

All drivers whitelisted.

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------

2008-01-08 13:15:08 456 --a------ C:\WINDOWS\Tasks\RegCure Program Check.job

2008-01-07 20:00:01 574 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - jessica ahlers.job

2007-10-20 16:17:34 390 --a------ C:\WINDOWS\Tasks\RegCure.job

-- Files created between 2007-12-08 and 2008-01-08 -----------------------------

2008-01-08 13:18:44 0 d-------- C:\WINDOWS\LastGood

2008-01-05 16:08:54 0 --a------ C:\WINDOWS\system32\wowfx.dll

2008-01-02 08:48:02 6520 ---hs---- C:\WINDOWS\system32\egjlm.bak2

2008-01-02 08:16:20 78400 --a------ C:\WINDOWS\system32\xnjvlomw.dll

2008-01-02 08:13:55 74304 --a------ C:\WINDOWS\system32\sbqtdnay.exe <Not Verified; ; DDC>

2007-12-31 07:52:21 90176 --a------ C:\WINDOWS\system32\spjpgaam.dll

2007-12-31 07:46:04 0 d-------- C:\Documents and Settings\jessica ahlers\Application Data\EasySpywareCleaner.com

2007-12-31 07:41:53 0 d-------- C:\Program Files\EasySpywareCleaner

2007-12-31 07:39:42 78912 --a------ C:\WINDOWS\system32\nnfaisuy.dll

2007-12-31 07:39:21 74304 --a------ C:\WINDOWS\system32\leffqqeq.exe <Not Verified; ; DDC>

2007-12-29 08:23:22 78912 --a------ C:\WINDOWS\system32\srcxcalr.dll

2007-12-29 08:23:13 74304 --a------ C:\WINDOWS\system32\unbmombw.exe <Not Verified; ; DDC>

2007-12-28 13:07:06 505 ---hs---- C:\WINDOWS\system32\egjlm.ini2

2007-12-28 12:12:04 90176 --a------ C:\WINDOWS\system32\vpjykgew.dll

2007-12-28 12:07:02 77888 --a------ C:\WINDOWS\system32\uamtwucx.dll

2007-12-28 12:05:55 74304 --a------ C:\WINDOWS\system32\lrplrpfk.exe <Not Verified; ; DDC>

2007-12-28 08:03:37 77888 --a------ C:\WINDOWS\system32\myyebjht.dll

2007-12-28 08:01:28 74304 --a------ C:\WINDOWS\system32\bdticafi.exe <Not Verified; ; DDC>

2007-12-28 07:36:53 90176 --a------ C:\WINDOWS\system32\nkfsbrum.dll

2007-12-28 07:31:35 77888 --a------ C:\WINDOWS\system32\fbpwexbv.dll

2007-12-28 07:26:38 74304 --a------ C:\WINDOWS\system32\dbnbjuoj.exe <Not Verified; ; DDC>

2007-12-27 07:07:28 81984 --a------ C:\WINDOWS\system32\mrcdppqn.dll

2007-12-27 07:04:35 74304 --a------ C:\WINDOWS\system32\djifjlgl.exe <Not Verified; ; DDC>

2007-12-26 15:24:13 0 d-------- C:\Program Files\Boomerang Software

2007-12-26 14:46:07 90176 --a------ C:\WINDOWS\system32\wonabitw.dll

2007-12-26 14:43:07 80448 --a------ C:\WINDOWS\system32\blftyaqt.dll

2007-12-26 14:41:15 74304 --a------ C:\WINDOWS\system32\hmrnsodi.exe <Not Verified; ; DDC>

2007-12-26 14:20:21 80448 --a------ C:\WINDOWS\system32\wwbkaytf.dll

2007-12-26 14:18:56 90176 --a------ C:\WINDOWS\system32\phoheihd.dll

2007-12-26 14:18:38 74304 --a------ C:\WINDOWS\system32\xjcjudxu.exe <Not Verified; ; DDC>

2007-12-26 13:54:21 80448 --a------ C:\WINDOWS\system32\uskifprc.dll

2007-12-26 13:51:22 90176 --a------ C:\WINDOWS\system32\wchpyhwd.dll

2007-12-26 13:50:28 74304 --a------ C:\WINDOWS\system32\wekdyovb.exe <Not Verified; ; DDC>

2007-12-26 11:55:11 80448 --a------ C:\WINDOWS\system32\eqpvoqyt.dll

2007-12-26 11:52:13 90176 --a------ C:\WINDOWS\system32\byyksyhk.dll

2007-12-26 11:49:41 74304 --a------ C:\WINDOWS\system32\crrvhlkq.exe <Not Verified; ; DDC>

2007-12-26 11:47:58 74304 --a------ C:\WINDOWS\system32\pbbthora.exe <Not Verified; ; DDC>

2007-12-26 11:24:55 90176 --a------ C:\WINDOWS\system32\pltblkbk.dll

2007-12-26 11:18:46 80448 --a------ C:\WINDOWS\system32\mqglehxv.dll

2007-12-26 11:16:26 74304 --a------ C:\WINDOWS\system32\juovkpvk.exe <Not Verified; ; DDC>

2007-12-26 09:43:36 5840 --a------ C:\Documents and Settings\jessica ahlers\Application Data\mcrupdate.exe

2007-12-26 09:38:53 80448 --a------ C:\WINDOWS\system32\fgnhphok.dll

2007-12-26 09:36:57 74304 --a------ C:\WINDOWS\system32\dnffbano.exe <Not Verified; ; DDC>

2007-12-22 10:01:11 87104 --a------ C:\WINDOWS\system32\ygwsktxb.dll

2007-12-22 09:58:08 78400 --a------ C:\WINDOWS\system32\ckefgkhn.dll

2007-12-22 09:55:31 74304 --a------ C:\WINDOWS\system32\kssgngfx.exe <Not Verified; ; DDC>

2007-12-22 09:33:41 74304 --a------ C:\WINDOWS\system32\mdthjuoc.exe <Not Verified; ; DDC>

2007-12-22 08:34:51 18944 --a------ C:\Documents and Settings\jessica ahlers\Application Data\nvsvc1024.dll

2007-12-22 08:19:08 78400 --a------ C:\WINDOWS\system32\vkqchaaq.dll

2007-12-22 08:16:17 87104 --a------ C:\WINDOWS\system32\lljpjfsf.dll

2007-12-22 08:14:54 74304 --a------ C:\WINDOWS\system32\ktorjolw.exe <Not Verified; ; DDC>

2007-12-21 08:55:09 80448 --a------ C:\WINDOWS\system32\bdvdvhlc.dll

2007-12-21 08:27:19 74304 --a------ C:\WINDOWS\system32\jwcmvwmo.exe <Not Verified; ; DDC>

2007-12-20 10:31:13 85568 --a------ C:\WINDOWS\system32\bfpgsqly.dll

2007-12-20 10:30:16 110592 --a------ C:\Documents and Settings\All Users\Application Data\dqrudmfw.dll

2007-12-20 10:29:42 0 d-------- C:\Program Files\wwyqpmkx

2007-12-20 10:28:58 80448 --a------ C:\WINDOWS\system32\arcguwdx.dll

2007-12-20 10:28:40 74304 --a------ C:\WINDOWS\system32\kpcceika.exe <Not Verified; ; DDC>

2007-12-20 10:14:12 9728 --a------ C:\Documents and Settings\jessica ahlers\Application Data\printer.exe

2007-12-20 09:10:25 80448 --a------ C:\WINDOWS\system32\wlqksrtt.dll

2007-12-20 09:07:36 165472 --a------ C:\WINDOWS\system32\grjlloin.dll

2007-12-20 09:07:26 165472 --a------ C:\WINDOWS\system32\pusboxgm.dll

2007-12-20 09:07:03 74304 --a------ C:\WINDOWS\system32\iyperwpm.exe <Not Verified; ; DDC>

2007-12-19 09:16:02 80448 --a------ C:\WINDOWS\system32\vtscyysy.dll

2007-12-19 09:08:25 74304 --a------ C:\WINDOWS\system32\vymvaylb.exe <Not Verified; ; DDC>

2007-12-18 12:19:11 80448 --a------ C:\WINDOWS\system32\hdhjtruw.dll

2007-12-18 12:17:02 74304 --a------ C:\WINDOWS\system32\bpohyrrs.exe <Not Verified; ; DDC>

2007-12-18 10:32:59 80448 --a------ C:\WINDOWS\system32\tvtbykqs.dll

2007-12-18 10:30:42 74304 --a------ C:\WINDOWS\system32\xgsvvwpi.exe <Not Verified; ; DDC>

2007-12-18 09:40:42 80448 --a------ C:\WINDOWS\system32\hvbppqfu.dll

2007-12-18 09:37:41 85568 --a------ C:\WINDOWS\system32\bwirween.dll

2007-12-18 09:35:45 74304 --a------ C:\WINDOWS\system32\ovsbnvxg.exe <Not Verified; ; DDC>

2007-12-18 08:12:05 80448 --a------ C:\WINDOWS\system32\pyalfubk.dll

2007-12-18 08:08:34 74304 --a------ C:\WINDOWS\system32\fcydcity.exe <Not Verified; ; DDC>

2007-12-17 09:15:31 85568 --a------ C:\WINDOWS\system32\algyfeya.dll

2007-12-17 09:02:03 80448 --a------ C:\WINDOWS\system32\avmlbuie.dll

2007-12-17 08:59:37 74304 --a------ C:\WINDOWS\system32\skymdicm.exe <Not Verified; ; DDC>

2007-12-15 10:01:26 80448 --a------ C:\WINDOWS\system32\uvqekwlv.dll

2007-12-15 09:58:02 85568 --a------ C:\WINDOWS\system32\ixipqfdm.dll

2007-12-15 09:56:50 74304 --a------ C:\WINDOWS\system32\jwmcdhac.exe <Not Verified; ; DDC>

2007-12-15 09:08:36 74304 --a------ C:\WINDOWS\system32\tmgtguvk.exe <Not Verified; ; DDC>

2007-12-14 11:47:20 941775 ---hs---- C:\WINDOWS\system32\fsenciug.ini2

2007-12-14 09:08:18 80448 --a------ C:\WINDOWS\system32\hoahqnnb.dll

2007-12-14 09:06:50 85568 --a------ C:\WINDOWS\system32\guicnesf.dll

2007-12-14 09:06:47 74304 --a------ C:\WINDOWS\system32\iwcdeinb.exe <Not Verified; ; DDC>

2007-12-13 08:13:26 80448 --a------ C:\WINDOWS\system32\skpavwan.dll

2007-12-12 15:40:22 0 d-------- C:\Program Files\Windows Sidebar

2007-12-12 15:40:19 0 d-------- C:\Program Files\Norton AntiVirus

2007-12-12 15:34:07 0 d-------- C:\Program Files\Symantec

2007-12-12 14:08:28 0 d-------- C:\Documents and Settings\All Users\Symantec Temporary Files

2007-12-12 08:18:56 25600 --a------ C:\WINDOWS\lsass.exe <Not Verified; MskSoftStudy Corp.; Anti-Virus Project (AVP) spyware removal module>

2007-12-12 08:18:55 25600 -r-hs---- C:\Program Files\lsass.exe <Not Verified; MskSoftStudy Corp.; Anti-Virus Project (AVP) spyware removal module>

2007-12-12 08:18:55 0 d-------- C:\Program Files\Helper

2007-12-12 08:18:51 14900 --a------ C:\Program Files\3269.exe

2007-12-12 08:18:36 10240 --a------ C:\Program Files\spoolsv.exe <Not Verified; NoName Corp.; NNC module>

2007-12-12 08:17:11 11776 --a------ C:\WINDOWS\mgrs.exe

2007-12-12 08:16:01 20992 --a------ C:\WINDOWS\avp.exe <Not Verified; MskVip Ltd.; Antivirus Project (AVP) spyware removal module>

2007-12-12 07:42:48 0 d-------- C:\Documents and Settings\LocalService\Application Data\Yahoo!

2007-12-12 07:42:27 0 dr------- C:\Documents and Settings\LocalService\Favorites

2007-12-12 07:36:25 0 d-------- C:\Program Files\WinAble

2007-12-12 07:36:24 0 d-------- C:\Program Files\Temporary

2007-12-11 19:48:28 171520 --a------ C:\WINDOWS\system32\phmxoiv.dll

2007-12-11 19:48:10 80640 --a------ C:\WINDOWS\system32\drivers\core.sys

2007-12-11 19:48:09 35840 --a------ C:\WINDOWS\mrofinu572.exe

2007-12-11 19:48:04 0 d-------- C:\WINDOWS\system32\rex2

2007-12-11 19:48:04 0 d-------- C:\WINDOWS\system32\doc4

2007-12-11 19:48:04 0 d-------- C:\WINDOWS\system32\bbc5

2007-12-11 19:48:04 0 d-------- C:\WINDOWS\system32\ashell3

2007-12-11 19:48:04 0 d-------- C:\Program Files\Web Buying

2007-12-11 19:47:48 37376 --a------ C:\WINDOWS\system32\xxyayay.dll

2007-12-11 19:47:48 0 d-------- C:\WINDOWS\system32\daSgo01

-- Find3M Report ---------------------------------------------------------------

2008-01-07 16:54:12 52814 --a------ C:\logfile

2007-12-26 15:24:06 0 d--h----- C:\Program Files\InstallShield Installation Information

2007-12-22 11:19:35 0 d-------- C:\Documents and Settings\jessica ahlers\Application Data\Syntrillium

2007-12-17 14:33:44 0 d-------- C:\Documents and Settings\jessica ahlers\Application Data\ICQ

2007-12-13 08:26:51 0 d-------- C:\Program Files\Common Files\Symantec Shared

2007-12-12 15:45:52 0 d-------- C:\Program Files\Common Files

2007-12-12 15:23:42 0 d-------- C:\Program Files\Online Services

2007-12-12 09:17:28 0 d-------- C:\Program Files\Messenger

2007-11-27 11:05:22 0 d-------- C:\Program Files\Eusing Free Registry Cleaner

2007-11-27 10:43:41 0 d-------- C:\Documents and Settings\jessica ahlers\Application Data\Uniblue

2007-11-26 14:37:31 0 d-------- C:\Documents and Settings\jessica ahlers\Application Data\Windows Desktop Search

2007-11-26 14:36:45 0 d-------- C:\Program Files\Windows Desktop Search

2007-11-26 09:25:41 0 d-------- C:\Documents and Settings\jessica ahlers\Application Data\ICAClient

2007-11-26 09:25:34 0 d-------- C:\Program Files\Citrix

2007-11-20 14:35:19 0 d-------- C:\Program Files\QuickTime

2007-11-20 14:34:29 0 d-------- C:\Program Files\Kodak

2007-11-20 14:33:31 0 d-------- C:\Program Files\Common Files\Kodak

2007-10-25 07:24:20 53760 --a------ C:\WINDOWS\b122.exe

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{56636fa0-466e-4fa3-9d81-80c53e8a9973}]

12/11/2007 19:48 171520 --a------ C:\WINDOWS\system32\phmxoiv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]

12/12/2007 15:45 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]

12/20/2007 09:07 165472 --a------ C:\WINDOWS\system32\grjlloin.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AEBF6926-DBA6-4100-A838-1CED0169AB78}]

12/11/2007 19:47 37376 --a------ C:\WINDOWS\system32\xxyayay.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F10587E9-0E47-4CBE-84AE-7DD20B8684BB}]

12/12/2007 08:18 18432 -r-hs---- C:\Program Files\Helper\Helper6.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avp"="C:\WINDOWS\avp.exe" [12/12/2007 08:16]

"lsass"="C:\WINDOWS\lsass.exe" [12/12/2007 08:18]

"smgr"="mgrs.exe" [12/12/2007 08:18 C:\WINDOWS\mgrs.exe]

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [08/24/2007 23:07]

"Printer"="C:\WINDOWS\system32\printer.exe" []

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [09/01/2006 15:57]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 10:24]

"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 10:09]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 04:00]

"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [06/08/2007 08:59]

"WebBuying"="C:\Program Files\Web Buying\v1.8.6\webbuying.exe" [12/11/2007 19:48]

"WinAble"="C:\Program Files\WinAble\winable.exe" [12/12/2007 07:36]

"Spoolsv"="C:\WINDOWS\system32\spoolvs.exe" []

C:\Documents and Settings\jessica ahlers\Start Menu\Programs\Startup\

AutoSpell 5.lnk - C:\Program Files\autospell50\Aswatc32.exe [06/15/2006 16:22:34]

findfast.exe [05/13/2005 00:35:24]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

autorun.exe [05/13/2005 01:54:09]

Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [05/26/2006 20:47:32]

Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [02/20/2007 05:10:26]

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [02/17/1999 14:05:56]

PGPtray.exe.lnk - C:\WINDOWS\Installer\{A61CFA2F-E28F-4C2B-8DB8-C8B44C68811B}\Icon6560581611.exe [06/27/2006 14:51:22]

Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [02/05/2007 15:40:46]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"DisableRegistryTools"=1 (0x1)

"DisableTaskMgr"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"Wallpaper"=

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"ForceActiveDesktopOn"=1 (0x1)

"NoActiveDesktop"=2 (0x2)

"NoControlPanel"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{AEBF6926-DBA6-4100-A838-1CED0169AB78}"= C:\WINDOWS\system32\xxyayay.dll [12/11/2007 19:47 37376]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"Shell"="Explorer.exe C:\WINDOWS\shell.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\grjlloin]

grjlloin.dll 12/20/2007 09:07 165472 C:\WINDOWS\system32\grjlloin.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyayay]

xxyayay.dll 12/11/2007 19:47 37376 C:\WINDOWS\system32\xxyayay.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"appinit_dlls"=C:\WINDOWS\system32\wowfx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

"Authentication Packages"= msv1_0 C:\\WINDOWS\\system32\\mljge

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, wowfx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"RDSessMgr"=3 (0x3)

"Fax"=2 (0x2)

"DSBrokerService"=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8495530d-2fd7-11dc-9879-0016766b97e3}]

AutoRun\command- F:\Installer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fd3e80d4-1454-11dc-9858-00038a000015}]

AutoRun\command- F:\LaunchU3.exe -a

-- Hosts -----------------------------------------------------------------------

10.18.250.4 ad.doubleclick.net

10.18.250.4 ad.fastclick.net

10.18.250.4 ads.fastclick.net

10.18.250.4 ar.atwola.com

10.18.250.4 atdmt.com

10.18.250.4 avp.ch

10.18.250.4 avp.com

10.18.250.4 avp.ru

10.18.250.4 awaps.net

10.18.250.4 banner.fastclick.net

90 more entries in hosts file.

-- End of Deckard's System Scanner: finished at 2008-01-08 14:45:42 ------------

extra.txt

[Wowfx.dll Is Not A Valid Windows Image[RESOLVED][INACTIVE]]

thanks, i will let you know as soon as am done with the process you instructed me to do..

[Wowfx.dll Is Not A Valid Windows Image[RESOLVED][INACTIVE]]

i have a big problem everytime i ran an executable like Excel, Word, IE anything a message will come up saying,

"The application or DLL C:\WINDOWS\SYSTEMS32\WOWFX.DLL is not a valid windows image. Please check this against your installation disk."

It it very annoying and it slows down anything i wish to do. Please help me on this. Thanks a lot.