Tech Support Forum - View Single Post

Floyd22 · 06-23-2009, 07:54 PM

I also get this message in the virus scan from verizon:

Verizon Internet Security Suite Anti-Virus
Fast Scan Report (6/23/2009 9:03:42 PM)
Master Boot Records and Fixed Disk Boot Sectors

Scanned 1 Master Boot Record(s) for viruses.

Your Master Boot Record(s)/Boot Sector(s) are not infected.
Files
Drive C:\

* C:\Program Files\InstallShield Installation Information\{4CB90CB9-DD58-4CCC-A053-08FA70A42941}\RPS SafeConnect.msi
o Some parts of this file could not be scanned because they are password protected. The real-time protection will automatically scan these parts when they are accessed.

Files scanned: 100206
Infected files: 0
Disinfected files: 0
Deleted files: 0
Files unable to scan: 1

Here is the log that you requested:

ComboFix 09-06-22.0E - Owner 06/23/2009 20:12.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1559 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: Verizon Internet Security Suite Anti-Virus *On-access scanning disabled* (Updated) {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}
FW: Verizon Internet Security Suite Firewall *disabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\MailSwitch.ocx
c:\windows\system32\NAHUHIJU.DLL

.
((((((((((((((((((((((((( Files Created from 2009-05-24 to 2009-06-24 )))))))))))))))))))))))))))))))
.

2009-06-12 01:22 . 2009-06-12 01:22 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2009-06-12 01:21 . 2009-06-12 01:21 -------- d-----w- c:\program files\NCH Software
2009-06-12 01:21 . 2009-06-12 01:21 -------- d-----w- c:\documents and settings\Owner\Application Data\NCH Swift Sound
2009-06-11 00:40 . 2009-06-11 00:40 -------- d-sh--w- c:\documents and settings\Owner\IECompatCache
2009-06-11 00:39 . 2009-06-11 00:39 -------- d-sh--w- c:\documents and settings\Owner\PrivacIE
2009-06-11 00:32 . 2009-06-11 00:32 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-06-11 00:31 . 2009-06-11 00:31 -------- d-sh--w- c:\documents and settings\Owner\IETldCache
2009-06-11 00:05 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-11 00:05 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-11 00:05 . 2009-06-11 00:05 -------- d-----w- c:\windows\ie8updates
2009-06-11 00:03 . 2009-05-12 05:11 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-06-11 00:00 . 2009-06-11 00:03 -------- dc-h--w- c:\windows\ie8
2009-05-27 17:44 . 2009-05-27 17:44 622592 ----a-w- c:\documents and settings\Owner\Application Data\Verizon\VSP\downloads\Verizon-Welcome-70-WithAdsTracking.41.zip.dir\all\tools\TCC.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-24 00:15 . 2009-03-06 00:39 517664 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-06-24 00:15 . 2009-03-06 00:39 10425888 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-06-24 00:01 . 2009-03-05 23:37 -------- d-----w- c:\program files\TrueSwitchVerizonYahoo
2009-06-23 22:42 . 2009-03-06 00:39 49100 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-06-23 22:42 . 2009-03-06 00:39 139556 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-06-20 20:45 . 2008-06-14 17:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-20 20:45 . 2008-12-19 01:56 3561743 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-06-17 15:27 . 2008-11-27 14:30 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 15:27 . 2008-06-14 17:14 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-08 21:55 . 2008-05-17 13:15 -------- d-----w- c:\documents and settings\Owner\Application Data\ZoomBrowser EX
2009-06-08 21:55 . 2008-05-16 01:07 -------- d-----w- c:\documents and settings\All Users\Application Data\ZoomBrowser
2009-05-24 15:34 . 2009-03-05 23:27 -------- d-----w- c:\documents and settings\Owner\Application Data\Verizon
2009-05-24 15:32 . 2009-05-24 15:32 -------- d-----w- c:\program files\Raxco
2009-05-24 15:32 . 2009-05-24 15:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Raxco
2009-05-24 15:31 . 2009-03-05 19:48 -------- d-----w- c:\program files\Verizon
2009-05-24 15:31 . 2009-03-05 23:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Verizon
2009-05-24 15:27 . 2004-11-19 21:41 -------- d-----w- c:\program files\InstallShield Installation Information
2009-05-16 13:08 . 2009-05-16 13:08 29696 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{312255E7-E2C2-4F3E-BBCB-02C5B8696CCB}\IconF0CEFCC9.exe
2009-05-13 05:15 . 2004-08-24 01:32 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-10 20:34 . 2008-08-18 22:22 1 ----a-w- c:\documents and settings\Owner\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2009-05-10 20:34 . 2008-08-18 22:21 -------- d-----w- c:\documents and settings\Owner\Application Data\OpenOffice.org2
2009-05-10 13:55 . 2004-11-30 17:34 28328 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-09 22:20 . 2009-05-09 22:20 -------- d-----w- c:\program files\MSECache
2009-05-07 15:32 . 2003-03-31 12:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-25 21:12 . 2009-04-25 21:12 -------- d-----w- c:\documents and settings\Owner\Application Data\AdobeAUM
2009-04-19 02:22 . 2009-04-19 02:22 152576 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-17 21:10 . 2008-06-13 01:06 4724 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2009-04-17 12:26 . 2003-03-31 12:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-11-30 17:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"igndlm.exe"="c:\program files\IGN\Download Manager\DLM.exe" [2007-03-05 1103480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 86016]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2004-12-01 180269]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2009-03-10 1553920]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"VerizonServicepoint.exe"="c:\program files\Verizon\VSP\VerizonServicepoint.exe" [2009-03-12 2303216]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-01-15 1657376]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
TrueAssistant.lnk - c:\program files\TrueSwitchVerizonYahoo\TrueWizard.exe [2008-12-11 1064960]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
NCProTray.lnk - c:\program files\SEC\Natural Color Pro\NCProTray.exe [2007-11-20 49220]
Perstray.lnk - c:\program files\PerSono\perstray.exe [2004-12-28 40960]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

06-23-2009, 07:54 PM	#5 (permalink)
Floyd22 Registered User Join Date: Jun 2009 Posts: 6 OS: xp	Re: Bad Image Messages I also get this message in the virus scan from verizon: Verizon Internet Security Suite Anti-Virus Fast Scan Report (6/23/2009 9:03:42 PM) Master Boot Records and Fixed Disk Boot Sectors Scanned 1 Master Boot Record(s) for viruses. Your Master Boot Record(s)/Boot Sector(s) are not infected. Files Drive C:\ * C:\Program Files\InstallShield Installation Information\{4CB90CB9-DD58-4CCC-A053-08FA70A42941}\RPS SafeConnect.msi o Some parts of this file could not be scanned because they are password protected. The real-time protection will automatically scan these parts when they are accessed. Files scanned: 100206 Infected files: 0 Disinfected files: 0 Deleted files: 0 Files unable to scan: 1 Here is the log that you requested: ComboFix 09-06-22.0E - Owner 06/23/2009 20:12.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1559 [GMT -4:00] Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe AV: Verizon Internet Security Suite Anti-Virus On-access scanning disabled (Updated) {5B5A3BD7-8573-4672-AEA8-C9BB713B6755} FW: Verizon Internet Security Suite Firewall disabled {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\MailSwitch.ocx c:\windows\system32\NAHUHIJU.DLL . ((((((((((((((((((((((((( Files Created from 2009-05-24 to 2009-06-24 ))))))))))))))))))))))))))))))) . 2009-06-12 01:22 . 2009-06-12 01:22 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound 2009-06-12 01:21 . 2009-06-12 01:21 -------- d-----w- c:\program files\NCH Software 2009-06-12 01:21 . 2009-06-12 01:21 -------- d-----w- c:\documents and settings\Owner\Application Data\NCH Swift Sound 2009-06-11 00:40 . 2009-06-11 00:40 -------- d-sh--w- c:\documents and settings\Owner\IECompatCache 2009-06-11 00:39 . 2009-06-11 00:39 -------- d-sh--w- c:\documents and settings\Owner\PrivacIE 2009-06-11 00:32 . 2009-06-11 00:32 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2009-06-11 00:31 . 2009-06-11 00:31 -------- d-sh--w- c:\documents and settings\Owner\IETldCache 2009-06-11 00:05 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2009-06-11 00:05 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2009-06-11 00:05 . 2009-06-11 00:05 -------- d-----w- c:\windows\ie8updates 2009-06-11 00:03 . 2009-05-12 05:11 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll 2009-06-11 00:00 . 2009-06-11 00:03 -------- dc-h--w- c:\windows\ie8 2009-05-27 17:44 . 2009-05-27 17:44 622592 ----a-w- c:\documents and settings\Owner\Application Data\Verizon\VSP\downloads\Verizon-Welcome-70-WithAdsTracking.41.zip.dir\all\tools\TCC.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-24 00:15 . 2009-03-06 00:39 517664 --sha-w- c:\windows\system32\drivers\fidbox2.dat 2009-06-24 00:15 . 2009-03-06 00:39 10425888 --sha-w- c:\windows\system32\drivers\fidbox.dat 2009-06-24 00:01 . 2009-03-05 23:37 -------- d-----w- c:\program files\TrueSwitchVerizonYahoo 2009-06-23 22:42 . 2009-03-06 00:39 49100 --sha-w- c:\windows\system32\drivers\fidbox2.idx 2009-06-23 22:42 . 2009-03-06 00:39 139556 --sha-w- c:\windows\system32\drivers\fidbox.idx 2009-06-20 20:45 . 2008-06-14 17:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-06-20 20:45 . 2008-12-19 01:56 3561743 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2009-06-17 15:27 . 2008-11-27 14:30 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-06-17 15:27 . 2008-06-14 17:14 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-06-08 21:55 . 2008-05-17 13:15 -------- d-----w- c:\documents and settings\Owner\Application Data\ZoomBrowser EX 2009-06-08 21:55 . 2008-05-16 01:07 -------- d-----w- c:\documents and settings\All Users\Application Data\ZoomBrowser 2009-05-24 15:34 . 2009-03-05 23:27 -------- d-----w- c:\documents and settings\Owner\Application Data\Verizon 2009-05-24 15:32 . 2009-05-24 15:32 -------- d-----w- c:\program files\Raxco 2009-05-24 15:32 . 2009-05-24 15:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Raxco 2009-05-24 15:31 . 2009-03-05 19:48 -------- d-----w- c:\program files\Verizon 2009-05-24 15:31 . 2009-03-05 23:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Verizon 2009-05-24 15:27 . 2004-11-19 21:41 -------- d-----w- c:\program files\InstallShield Installation Information 2009-05-16 13:08 . 2009-05-16 13:08 29696 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{312255E7-E2C2-4F3E-BBCB-02C5B8696CCB}\IconF0CEFCC9.exe 2009-05-13 05:15 . 2004-08-24 01:32 915456 ----a-w- c:\windows\system32\wininet.dll 2009-05-10 20:34 . 2008-08-18 22:22 1 ----a-w- c:\documents and settings\Owner\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys 2009-05-10 20:34 . 2008-08-18 22:21 -------- d-----w- c:\documents and settings\Owner\Application Data\OpenOffice.org2 2009-05-10 13:55 . 2004-11-30 17:34 28328 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-05-09 22:20 . 2009-05-09 22:20 -------- d-----w- c:\program files\MSECache 2009-05-07 15:32 . 2003-03-31 12:00 345600 ----a-w- c:\windows\system32\localspl.dll 2009-04-25 21:12 . 2009-04-25 21:12 -------- d-----w- c:\documents and settings\Owner\Application Data\AdobeAUM 2009-04-19 02:22 . 2009-04-19 02:22 152576 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_13\lzma.dll 2009-04-17 21:10 . 2008-06-13 01:06 4724 ----a-w- c:\windows\system32\PerfStringBackup.TMP 2009-04-17 12:26 . 2003-03-31 12:00 1847168 ----a-w- c:\windows\system32\win32k.sys 2009-04-15 14:51 . 2004-11-30 17:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "igndlm.exe"="c:\program files\IGN\Download Manager\DLM.exe" [2007-03-05 1103480] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 86016] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2004-12-01 180269] "Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2009-03-10 1553920] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "VerizonServicepoint.exe"="c:\program files\Verizon\VSP\VerizonServicepoint.exe" [2009-03-12 2303216] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-01-15 1657376] c:\documents and settings\Owner\Start Menu\Programs\Startup\ TrueAssistant.lnk - c:\program files\TrueSwitchVerizonYahoo\TrueWizard.exe [2008-12-11 1064960] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] NCProTray.lnk - c:\program files\SEC\Natural Color Pro\NCProTray.exe [2007-11-20 49220] Perstray.lnk - c:\program files\PerSono\perstray.exe [2004-12-28 40960] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk * [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center]