Bad Image Messages

[Floyd22]

I am getting loads of pop ups saying, "application or DLL C:windows/system32/hahuhiju.ddl is not a valid windows image please check against your installation diskette."

I am running windows XP and have verizon anti spyware and virus. Neither detect any kind of infection. I can reload windows but want to see if there are any better alternatives.

Thanks.

Here are the attached files:




DDS (Ver_09-05-14.01) - NTFSx86
Run by Owner at 12:55:21.17 on Sun 06/21/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1352 [GMT -4:00]

AV: Verizon Internet Security Suite Anti-Virus *On-access scanning enabled* (Updated) {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}
FW: Verizon Internet Security Suite Firewall *enabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Verizon\Verizon Internet Security Suite\SafeConnect\Bin\SanaAgent.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\rps.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
C:\Program Files\PerSono\perstray.exe
C:\Program Files\TrueSwitchVerizonYahoo\TrueWizard.exe
C:\Program Files\Verizon\VSP\VerizonServicepointComHandler.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\RpsSecurityAwareR.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Verizon\Verizon Internet Security Suite\SafeConnect\Bin\SanaMonitor.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.yahoo.com/
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: PopKill Class: {3c060ea2-e6a9-4e49-a530-d4657b8c449a} - c:\program files\verizon\verizon internet security suite\pkR.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Steam]
uRun: [igndlm.exe] c:\program files\ign\download manager\DLM.exe /windowsstart /startifwork
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Verizon_McciTrayApp] "c:\program files\verizon\McciTrayApp.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [VerizonServicepoint.exe] "c:\program files\verizon\vsp\VerizonServicepoint.exe" /AUTORUN
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\trueas~1.lnk - c:\program files\trueswitchverizonyahoo\TrueWizard.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ncprot~1.lnk - c:\program files\sec\natural color pro\NCProTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\perstray.lnk - c:\program files\persono\perstray.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: microsoft.com\*.update
Trusted Zone: windowsupdate.com\download
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon%20FiOS%20Installer.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1213221231406
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1213221271796
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5310/mcfscan.cab
Filter: text/html - {a54fdd85-458e-41f7-8b82-e2c83f2599f8} -
AppInit_DLLs: c:\windows\system32\nahuhiju.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\8rdfumio.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - WWW.YAHOO.COM
FF - plugin: c:\program files\ign\download manager\npfpdlm.dll
FF - plugin: c:\program files\verizon\vsp\nprpspa.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R0 uGuru;uGuru;c:\windows\system32\drivers\uGuru.SYS [2004-11-30 10752]
R1 KLIF;KLIF;c:\windows\system32\drivers\klif.sys [2009-5-24 179984]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\common files\intuit\update service\IntuitUpdateService.exe [2008-10-10 13088]
R2 PD91Agent;PD91Agent;c:\program files\raxco\perfectdisk2008\PD91Agent.exe [2008-9-22 693512]
R2 RadialpointSafeConnectAgent;Verizon Internet Security Suite SafeConnectAgent;c:\program files\verizon\verizon internet security suite\safeconnect\bin\SanaAgent.exe [2008-11-14 4937752]
R2 uacFlt;Plantronics USB Audio Adapter EQ Filter Driver;c:\windows\system32\drivers\uacflt.sys [2004-12-28 20296]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\drivers\LCCFLTR.SYS [2004-12-5 14092]
R3 PD91Engine;PD91Engine;c:\program files\raxco\perfectdisk2008\PD91Engine.exe [2008-9-22 910600]
R3 Radialpoint Security Services;Verizon Internet Security Suite;c:\program files\verizon\verizon internet security suite\RpsSecurityAwareR.exe [2009-4-22 170736]
R3 RadialpointSafeConnectDriver;RadialpointSafeConnectDriver;c:\program files\verizon\verizon internet security suite\safeconnect\driver\platform_xp\SafeConnectDriver.sys [2008-11-14 161304]
R3 RadialpointSafeConnectFilter;RadialpointSafeConnectFilter;c:\program files\verizon\verizon internet security suite\safeconnect\driver\platform_xp\SafeConnectFilter.sys [2008-11-14 29720]
R3 RadialpointSafeConnectShim;RadialpointSafeConnectShim;c:\program files\verizon\verizon internet security suite\safeconnect\driver\platform_xp\SafeConnectShim.sys [2008-11-14 27376]
S2 AudioSrvxmlprov;Windows Audio AudioSrvxmlprov; srv --> srv [?]
S2 BonjourMSDTC;Bonjour Service BonjourMSDTC; srv --> srv [?]
S2 ERSvcRemoteAccess;Error Reporting Service ERSvcRemoteAccess; srv --> srv [?]
S2 PnkBstrAstisvc;PnkBstrA PnkBstrAstisvc; srv --> srv [?]
S3 AC2003;AC2003;c:\windows\system32\drivers\AC2003.sys [2004-11-19 4224]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2008-9-21 33752]
S3 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2008-6-12 42376]
S3 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2008-6-12 66952]
S3 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2008-6-12 81288]
S3 Memctl;Memctl;c:\program files\abit\abit uguru\MEMCTL.SYS [2004-11-30 4047]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\162.tmp --> c:\windows\system32\162.tmp [?]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2008-6-12 337800]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2008-6-12 1017224]

============== File Associations ===============

regfile=regedit.exe "%1" %*
scrfile="%1" %*

=============== Created Last 30 ================

2009-06-20 16:32 20 a------- c:\windows\system32\NAHUHIJU.DLL
2009-06-11 21:21 <DIR> --d----- c:\program files\NCH Software
2009-06-11 20:34 4 a------- c:\windows\system32\CE7BFA
2009-06-10 20:40 <DIR> --dsh--- c:\documents and settings\owner\IECompatCache
2009-06-10 20:39 <DIR> --dsh--- c:\documents and settings\owner\PrivacIE
2009-06-10 20:31 <DIR> --dsh--- c:\documents and settings\owner\IETldCache
2009-06-10 20:05 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-06-10 20:05 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-06-10 20:05 <DIR> --d----- c:\windows\ie8updates
2009-06-10 20:03 102,912 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-06-10 20:00 <DIR> -cd-h--- c:\windows\ie8
2009-05-24 16:39 20 a------- c:\windows\system32\SYSTEM
2009-05-24 11:34 40 a------- c:\windows\system32\????????????????????4???????????????????????
2009-05-24 11:32 71,184 a------- c:\windows\system32\drivers\DefragFS.sys
2009-05-24 11:32 <DIR> --d----- c:\program files\Raxco

==================== Find3M ====================

2009-06-21 12:53 497,440 a--sh--- c:\windows\system32\drivers\fidbox2.dat
2009-06-21 12:53 10,132,000 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-06-20 22:14 135,740 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-06-20 22:14 47,084 a--sh--- c:\windows\system32\drivers\fidbox2.idx
2009-06-17 11:27 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 11:27 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-05-13 01:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll
2009-04-17 17:10 4,724 a------- c:\windows\system32\PerfStringBackup.TMP
2009-04-17 08:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-15 10:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2009-03-13 21:14 61,224 a------- c:\documents and settings\owner\GoToAssistDownloadHelper.exe
2009-01-25 18:08 22,328 a------- c:\docume~1\owner\applic~1\PnkBstrK.sys
2008-01-05 17:54 1 a------- c:\documents and settings\owner\SI.bin
2007-04-20 15:38 17,720 a------- c:\docume~1\owner\applic~1\GDIPFONTCACHEV1.DAT
2004-11-30 12:38 1,932,129 a------- c:\documents and settings\owner\Standard_Monitor_Driver_Signed_WinXP_040921.ZIP
2008-06-08 07:32 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008060820080609\index.dat

============= FINISH: 12:57:10.20 ===============

[TheBruce1]

Hello and welcome to TSF

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

========

Please follow all instructions and in which order they come, if you have any questions, please ask before proceeding. Its important that you follow this through until i give you the all clear.

Please DO NOT Attach logs to your posts unless you are advised to do so.


==========

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Place combofix.exe on your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.

Double click on combofix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.





The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.

With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.

ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says:

The Recovery Console was successfully installed.



Click on Yes, to continue scanning for malware.

Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

[Floyd22]

I have completed running combofix as indicated above. I am no longer receiving the image messages. As far as I can tell this has appeared to work. Let me know how I can avoid having this problem again or if there is anything else I need to do. I have a copy of the log file.

Thanks

[tetonbob]

Hi Floyd22 -

I just happened to be reading this thread. I thought I'd post, so the information is ready for TheBruce1 when he next logs on.

I know TheBruce1 will want to see that log, and may have further instructions for you.

Please post, do not attach, the ComboFix log. If it's been closed, it's located at C:\ComboFix.txt

Now back to your regularly scheduled programming.

[Floyd22]

I also get this message in the virus scan from verizon:

Verizon Internet Security Suite Anti-Virus
Fast Scan Report (6/23/2009 9:03:42 PM)
Master Boot Records and Fixed Disk Boot Sectors

Scanned 1 Master Boot Record(s) for viruses.

Your Master Boot Record(s)/Boot Sector(s) are not infected.
Files
Drive C:\

* C:\Program Files\InstallShield Installation Information\{4CB90CB9-DD58-4CCC-A053-08FA70A42941}\RPS SafeConnect.msi
o Some parts of this file could not be scanned because they are password protected. The real-time protection will automatically scan these parts when they are accessed.

Files scanned: 100206
Infected files: 0
Disinfected files: 0
Deleted files: 0
Files unable to scan: 1

Here is the log that you requested:

ComboFix 09-06-22.0E - Owner 06/23/2009 20:12.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1559 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: Verizon Internet Security Suite Anti-Virus *On-access scanning disabled* (Updated) {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}
FW: Verizon Internet Security Suite Firewall *disabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\MailSwitch.ocx
c:\windows\system32\NAHUHIJU.DLL

.
((((((((((((((((((((((((( Files Created from 2009-05-24 to 2009-06-24 )))))))))))))))))))))))))))))))
.

2009-06-12 01:22 . 2009-06-12 01:22 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2009-06-12 01:21 . 2009-06-12 01:21 -------- d-----w- c:\program files\NCH Software
2009-06-12 01:21 . 2009-06-12 01:21 -------- d-----w- c:\documents and settings\Owner\Application Data\NCH Swift Sound
2009-06-11 00:40 . 2009-06-11 00:40 -------- d-sh--w- c:\documents and settings\Owner\IECompatCache
2009-06-11 00:39 . 2009-06-11 00:39 -------- d-sh--w- c:\documents and settings\Owner\PrivacIE
2009-06-11 00:32 . 2009-06-11 00:32 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-06-11 00:31 . 2009-06-11 00:31 -------- d-sh--w- c:\documents and settings\Owner\IETldCache
2009-06-11 00:05 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-11 00:05 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-11 00:05 . 2009-06-11 00:05 -------- d-----w- c:\windows\ie8updates
2009-06-11 00:03 . 2009-05-12 05:11 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-06-11 00:00 . 2009-06-11 00:03 -------- dc-h--w- c:\windows\ie8
2009-05-27 17:44 . 2009-05-27 17:44 622592 ----a-w- c:\documents and settings\Owner\Application Data\Verizon\VSP\downloads\Verizon-Welcome-70-WithAdsTracking.41.zip.dir\all\tools\TCC.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-24 00:15 . 2009-03-06 00:39 517664 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-06-24 00:15 . 2009-03-06 00:39 10425888 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-06-24 00:01 . 2009-03-05 23:37 -------- d-----w- c:\program files\TrueSwitchVerizonYahoo
2009-06-23 22:42 . 2009-03-06 00:39 49100 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-06-23 22:42 . 2009-03-06 00:39 139556 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-06-20 20:45 . 2008-06-14 17:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-20 20:45 . 2008-12-19 01:56 3561743 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-06-17 15:27 . 2008-11-27 14:30 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 15:27 . 2008-06-14 17:14 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-08 21:55 . 2008-05-17 13:15 -------- d-----w- c:\documents and settings\Owner\Application Data\ZoomBrowser EX
2009-06-08 21:55 . 2008-05-16 01:07 -------- d-----w- c:\documents and settings\All Users\Application Data\ZoomBrowser
2009-05-24 15:34 . 2009-03-05 23:27 -------- d-----w- c:\documents and settings\Owner\Application Data\Verizon
2009-05-24 15:32 . 2009-05-24 15:32 -------- d-----w- c:\program files\Raxco
2009-05-24 15:32 . 2009-05-24 15:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Raxco
2009-05-24 15:31 . 2009-03-05 19:48 -------- d-----w- c:\program files\Verizon
2009-05-24 15:31 . 2009-03-05 23:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Verizon
2009-05-24 15:27 . 2004-11-19 21:41 -------- d-----w- c:\program files\InstallShield Installation Information
2009-05-16 13:08 . 2009-05-16 13:08 29696 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{312255E7-E2C2-4F3E-BBCB-02C5B8696CCB}\IconF0CEFCC9.exe
2009-05-13 05:15 . 2004-08-24 01:32 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-10 20:34 . 2008-08-18 22:22 1 ----a-w- c:\documents and settings\Owner\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2009-05-10 20:34 . 2008-08-18 22:21 -------- d-----w- c:\documents and settings\Owner\Application Data\OpenOffice.org2
2009-05-10 13:55 . 2004-11-30 17:34 28328 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-09 22:20 . 2009-05-09 22:20 -------- d-----w- c:\program files\MSECache
2009-05-07 15:32 . 2003-03-31 12:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-25 21:12 . 2009-04-25 21:12 -------- d-----w- c:\documents and settings\Owner\Application Data\AdobeAUM
2009-04-19 02:22 . 2009-04-19 02:22 152576 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-17 21:10 . 2008-06-13 01:06 4724 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2009-04-17 12:26 . 2003-03-31 12:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-11-30 17:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"igndlm.exe"="c:\program files\IGN\Download Manager\DLM.exe" [2007-03-05 1103480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 86016]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2004-12-01 180269]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2009-03-10 1553920]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"VerizonServicepoint.exe"="c:\program files\Verizon\VSP\VerizonServicepoint.exe" [2009-03-12 2303216]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-01-15 1657376]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
TrueAssistant.lnk - c:\program files\TrueSwitchVerizonYahoo\TrueWizard.exe [2008-12-11 1064960]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
NCProTray.lnk - c:\program files\SEC\Natural Color Pro\NCProTray.exe [2007-11-20 49220]
Perstray.lnk - c:\program files\PerSono\perstray.exe [2004-12-28 40960]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

[TheBruce1]

Thank you tetonbob for you assistance.

Can you please post the C:\Combofix.txt again as it is incomplete.

[Floyd22]

ComboFix 09-06-22.0E - Owner 06/23/2009 20:12.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1559 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: Verizon Internet Security Suite Anti-Virus *On-access scanning disabled* (Updated) {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}
FW: Verizon Internet Security Suite Firewall *disabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\MailSwitch.ocx
c:\windows\system32\NAHUHIJU.DLL

.
((((((((((((((((((((((((( Files Created from 2009-05-24 to 2009-06-24 )))))))))))))))))))))))))))))))
.

2009-06-12 01:22 . 2009-06-12 01:22 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2009-06-12 01:21 . 2009-06-12 01:21 -------- d-----w- c:\program files\NCH Software
2009-06-12 01:21 . 2009-06-12 01:21 -------- d-----w- c:\documents and settings\Owner\Application Data\NCH Swift Sound
2009-06-11 00:40 . 2009-06-11 00:40 -------- d-sh--w- c:\documents and settings\Owner\IECompatCache
2009-06-11 00:39 . 2009-06-11 00:39 -------- d-sh--w- c:\documents and settings\Owner\PrivacIE
2009-06-11 00:32 . 2009-06-11 00:32 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-06-11 00:31 . 2009-06-11 00:31 -------- d-sh--w- c:\documents and settings\Owner\IETldCache
2009-06-11 00:05 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-11 00:05 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-11 00:05 . 2009-06-11 00:05 -------- d-----w- c:\windows\ie8updates
2009-06-11 00:03 . 2009-05-12 05:11 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-06-11 00:00 . 2009-06-11 00:03 -------- dc-h--w- c:\windows\ie8
2009-05-27 17:44 . 2009-05-27 17:44 622592 ----a-w- c:\documents and settings\Owner\Application Data\Verizon\VSP\downloads\Verizon-Welcome-70-WithAdsTracking.41.zip.dir\all\tools\TCC.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-24 00:15 . 2009-03-06 00:39 517664 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-06-24 00:15 . 2009-03-06 00:39 10425888 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-06-24 00:01 . 2009-03-05 23:37 -------- d-----w- c:\program files\TrueSwitchVerizonYahoo
2009-06-23 22:42 . 2009-03-06 00:39 49100 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-06-23 22:42 . 2009-03-06 00:39 139556 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-06-20 20:45 . 2008-06-14 17:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-20 20:45 . 2008-12-19 01:56 3561743 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-06-17 15:27 . 2008-11-27 14:30 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 15:27 . 2008-06-14 17:14 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-08 21:55 . 2008-05-17 13:15 -------- d-----w- c:\documents and settings\Owner\Application Data\ZoomBrowser EX
2009-06-08 21:55 . 2008-05-16 01:07 -------- d-----w- c:\documents and settings\All Users\Application Data\ZoomBrowser
2009-05-24 15:34 . 2009-03-05 23:27 -------- d-----w- c:\documents and settings\Owner\Application Data\Verizon
2009-05-24 15:32 . 2009-05-24 15:32 -------- d-----w- c:\program files\Raxco
2009-05-24 15:32 . 2009-05-24 15:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Raxco
2009-05-24 15:31 . 2009-03-05 19:48 -------- d-----w- c:\program files\Verizon
2009-05-24 15:31 . 2009-03-05 23:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Verizon
2009-05-24 15:27 . 2004-11-19 21:41 -------- d-----w- c:\program files\InstallShield Installation Information
2009-05-16 13:08 . 2009-05-16 13:08 29696 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{312255E7-E2C2-4F3E-BBCB-02C5B8696CCB}\IconF0CEFCC9.exe
2009-05-13 05:15 . 2004-08-24 01:32 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-10 20:34 . 2008-08-18 22:22 1 ----a-w- c:\documents and settings\Owner\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2009-05-10 20:34 . 2008-08-18 22:21 -------- d-----w- c:\documents and settings\Owner\Application Data\OpenOffice.org2
2009-05-10 13:55 . 2004-11-30 17:34 28328 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-09 22:20 . 2009-05-09 22:20 -------- d-----w- c:\program files\MSECache
2009-05-07 15:32 . 2003-03-31 12:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-25 21:12 . 2009-04-25 21:12 -------- d-----w- c:\documents and settings\Owner\Application Data\AdobeAUM
2009-04-19 02:22 . 2009-04-19 02:22 152576 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-17 21:10 . 2008-06-13 01:06 4724 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2009-04-17 12:26 . 2003-03-31 12:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-11-30 17:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"igndlm.exe"="c:\program files\IGN\Download Manager\DLM.exe" [2007-03-05 1103480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 86016]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2004-12-01 180269]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2009-03-10 1553920]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"VerizonServicepoint.exe"="c:\program files\Verizon\VSP\VerizonServicepoint.exe" [2009-03-12 2303216]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-01-15 1657376]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
TrueAssistant.lnk - c:\program files\TrueSwitchVerizonYahoo\TrueWizard.exe [2008-12-11 1064960]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
NCProTray.lnk - c:\program files\SEC\Natural Color Pro\NCProTray.exe [2007-11-20 49220]
Perstray.lnk - c:\program files\PerSono\perstray.exe [2004-12-28 40960]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\call of duty 4\\iw3sp.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\call of duty 4\\iw3mp.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\conflict denied ops demo\\ConflictDeniedOps.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\far cry 2\\bin\\FarCry2.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\far cry 2\\bin\\FC2Editor.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\far cry 2\\bin\\FC2BenchmarkTool.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\far cry 2\\bin\\FC2ServerLauncher.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=

R0 uGuru;uGuru;c:\windows\system32\drivers\uGuru.SYS [11/30/2004 7:38 PM 10752]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 5:45 AM 13088]
R2 PD91Agent;PD91Agent;c:\program files\Raxco\PerfectDisk2008\PD91Agent.exe [9/22/2008 4:58 PM 693512]
R2 RadialpointSafeConnectAgent;Verizon Internet Security Suite SafeConnectAgent;c:\program files\Verizon\Verizon Internet Security Suite\SafeConnect\bin\SanaAgent.exe [11/14/2008 6:28 PM 4937752]
R2 uacFlt;Plantronics USB Audio Adapter EQ Filter Driver;c:\windows\system32\drivers\uacflt.sys [12/28/2004 4:50 PM 20296]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\drivers\LCCFLTR.SYS [12/5/2004 9:20 PM 14092]
R3 RadialpointSafeConnectDriver;RadialpointSafeConnectDriver;c:\program files\Verizon\Verizon Internet Security Suite\SafeConnect\Driver\platform_XP\SafeConnectDriver.sys [11/14/2008 6:28 PM 161304]
R3 RadialpointSafeConnectFilter;RadialpointSafeConnectFilter;c:\program files\Verizon\Verizon Internet Security Suite\SafeConnect\Driver\platform_XP\SafeConnectFilter.sys [11/14/2008 6:28 PM 29720]
R3 RadialpointSafeConnectShim;RadialpointSafeConnectShim;c:\program files\Verizon\Verizon Internet Security Suite\SafeConnect\Driver\platform_XP\SafeConnectShim.sys [11/14/2008 6:28 PM 27376]
S2 AudioSrvxmlprov;Windows Audio AudioSrvxmlprov; srv --> srv [?]
S2 BonjourMSDTC;Bonjour Service BonjourMSDTC; srv --> srv [?]
S2 ERSvcRemoteAccess;Error Reporting Service ERSvcRemoteAccess; srv --> srv [?]
S2 PnkBstrAstisvc;PnkBstrA PnkBstrAstisvc; srv --> srv [?]
S3 AC2003;AC2003;c:\windows\system32\drivers\AC2003.sys [11/19/2004 5:39 PM 4224]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [9/21/2008 5:11 PM 33752]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\162.tmp --> c:\windows\system32\162.tmp [?]
S3 PD91Engine;PD91Engine;c:\program files\Raxco\PerfectDisk2008\PD91Engine.exe [9/22/2008 4:58 PM 910600]
S3 Radialpoint Security Services;Verizon Internet Security Suite;c:\program files\Verizon\Verizon Internet Security Suite\RpsSecurityAwareR.exe [4/22/2009 10:38 AM 170736]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [6/12/2008 9:05 PM 337800]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-06-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:34]

2009-06-24 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Steam - (no file)
SafeBoot-bhD31.sys
SafeBoot-Wintx22.sys


.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.yahoo.com/
Trusted Zone: microsoft.com\*.update
Trusted Zone: windowsupdate.com\download
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-23 20:15
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\TEMP\TMP000001086DEF63EDA27998D8 524288 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AudioSrvxmlprov]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BonjourMSDTC]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ERSvcRemoteAccess]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\162.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PnkBstrAstisvc]
"ImagePath"=" srv"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1801674531-1644491937-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:de,20,b9,90,c6,ee,b8,74,ad,21,73,e4,34,ea,6d,55,23,65,61,7f,8e,
05,5c,59,83,74,11,1a,62,6b,6e,e5,f3,01,78,99,37,72,44,ba,c6,5b,3a,57,ac,9c,\
"rkeysecu"=hex:a4,e1,9e,b9,65,97,d3,55,1b,1b,96,5f,47,f7,1a,c9
.
Completion time: 2009-06-24 20:17
ComboFix-quarantined-files.txt 2009-06-24 00:17

Pre-Run: 24,474,071,040 bytes free
Post-Run: 24,476,667,904 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

201 --- E O F --- 2009-06-22 19:26

[TheBruce1]

Hello again

Open notepad and copy/paste the text in the quotebox below:
(don't forget to copy and paste REGEDIT4)

Quote:

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000000

[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]

Save the file as "Fix.reg". Make sure to save it with the quotes. Choose to "Save type as - All Files"
It should look like this:

Double click on the Fix.reg file and choose Yes to merge/add it to the registry. You may delete the file afterwards.

========

JAVA OUTDATED


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

• Download the latest version of Java Runtime Environment (JRE) 6 and save it to your desktop.
• Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 14. The Java SE Runtime Environment (JRE) allows end-users to run Java applications."
• Click the "Download" button to the right.
• Select the Windows platform from the dropdown menu.
• Read the License Agreement and then check the box that says: "Accept License Agreement". Click on Continue.The page will refresh.
• Click on the link to download Windows Offline Installation and save the file to your desktop.
• Close any programs you may have running - especially your web browser.
• Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
• Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
  • 
    Java 2 Runtime Environment, SE v1.4.2_06
    J2SE Runtime Environment 5.0 Update 2
    J2SE Runtime Environment 5.0 Update 4
    J2SE Runtime Environment 5.0 Update 6
    J2SE Runtime Environment 5.0 Update 8
    J2SE Runtime Environment 5.0 Update 9
    J2SE Runtime Environment 5.0 Update 10
    J2SE Runtime Environment 5.0 Update 11
    Java(TM) 6 Update 2
    Java(TM) 6 Update 4
    Java(TM) 6 Update 6
    Java(TM) 6 Update 7
    Java(TM) 6 Update 13
• Repeat as many times as necessary to remove each Java versions.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on jre-6u14-windows-i586-p.exe to install the newest version.

• After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
  • On the General tab, under Temporary Internet Files, click the Settings button.
  • Next, click on the Delete Files button
  • There are two options in the window to clear the cache - Leave BOTH Checked
    • Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.

========

Download ATF-Cleaner by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you have Firefox installed:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you have Opera installed:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.

=========

Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner

Click Accept, when prompted to download and install the program files and database of malware definitions.

• Click Run at the Security prompt.
• The program will then begin downloading and installing and will also update the database.
• Please be patient as this can take several minutes.
• Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
• Click View scan report at the bottom.
• Click the Save Report As... button.
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

**Note**

This animation will guide you through the process:




To optimize scanning time and produce a more sensible report for review:

• Close any open programs.
• Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

========
Logs Required
Kaspersky Scan Report

An update on how your system is running.

[TheBruce1]

Are you still requiring assistance? If there is no reply to this post within 48hrs, this thread will be closed.

[Floyd22]

I ran the webbase virus scan which found some trojans in some backed up outlook express files which I deleted. It appears all is well now, thanks for your assistance.

[TheBruce1]

Hi

Please post the Kaspersky scan report, also run DDS again and post the DDS.txt in your reply as well.

If there is no reply to this post within 36hrs, this thread will be closed.

[TheBruce1]

As this topic is resolved, this thread is closed.