BleepingComputer.com: PC with mstsc.exe bad image error when using Remote Desktop connection

In advance, thank you for the assistance in defining if I have a virus. Maybe I have a virus.. maybe not.

When trying to use the remote desktop connection on my PC, I am experiencing:
The application or DLL C:\WINDOWS\system32\aaclient.dll is not a valid Windows Image. Please check this against your installation diskette.
Maybe this is just a install issue? It worked in the past... months ago.

Also, when trying to open really any file, if I right click to define a program to open it with, it takes 30 second and never displays the window access to define what program I want to use... if I right click again while still on the file, it then allows me to select from my "open with" program types.
Maybe this is a DDE issue with file associations?

I have used this site to try and define if there were issues I could define with no forum help... I've run mbam-setup.exe, cureit.exe and ComboFix.exe with no red flag apparent to me. Hopefully this hasn't messed up the process and I will work thru the process you suggest to determine if there are actual issues with me PC.

Here is my DDS and GMER logs:
.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Run by rodlar at 10:15:57 on 2011-05-20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1132 [GMT -5:00]
.
AV: McAfee VirusScan Enterprise *Enabled/Outdated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Firepond\ICS\Service\FPService10.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Firepond\ICS\Editor\FPService10.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\PROGRA~1\RETROS~1\RETROS~1.5\retrorun.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\VMware\VMware Server\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Network Associates\Common Framework\udaterui.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\McTray.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\VMware\VMware Server\vmserverdWin32.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\rodlar\My Documents\Downloads\dds(1).scr
C:\WINDOWS\system32\WSCRIPT.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: {435EAA86-D32B-484F-869C-53745FCB1642} - No File
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: WsftpBrowserHelper Class: {601ed020-fb6c-11d3-87d8-0050da59922b} - c:\program files\ws_ftp pro\wsbho2k0.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptcl.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {A8C7C2CA-6DFD-4E16-8458-592361564D38} - No File
TB: {8dcb7100-df86-4384-8842-8fa844297b3f} - No File
uRun: [TClockEx] c:\program files\tclockex\TCLOCKEX.EXE
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [McAfeeUpdaterUI] "c:\program files\network associates\common framework\udaterui.exe" /StartedFromRunKey
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [USB2Check] RUNDLL32.EXE "c:\windows\system32\PCLECoInst.dll",CheckUSBController
mRun: [USBToolTip] "c:\program files\pinnacle\shared files\programs\usbtip\USBTip.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wifi\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{51fb15f4-ad27-43bc-ad4b-dd0354fb6bbd}\Icon3E5562ED7.ico
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: fidelity.com
Trusted Zone: firepondsfondemand.com\fpapp04
Trusted Zone: firepondsfondemand.com\fpdb03
Trusted Zone: microsoft.com\office
Trusted Zone: salesforce.com
DPF: {06D59DC6-5304-432D-A1CE-67E531410F9F} - hxxp://atlas/BusinessPortal/UI/ResultViewer/Scripts/MBFWebBehaviors.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1171574391734
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1172089405281
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} - hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\rodlar\application data\mozilla\firefox\profiles\3kz9cxxv.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.comcast.net/comcast.html | http://www.google.com
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
.
============= SERVICES / DRIVERS ===============
.
R1 mferkdk;VSCore mferkdk;c:\program files\mcafee\virusscan enterprise\mferkdk.sys [2008-7-16 31816]
R2 BRE_Service1450;ICS_Test_Application1450;c:\firepond\ics\service\FPService10.exe [2009-4-23 75776]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\network associates\common framework\FrameworkService.exe [2008-3-14 103744]
R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2008-7-16 144704]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2008-7-16 54608]
R2 odbService1450;ICS_Service1450;c:\firepond\ics\editor\FPService10.exe [2009-4-23 75776]
R2 PDSched;PDScheduler;c:\program files\raxco\perfectdisk\PDSched.exe [2004-11-1 237635]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-3-7 24652]
R2 vmserverdWin32;VMware Registration Service;c:\program files\vmware\vmware server\vmserverdWin32.exe [2008-10-30 1650782]
R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2007-12-11 72936]
R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2007-12-11 33960]
R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2007-12-11 174952]
S1 MpKsl2b3ca0f5;MpKsl2b3ca0f5;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5ec6421a-9110-40bf-bc15-7fca5ca794e9}\mpksl2b3ca0f5.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5ec6421a-9110-40bf-bc15-7fca5ca794e9}\MpKsl2b3ca0f5.sys [?]
S3 dcdbas;System Management Driver;c:\windows\system32\drivers\dcdbas32.sys --> c:\windows\system32\drivers\dcdbas32.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 MSSQL$FIREPOND;SQL Server (FIREPOND);c:\program files\microsoft sql server\mssql.2\mssql\binn\sqlservr.exe [2010-12-10 29293408]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2007-11-14 394952]
.
=============== File Associations ===============
.
.txt=UltraEdit.txt
.
=============== Created Last 30 ================
.
2011-05-18 01:25:30 -------- d-----w- c:\documents and settings\rodlar\DoctorWeb
2011-05-17 21:15:08 -------- d-----w- c:\program files\ESET
2011-05-17 19:43:49 -------- d-----w- C:\ComboFix
2011-05-17 14:56:30 -------- d-----w- c:\documents and settings\rodlar\application data\Malwarebytes
2011-05-17 14:56:25 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-17 14:56:24 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-05-17 14:56:21 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-17 14:56:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-17 02:22:03 -------- d-sha-r- C:\cmdcons
2011-05-17 02:18:32 89088 ----a-w- c:\windows\MBR.exe
2011-05-17 02:18:29 98816 ----a-w- c:\windows\sed.exe
2011-05-17 02:18:29 256512 ----a-w- c:\windows\PEV.exe
2011-05-17 02:18:29 161792 ----a-w- c:\windows\SWREG.exe
2011-05-09 16:33:40 20533281 ----a-w- c:\temp\vpn3000\vlc_update\vlc-1.1.9-win32.exe
.
==================== Find3M ====================
.
2011-03-28 16:40:30 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06:29 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06:29 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41:59 385024 ----a-w- c:\windows\system32\html.iec
.
============= FINISH: 10:22:25.75 ===============

Hello ,
And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

• The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  
• Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  
• The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  
• Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:

• Download DDS by sUBs from one of the following links. Save it to your desktop.
  • DDS.scr
    
  • DDS.pif
  
  
• Double click on the DDS icon, allow it to run.
  
• A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  
• Notepad will open with the results.
  
• Follow the instructions that pop up for posting the results.
  
• Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply

• A detailed description of your problems
• A new DDS log (don't forget attach.txt)

Thanks and again sorry for the delay.

Thank you, Elise!

In advance, thank you for the assistance in defining if I have a virus. Maybe I have a virus.. maybe not. When trying to use the remote desktop connection on my PC, I am experiencing:
The application or DLL C:\WINDOWS\system32\aaclient.dll is not a valid Windows Image. Please check this against your installation diskette.
Maybe this is just a install issue? It worked in the past... months ago.

Also, when trying to open really any file, if I right click to define a program to open it with, it takes 30 second and never displays the window access to define what program I want to use... if I right click again while still on the file, it then allows me to select from my "open with" program types.
Maybe this is a DDE issue with file associations?

I have used this site to try and define if there were issues I could define with no forum help... I've run mbam-setup.exe, cureit.exe and ComboFix.exe with no red flag apparent to me. Hopefully this hasn't messed up the process and I will work thru the process you suggest to determine if there are actual issues with me PC.


Attached is the DDS and attach.txt as a zip. Thanks you!

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-05-19.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 2/14/2007 3:31:28 PM
System Uptime: 5/31/2011 8:48:45 AM (2 hours ago)
.
Motherboard: Dell Inc. | |
Processor: Intel® Core™2 CPU T7600 @ 2.33GHz | Microprocessor | 2330/166mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 93 GiB total, 4.771 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA
.
==== System Restore Points ===================
.
RP1332: 3/28/2011 10:07:32 AM - System Checkpoint
RP1333: 3/28/2011 10:36:30 AM - Software Distribution Service 3.0
RP1334: 3/28/2011 10:45:38 AM - Software Distribution Service 3.0
RP1335: 3/28/2011 11:08:19 AM - Software Distribution Service 3.0
RP1336: 3/28/2011 11:13:13 AM - Software Distribution Service 3.0
RP1337: 3/28/2011 11:39:23 AM - Software Distribution Service 3.0
RP1338: 3/28/2011 11:47:17 AM - Software Distribution Service 3.0
RP1339: 3/28/2011 11:50:53 AM - Removed iTunes
RP1340: 3/28/2011 12:00:48 PM - Removed Apple Application Support
RP1341: 3/28/2011 12:01:36 PM - Removed Apple Mobile Device Support
RP1342: 3/28/2011 12:02:15 PM - Removed Bonjour
RP1343: 3/28/2011 6:36:56 PM - Software Distribution Service 3.0
RP1344: 3/29/2011 7:35:00 PM - System Checkpoint
RP1345: 3/31/2011 9:04:10 AM - System Checkpoint
RP1346: 4/1/2011 9:28:06 AM - System Checkpoint
RP1347: 4/3/2011 12:04:47 PM - System Checkpoint
RP1348: 4/4/2011 1:04:00 PM - System Checkpoint
RP1349: 4/7/2011 12:25:16 PM - System Checkpoint
RP1350: 4/8/2011 1:08:51 PM - System Checkpoint
RP1351: 4/10/2011 2:58:20 PM - System Checkpoint
RP1352: 4/15/2011 2:53:10 PM - System Checkpoint
RP1353: 4/15/2011 7:22:55 PM - Software Distribution Service 3.0
RP1354: 4/16/2011 8:09:37 PM - System Checkpoint
RP1355: 4/18/2011 9:15:13 AM - System Checkpoint
RP1356: 4/19/2011 9:42:54 AM - System Checkpoint
RP1357: 4/21/2011 9:10:48 AM - System Checkpoint
RP1358: 4/22/2011 12:07:51 PM - System Checkpoint
RP1359: 4/25/2011 9:25:02 AM - System Checkpoint
RP1360: 4/26/2011 9:51:16 AM - System Checkpoint
RP1361: 4/26/2011 10:59:34 PM - Software Distribution Service 3.0
RP1362: 4/27/2011 10:04:39 AM - Software Distribution Service 3.0
RP1363: 4/29/2011 3:06:44 PM - System Checkpoint
RP1364: 4/30/2011 3:07:47 PM - System Checkpoint
RP1365: 5/2/2011 12:43:56 PM - System Checkpoint
RP1366: 5/5/2011 6:42:33 PM - System Checkpoint
RP1367: 5/6/2011 7:50:09 PM - System Checkpoint
RP1368: 5/9/2011 8:14:50 AM - System Checkpoint
RP1369: 5/10/2011 8:23:18 AM - System Checkpoint
RP1370: 5/13/2011 8:58:20 AM - Software Distribution Service 3.0
RP1371: 5/16/2011 1:06:28 PM - System Checkpoint
RP1372: 5/17/2011 4:04:27 PM - System Checkpoint
RP1373: 5/20/2011 9:05:07 AM - System Checkpoint
RP1374: 5/21/2011 6:34:08 PM - System Checkpoint
RP1375: 5/22/2011 7:26:35 PM - System Checkpoint
RP1376: 5/23/2011 7:27:51 PM - System Checkpoint
RP1377: 5/24/2011 8:20:17 PM - System Checkpoint
RP1378: 5/27/2011 8:17:18 AM - System Checkpoint
RP1379: 5/31/2011 9:05:08 AM - System Checkpoint
.
==== Installed Programs ======================
.
.
Adobe Flash Player 10 Plugin
Adobe Shockwave Player 11.5
Agent Ransack Version 1.7.3
AiO_Scan
ALPS Touch Pad Driver
Apex Explorer 8.0
Apple Software Update
Broadcom Advanced Control Suite
Broadcom Gigabit Integrated Controller
CCleaner
Cisco Systems VPN Client 5.0.04.0300
Compatibility Pack for the 2007 Office system
Conexant HDA D110 MDC V.92 Modem
CPQ OnDemand Offline Edition
Dell Resource CD
Dell Support 3.2.1
Dell Wireless WLAN Card
DivX Player
DivX Pro Trial
DMM for Microsoft Exchange
Firepond CPQ OnDemand Proposal Plug-in
Firepond ICS Server 14.5.0
Foxit Reader
Glary Utilities 2.33.0.1158
Google Chrome
Google Talk (remove only)
GoToMeeting 4.0.0.320
HD Writer AE 1.0 for HDC
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB954550-v5)
HP Image Zone 4.7
HP PSC & OfficeJet 4.7
Indeo« XP Software
Intel® Graphics Media Accelerator Driver
Iomega Discovery Tool Home
Iomega Product Registration
Ipswitch WS_FTP Pro
J2SE Runtime Environment 5.0 Update 14
Java Auto Updater
Java™ 6 Update 24
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7
Malwarebytes' Anti-Malware
McAfee Agent
McAfee Security Scan Plus
McAfee VirusScan Enterprise
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Default Manager
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office FrontPage 2003
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Meeting 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Project Standard 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visio Professional 2003
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition
Microsoft SQL Server 2005 Express Edition (FIREPOND)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Management Studio Express
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft UI Engine
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Modem Helper
Mozilla Firefox 4.0.1 (x86 en-US)
MozyHome 1.8.9.3
mProSafe
MSN Toolbar Platform
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
Multi-Edit 9.10
mWlsSafe
neos 1.2.1
NetWaiting
NTRU Hybrid TSS v2.0.25
NVIDIA Drivers
OGA Notifier 2.0.0048.0
Paint Shop Pro 7
PerfectDisk
Picasa 2
PowerDVD 5.7
PrimoPDF
QFolder
QuickSet
QuickTime
Retrospect Express HD 2.5
Roxio DLA
Roxio Express Labeler
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Scan
SearchAssist
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2466156)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2464583)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB923789)
SigmaTel Audio
SmartSound Quicktracks Plugin
SMS Advanced Client
Sonic Update Manager
Starcraft
Studio 9
Style Report Professional Edition
System Requirements Lab
UltraEdit-32 Uninstall
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Outlook 2007 Junk Email Filter (KB2536413)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
URL Assistant
Viewpoint Media Player
VLC media player 1.1.9
VMware Server
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3
WinRAR archiver
WinZip
XviD MPEG-4 Video Codec
.
==== Event Viewer Messages From Past Week ========
.
5/27/2011 7:42:14 AM, error: Service Control Manager [7019] - Circular dependency: The Intel® PROSet/Wireless Service service depends on a service in a group which starts later.
5/27/2011 7:42:14 AM, error: Service Control Manager [7018] - Detected circular dependencies auto-starting services.
5/27/2011 7:41:57 AM, error: NETLOGON [5719] - No Domain Controller is available for domain CWC due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
5/24/2011 9:19:48 AM, error: Service Control Manager [7034] - The NTRU Hybrid TSS v2.0.25 TCS service terminated unexpectedly. It has done this 1 time(s).
5/24/2011 9:19:48 AM, error: Service Control Manager [7022] - The NTRU Hybrid TSS v2.0.25 TCS service hung on starting.
5/24/2011 9:18:43 AM, error: DCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.
5/24/2011 9:16:38 AM, error: Service Control Manager [7001] - The Intel® PROSet/Wireless SSO Service service depends on the Intel® PROSet/Wireless Service service which failed to start because of the following error: Circular service dependency was specified.
.
==== End Of File ===========================

Hi again,

COMBOFIX
---------------
Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  
• Double click on Combofix.exe and follow the prompts.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

Looks like i didnt fully disable McAfee... but it still created the log.
Let me know if I should try again. Thank you!!

Hello there, please let me know how things are running after the following fix.

CF-SCRIPT
-------------
We need to execute a CF-script.

• Close any open browsers.
  
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
• Click Start > Run and in the box that opens type notepad and press enter. Copy/paste the text in the codebox below into it:

FCopy::
c:\windows\ServicePackFiles\i386\perfctrs.dll | c:\windows\system32\perfctrs.dll

Save this as CFScript.txt, in the same location as ComboFix.exe



Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

here is the attached combofix.txt.

Hi again, do you have any problem left?

Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.

• Download the latest version of Java Runtime Environment (JRE) Version 6.
  
• Look for "JDK 6 Update 25 (JDK or JRE).
  
• Click the "Download JRE" button at the right.
  
• Read the License Agreement, and then check the box that says: "Accept License Agreement".
  
  • Select "Windows x86 Offline" and click on jre-6u25-windows-i586.exe
• Save it to your desktop
  
• Close any programs you may have running - especially your web browser.
  
• Uninstall all older versions of Java (any item with Java Runtime Environment, JRE or J2SE in the name).
  
• Reboot your computer once all Java components are removed.
  
• Install the newest version by double clicking (run as Administrator for Windows Vista/Seven) the downloaded file.

Please launch Malwarebytes Antimalware, update it and run a full scan. Post me the resulting log.

Hi Elise,

I am still seeing the mstsc.exe bad image error when using Remote Desktop connection and a lag between right clicking files to get the "Open with" dialog box. Have you seen anything that indicates malware or a virus? This all could be an windows installation issue too.

Thank you for your assistance! Here is the Malwarebytes Antimalware log attached.

Do you have any idea when this problem started?

Click Start > Run, type sfc /scannow and press enter. Let the system file checker run unhindered. Note, you may be prompted for your XP CD.

Hi Elise,

The sfc /scannow process corrected both of my identified problems.

1 - Remote Desktop Connection: The application or DLL C:\WINDOWS\system32\aaclient.dll is not a valid Windows Image. Please check this against your installation diskette.
Maybe this is just a install issue? It worked in the past... months ago.
NEW RESULT AFTER SFC / SCANNOW: No issue. Can connect with no problems. SWEET!!!

2 - When trying to open really any file, if I right click to define a program to open it with, it takes 30 second and never displays the window access to define what program I want to use... if I right click again while still on the file, it then allows me to select from my "open with" program types.
NEW RESULT AFTER SFC / SCANNOW: Slight lag 10+ seconds but manageable. THANKS!

What do I need to do for clean up?

Thank you very much for your assistance!

Hi, this means that the mentioned files have been replaced by a good copy by Windows (SFC scans for system file integrity).

Lets also do one last scan for leftovers.

ESET ONLINE SCANNER
----------------------------
I'd like us to scan your machine with ESET OnlineScan

• Hold down Control and click on this link to open ESET OnlineScan in a new window.
  
• Click the button.
  
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    
  • Double click on the
    icon on your desktop.
  
  
• Check "YES, I accept the Terms of Use."
  
• Click the Start button.
  
• Accept any security warnings from your browser.
  
• Under scan settings, check "Scan Archives" and "Remove found threats"
  
• Click Advanced settings and select the following:
  • Scan potentially unwanted applications
    
  • Scan for potentially unsafe applications
    
  • Enable Anti-Stealth technology
  
  
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  
• When the scan completes, click List Threats
  
• Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  
• Click the Back button.
  
• Click the Finish button.

HI Elise,

I ran the ESET Online Scanner and there was no option to do "click List Threats" when it was done.

NO THREATS FOUND:
Scanned files 97878
Infected Files 0
Cleaned Files 0
Total Scan time 01:50:52
Scan Status: Finished

I selected Uninstall application on close... so it has be removed.

Let me know if we need to do anything else.

Thank you!!

Hi again, that means you're all cleaned up.

ALL CLEAN
--------------
Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it clean

Please do the following to remove the remaining programs from your PC:

• Delete the tools used during the disinfection:
  • Click start > run and type combofix /uninstall, press enter. This will remove Combofix from your computer.
    
  • Delete DDS

Please read these advices, in order to prevent reinfecting your PC:

• Install and update the following programs regularly:
  • an outbound firewall. If you are connected to the internet through a router, you are already behind a hardware firewall and as such you do not need an extra software firewall.
    A comprehensive tutorial and a list of possible firewalls can be found here.
    
  • an AntiVirus Software
    It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    
  • an Anti-Spyware program
    Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
    SUPERAntiSpyware is another good scanner with high detection and removal rates.
    Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    
  • Spyware Blaster
    A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
  
  
• Keep Windows (and your other Microsoft software) up to date!
  I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.
  Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!
  
• Keep your other software up to date as well
  Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.
  
• Stay up to date!
  The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.

Some more links you might find of interest:

• Miekies' prevention suggestions
  
• So How did I get infected?
  
• Microsoft - 'Security at home'
  
• Calendar of Updates: See which updates have been released.
  
• How to backup your Data with Cobian Backup:because you never know, when your harddisk might fail
  
• Commonly Used Freeware Replacements: a nice list of freeware programs in all categories, that are regarded as useful by the users of this forum.
  
• osalt: Find (free) open source alternatives to known commercial software.

Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards.

Thank you, Elise!
You were very knowledgeable and professional in getting my computer issues corrected!!

Kudos to you and the Bleeping Computers world!