Bad Image Virus

I've seen this in other posts. Everytime when either the computer automatically opens a program, or I open a program manually, I see the message, "Bad Image - The application or DLL c:\windows\system32 supilime.dll is not a valid image. Please check this against your installation diskette." Can someone help me get rid of this virus?



DDS (Ver_09-12-01.01) - NTFSx86
Run by Jason Ward at 20:05:58.49 on Wed 01/06/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.479.118 [GMT -6:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SpeedswitchXP\SpeedswitchXP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Jason Ward\Desktop\Power Trio\CrystalCPUID40\CrystalCPUID.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Config2500\Utility\Config2500.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Jason Ward\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.comcast.net/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = hxxp://www.averatec.com/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com
mSearchAssistant = hxxp://www.google.com
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {871F91FD-3A92-4988-A842-16AB2CFF5AF1} - No File
uRun: [Power2GoExpress]
uRun: [SpeedswitchXP] c:\program files\speedswitchxp\SpeedswitchXP.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [braviax] c:\windows\system32\braviax.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\shortc~1.lnk - c:\documents and settings\jason ward\desktop\power trio\crystalcpuid40\CrystalCPUID.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {F4430FE8-2638-42e5-B849-800749B94EED} - c:\program files\partypoker.net\partypokernet.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
AppInit_DLLs: c:\windows\system32\supilime.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli c:\windows\system32\supilime.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jasonw~1\applic~1\mozilla\firefox\profiles\ey5qryds.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.comcast.net/
FF - plugin: c:\program files\mcafee\supportability\mvt\NPMVTPlugin.dll
FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-3-22 214664]
R1 Odptdi;Odptdi;c:\windows\system32\drivers\odptdi.sys [2009-7-6 46744]
R2 Dev_UNIDRV;Dev_UNIDRV;c:\windows\system32\drivers\UNIDRV.SYS [2005-4-4 6080]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-3-22 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2008-3-22 144704]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2008-3-22 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-3-22 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-3-22 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-3-22 40552]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-3-22 34248]

=============== Created Last 30 ================

2010-01-07 01:47:28 0 d-----w- c:\program files\TrendMicro
2010-01-06 21:10:37 0 d-----w- c:\docume~1\alluse~1\applic~1\Citrix
2010-01-06 21:08:07 0 d-----w- c:\program files\Citrix
2010-01-06 21:07:27 61224 ----a-w- c:\documents and settings\jason ward\GoToAssistDownloadHelper.exe
2010-01-04 04:16:18 0 d-----w- c:\windows\system32\XPSViewer
2010-01-04 04:14:59 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-01-04 04:14:59 117760 ------w- c:\windows\system32\prntvpt.dll
2010-01-04 04:14:58 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-01-04 04:14:58 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-01-04 04:14:58 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-01-04 04:14:58 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-01-04 04:14:58 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-01-04 04:14:56 0 d-----w- C:\52ca100cec88686003ac67
2009-12-30 01:21:29 0 d-----w- c:\docume~1\jasonw~1\applic~1\Red Kawa
2009-12-29 23:59:06 0 d-----w- c:\program files\AviSynth 2.5
2009-12-29 23:58:17 0 d-----w- c:\program files\Red Kawa
2009-12-29 21:44:55 0 d-----w- C:\temp
2009-12-29 21:43:07 0 d-----w- c:\program files\PQDVD
2009-12-29 21:30:46 0 d-----w- c:\program files\MediaCoder
2009-12-28 18:56:15 0 d-----w- c:\docume~1\jasonw~1\applic~1\4Media Software Studio
2009-12-28 18:45:48 45056 ----a-w- c:\windows\system32\WNASPI32.DLL
2009-12-28 18:45:48 16512 ----a-w- c:\windows\system32\drivers\ASPI32.SYS
2009-12-26 22:16:52 0 d-----w- C:\divx

==================== Find3M ====================

2009-11-20 03:17:30 27720 ---ha-w- c:\windows\system32\mlfcache.dat
2009-10-29 07:45:38 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll
2007-04-20 01:20:30 774144 -c--a-w- c:\program files\RngInterstitial.dll
2009-05-29 23:02:52 0 -csha-w- c:\windows\system32\junepoha.dll
2009-05-29 23:02:52 0 -csha-w- c:\windows\system32\nizedage.dll
2009-05-29 23:02:53 0 --sha-w- c:\windows\system32\supilime.dll
2008-09-12 18:26:17 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091220080913\index.dat

============= FINISH: 20:09:49.99 ===============

Edited by wardpilot, 06 January 2010 - 09:25 PM.

Hi,

* Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• In case you already used MBAM previously, please update it before proceeding with the scan. To do this, click the "Update" tab and click the "Check For updates" button.
• Once the program has loaded and updates were downloaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply along with a fresh HijackThis log.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Couldn't get the files to paste. So I attached them instead.

Hi,

It looks like Malwarebytes fixed it. How are things now?

The message went away. Does that malware program clean the files for you and shred them or do I have to get another program to do that? I've heard this virus comes back if you don't shred it properly.

Yes, Malwarebytes deletes these. They won't come back.

My computer is running much better now. Thank you so much for your help.

Jason Ward

Glad I could help.

Please read my Prevention page with lots of info and tips how to prevent this in the future.
And if you want to improve speed/system performance after malware removal, take a look here.
Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

Happy Surfing again!

Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.