BleepingComputer.com: Malware

I recieved a particularily nasty trojan and ran Malware. After removing the trojan which took all day, on start up I recieve the following message:
DLL/documents and settings/david eichner/local settings/ application data/drmnetvdm/smpwebsched.dll is not a valid windows image

Once you click OK I get another message:

error loading/david eichner/ local settings/application data/drmnetvdm/smpwebsched.dll % is not a valid win32 application

How do I reienstall or correct this bleeping situation.

This post has been edited by Orange Blossom: 07 March 2011 - 01:44 PM
Reason for edit: Moved to AII. ~ OB

Can you post the logs from Malwarebytes?

e-mail address removed to protect from spambots. ~ OB

I am not that sophisticated however outside this system I may be able too do it.

cryptodan, on 07 March 2011 - 02:21 PM, said:

Here is my e-mailremoved to protect from spambots. ~ OB

This post has been edited by Orange Blossom: 07 March 2011 - 03:21 PM

e-mail address removed to protect from spambots. ~ OB

If you contact me outside this blog I might be able to send the logs. I don't know how to here. You of course can post my info if you wish.

This post has been edited by Orange Blossom: 07 March 2011 - 03:23 PM

Open the log file in Notepad then go to Edit and select all then go back to edit and copy. After that right click in the add reply text box and hit paste.

Hello Surferdude,

The logs appear in a notepad file. Copy the log from the notepad then paste the log into the text area when you create a reply.

Orange Blossom

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5777

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

2/17/2011 1:25:47 PM
mbam-log-2011-02-17 (13-25-47).txt

Scan type: Full scan (A:\|C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|)
Objects scanned: 317398
Time elapsed: 59 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 5
Registry Data Items Infected: 1
Folders Infected: 2
Files Infected: 21

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AntiVirus System 2011 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ANTIVIRUS SYSTEM 2011 (Rogue.AntivirusSystem2011) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mscjm (Trojan.VB) -> Value: mscjm -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mscj (Backdoor.Bot) -> Value: mscj -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AntiVirus System 2011 (Trojan.FakeAlert) -> Value: AntiVirus System 2011 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Security Manager (Trojan.FakeAlert) -> Value: Security Manager -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\AntiVirus System 2011\BackgroundScan (Rogue.AntivirusSystem2011) -> Value: BackgroundScan -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
c:\documents and settings\david eichner\start menu\Programs\antivirus system 2011 (Rogue.AntivirusSystem2011) -> Quarantined and deleted successfully.
c:\documents and settings\david eichner\application data\antivirus system 2011 (Rogue.AntivirusSystem2011) -> Quarantined and deleted successfully.

Files Infected:
c:\documents and settings\david eichner\application data\92877\mscjm.exe (Trojan.VB) -> Quarantined and deleted successfully.
c:\documents and settings\david eichner\application data\92877\mscj.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\david eichner\application data\antivirus system 2011\antivirus__system__2011.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\david eichner\application data\antivirus system 2011\securitymanager.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\david eichner\application data\92877\bbzzkzz18.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\david eichner\application data\antivirus system 2011\securityhelper.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\david eichner\local settings\Temp\google.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\david eichner\local settings\Temp\ppddfcfux.exxe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\david eichner\local settings\Temp\w32rim_mem.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\david eichner\local settings\Temp\wrfwe_di.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\david eichner\local settings\Temp\dfbleep.exe (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\david eichner\application data\microsoft\internet explorer\quick launch\antivirus system 2011.lnk (Rogue.AntivirusSystem2011) -> Quarantined and deleted successfully.
c:\documents and settings\david eichner\start menu\Programs\antivirus system 2011\antivirus system 2011.lnk (Rogue.AntivirusSystem2011) -> Quarantined and deleted successfully.
c:\documents and settings\david eichner\start menu\Programs\antivirus system 2011\activate antivirus system 2011.lnk (Rogue.AntivirusSystem2011) -> Quarantined and deleted successfully.
c:\documents and settings\david eichner\start menu\Programs\antivirus system 2011\help antivirus system 2011.lnk (Rogue.AntivirusSystem2011) -> Quarantined and deleted successfully.
c:\documents and settings\david eichner\start menu\Programs\antivirus system 2011\how to activate antivirus system 2011.lnk (Rogue.AntivirusSystem2011) -> Quarantined and deleted successfully.
c:\documents and settings\david eichner\start menu\Programs\antivirus system 2011.lnk (Rogue.AntivirusSystem2011) -> Quarantined and deleted successfully.
c:\documents and settings\david eichner\Desktop\antivirus system 2011.lnk (Rogue.AntiVirusSystem2011) -> Quarantined and deleted successfully.
c:\documents and settings\david eichner\application data\antivirus system 2011\icoactivate.ico (Rogue.AntivirusSystem2011) -> Quarantined and deleted successfully.
c:\documents and settings\david eichner\application data\antivirus system 2011\IcoHelp.ico (Rogue.AntivirusSystem2011) -> Quarantined and deleted successfully.
c:\documents and settings\david eichner\application data\antivirus system 2011\icouninstall.ico (Rogue.AntivirusSystem2011) -> Quarantined and deleted successfully.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5575

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/22/2011 9:28:45 PM
mbam-log-2011-01-22 (21-28-45).txt

Scan type: Full scan (A:\|C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|)
Objects scanned: 311833
Time elapsed: 1 hour(s), 36 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Have you followed this guide: How do I remove Anti-Virus System 2011?

Yes I have seen it and have used it many times I just never had dll file taken out by it. I am looking at how to reinstall the missing files because it caused my computer to refuse to start until I went to safe mode and started it from an earlier date which did not help restore the files.

Hello, most likely this is a leftover registry setting. In order to correct it, I need to see a more detailed log. I'll move this topic to the appropriate forum.

OTL
-----
Please download OTL from one of the following mirrors:

• This is THE Mirror


• Save it to your desktop.
  
• Double click on the icon on your desktop.
  
• Click the "Scan All Users" checkbox.
  
• Push the Quick Scan button.
  
• Two reports will open, copy and paste them in a reply here:
  • OTListIt.txt <-- Will be opened
    
  • Extra.txt <-- Will be minimized

Hi Blonde. Sorry for the delay. I was traveling for work. I am afraid I do not know what a mirror is or how to do as you suggested. I feel silly being older but I only know enough about my computer to mess it once in awhile and reset the time or run virus ware.

Don't worry about it.
A mirror is a download link, so just click the link, download the file and run it as instructed.

Hi, are you still there?

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.