Thread: Bad Image Messages
View Single Post
Old 06-21-2009, 01:00 PM   #1 (permalink)
Floyd22
Registered User
 
Join Date: Jun 2009
Posts: 6
OS: xp


Bad Image Messages
I am getting loads of pop ups saying, "application or DLL C:windows/system32/hahuhiju.ddl is not a valid windows image please check against your installation diskette."

I am running windows XP and have verizon anti spyware and virus. Neither detect any kind of infection. I can reload windows but want to see if there are any better alternatives.

Thanks.

Here are the attached files:




DDS (Ver_09-05-14.01) - NTFSx86
Run by Owner at 12:55:21.17 on Sun 06/21/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1352 [GMT -4:00]

AV: Verizon Internet Security Suite Anti-Virus *On-access scanning enabled* (Updated) {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}
FW: Verizon Internet Security Suite Firewall *enabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Verizon\Verizon Internet Security Suite\SafeConnect\Bin\SanaAgent.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\rps.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
C:\Program Files\PerSono\perstray.exe
C:\Program Files\TrueSwitchVerizonYahoo\TrueWizard.exe
C:\Program Files\Verizon\VSP\VerizonServicepointComHandler.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\RpsSecurityAwareR.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Verizon\Verizon Internet Security Suite\SafeConnect\Bin\SanaMonitor.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.yahoo.com/
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: PopKill Class: {3c060ea2-e6a9-4e49-a530-d4657b8c449a} - c:\program files\verizon\verizon internet security suite\pkR.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Steam]
uRun: [igndlm.exe] c:\program files\ign\download manager\DLM.exe /windowsstart /startifwork
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Verizon_McciTrayApp] "c:\program files\verizon\McciTrayApp.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [VerizonServicepoint.exe] "c:\program files\verizon\vsp\VerizonServicepoint.exe" /AUTORUN
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\trueas~1.lnk - c:\program files\trueswitchverizonyahoo\TrueWizard.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ncprot~1.lnk - c:\program files\sec\natural color pro\NCProTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\perstray.lnk - c:\program files\persono\perstray.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: microsoft.com\*.update
Trusted Zone: windowsupdate.com\download
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon%20FiOS%20Installer.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1213221231406
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1213221271796
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5310/mcfscan.cab
Filter: text/html - {a54fdd85-458e-41f7-8b82-e2c83f2599f8} -
AppInit_DLLs: c:\windows\system32\nahuhiju.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\8rdfumio.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - WWW.YAHOO.COM
FF - plugin: c:\program files\ign\download manager\npfpdlm.dll
FF - plugin: c:\program files\verizon\vsp\nprpspa.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R0 uGuru;uGuru;c:\windows\system32\drivers\uGuru.SYS [2004-11-30 10752]
R1 KLIF;KLIF;c:\windows\system32\drivers\klif.sys [2009-5-24 179984]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\common files\intuit\update service\IntuitUpdateService.exe [2008-10-10 13088]
R2 PD91Agent;PD91Agent;c:\program files\raxco\perfectdisk2008\PD91Agent.exe [2008-9-22 693512]
R2 RadialpointSafeConnectAgent;Verizon Internet Security Suite SafeConnectAgent;c:\program files\verizon\verizon internet security suite\safeconnect\bin\SanaAgent.exe [2008-11-14 4937752]
R2 uacFlt;Plantronics USB Audio Adapter EQ Filter Driver;c:\windows\system32\drivers\uacflt.sys [2004-12-28 20296]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\drivers\LCCFLTR.SYS [2004-12-5 14092]
R3 PD91Engine;PD91Engine;c:\program files\raxco\perfectdisk2008\PD91Engine.exe [2008-9-22 910600]
R3 Radialpoint Security Services;Verizon Internet Security Suite;c:\program files\verizon\verizon internet security suite\RpsSecurityAwareR.exe [2009-4-22 170736]
R3 RadialpointSafeConnectDriver;RadialpointSafeConnectDriver;c:\program files\verizon\verizon internet security suite\safeconnect\driver\platform_xp\SafeConnectDriver.sys [2008-11-14 161304]
R3 RadialpointSafeConnectFilter;RadialpointSafeConnectFilter;c:\program files\verizon\verizon internet security suite\safeconnect\driver\platform_xp\SafeConnectFilter.sys [2008-11-14 29720]
R3 RadialpointSafeConnectShim;RadialpointSafeConnectShim;c:\program files\verizon\verizon internet security suite\safeconnect\driver\platform_xp\SafeConnectShim.sys [2008-11-14 27376]
S2 AudioSrvxmlprov;Windows Audio AudioSrvxmlprov; srv --> srv [?]
S2 BonjourMSDTC;Bonjour Service BonjourMSDTC; srv --> srv [?]
S2 ERSvcRemoteAccess;Error Reporting Service ERSvcRemoteAccess; srv --> srv [?]
S2 PnkBstrAstisvc;PnkBstrA PnkBstrAstisvc; srv --> srv [?]
S3 AC2003;AC2003;c:\windows\system32\drivers\AC2003.sys [2004-11-19 4224]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2008-9-21 33752]
S3 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2008-6-12 42376]
S3 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2008-6-12 66952]
S3 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2008-6-12 81288]
S3 Memctl;Memctl;c:\program files\abit\abit uguru\MEMCTL.SYS [2004-11-30 4047]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\162.tmp --> c:\windows\system32\162.tmp [?]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2008-6-12 337800]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2008-6-12 1017224]

============== File Associations ===============

regfile=regedit.exe "%1" %*
scrfile="%1" %*

=============== Created Last 30 ================

2009-06-20 16:32 20 a------- c:\windows\system32\NAHUHIJU.DLL
2009-06-11 21:21 <DIR> --d----- c:\program files\NCH Software
2009-06-11 20:34 4 a------- c:\windows\system32\CE7BFA
2009-06-10 20:40 <DIR> --dsh--- c:\documents and settings\owner\IECompatCache
2009-06-10 20:39 <DIR> --dsh--- c:\documents and settings\owner\PrivacIE
2009-06-10 20:31 <DIR> --dsh--- c:\documents and settings\owner\IETldCache
2009-06-10 20:05 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-06-10 20:05 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-06-10 20:05 <DIR> --d----- c:\windows\ie8updates
2009-06-10 20:03 102,912 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-06-10 20:00 <DIR> -cd-h--- c:\windows\ie8
2009-05-24 16:39 20 a------- c:\windows\system32\SYSTEM
2009-05-24 11:34 40 a------- c:\windows\system32\????????????????????4???????????????????????
2009-05-24 11:32 71,184 a------- c:\windows\system32\drivers\DefragFS.sys
2009-05-24 11:32 <DIR> --d----- c:\program files\Raxco

==================== Find3M ====================

2009-06-21 12:53 497,440 a--sh--- c:\windows\system32\drivers\fidbox2.dat
2009-06-21 12:53 10,132,000 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-06-20 22:14 135,740 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-06-20 22:14 47,084 a--sh--- c:\windows\system32\drivers\fidbox2.idx
2009-06-17 11:27 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 11:27 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-05-13 01:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll
2009-04-17 17:10 4,724 a------- c:\windows\system32\PerfStringBackup.TMP
2009-04-17 08:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-15 10:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2009-03-13 21:14 61,224 a------- c:\documents and settings\owner\GoToAssistDownloadHelper.exe
2009-01-25 18:08 22,328 a------- c:\docume~1\owner\applic~1\PnkBstrK.sys
2008-01-05 17:54 1 a------- c:\documents and settings\owner\SI.bin
2007-04-20 15:38 17,720 a------- c:\docume~1\owner\applic~1\GDIPFONTCACHEV1.DAT
2004-11-30 12:38 1,932,129 a------- c:\documents and settings\owner\Standard_Monitor_Driver_Signed_WinXP_040921.ZIP
2008-06-08 07:32 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008060820080609\index.dat

============= FINISH: 12:57:10.20 ===============
Attached Files
File Type: txt DDS.txt (14.5 KB, 1 views)
File Type: zip Attach.zip (4.6 KB, 2 views)
Last edited by amateur; 06-21-2009 at 01:19 PM.
Floyd22 is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here