Run a DLL as an app windows pop-up message, possible malware

So that satmat maybe on another profile?

I've been reading about this error, there are a number of different forums looking at this, a lot of them seem to be solved by updating a driver, x10net.dll is the USB receiver driver for ATI.

Does this ring any bells with you?

It's getting late here, so answer my question above and I'll review it in the morning and see what we can do.

-Satmat is on another user's profile correct.

I'll take a look at the driver. I can definitely confirm that something nasty is still on this machine as my Device Manager is not what it should be, (no controls up top etc..) Everytime i click on a device in device manager i get the controls back, and if i hit "scan for hardware changes" I get the dll error message again. Thanks for your help so far, it's been amazing.

Hello.
The "scan for hardware changes" isn't caused by malware, it's the device manager not picking up a piece of hardware correctly.

We'll fix this hardware issue soon, I want to kick the malware off this machine first. No point fixing your profile only to get re-infected again.

Switch to the user that shows that satmat and post a DDS log from that profile.
Instructions for DDS are in this post:
http://www.geekpolice.net/virus-spyware-malware-removal-f11/run-a-dll-as-an-app-windows-pop-up-message-possible-malware-t7560.htm#46538

Please open a new topic for that profile.

The user in question no longer exists on this machine, so if we need to clear everything and delete his profile that is fine, just want to know how to proceed.

Hello.
Okay, we can just delete that users entire profile.
Does your profile have administrator rights?

Press Start > Control Panel > User accounts

In the user accounts section, there should be your account, the profile were deleting, and a guest (guest account is default in XP incase your wondering)

Click on the profile we are deleting and it will open a list of options (set passwords, etc)
Does that list have the power to delete the profile?

That user account appears to have already been deleted off the system, but I know that C:\Documents and settings\seth still exists. This appears to be part of the problem as i know that one of the issues is somewhere in this Temp folder.

Hello.
Just delete the seth folder if the seth account isn't there anymore.
Delete to the recycle bin for now, just in case.

Reboot once it's been deleted and see if that error remains.

Cannot delete the seth folder Access denied, I'm guessing there's some locked files in there

Hello.
Okay, lets try this.
Press Start > Run.
In the Run box, type in: control userpasswords2
Note the space between the l and u, and hit enter.

What user accounts do you see?

I see:

Administrator
Hector
scott
Seth

Hello.
There is a Hector account too??

Does Hector use this machine too or another dead user account no longer used?

The hector account is used.

Okay.

In the userpasswords2 options, highlight Seth and hit remove. Let me know how it goes.

Ok I deleted "Seth" from that, no problems.

See if the C:\Documents and settings\Seth folder is still there.

Unfortunately yes it is still there.

Can you delete it now?

No I can not delete it.

You'll need to logon to the administrator account then.
Press Start > Log off > log off

Now in the user menu, you might only see your account and the other, but not administrator.
Hit alt+ctrl+del twice to access an advanced logon option.
In the username part, type in "administrator" without the quote and try to logon.
If it won't let you because of a password, try admin or administrator.

If you can get on, go to Start > Control Panel > User account.
Choose Seth if it's there and see if there's an option to delete it.

Tried all variations, can't login under administrator.

Hmm.
Who set up this machine? did you parents set the administrator password?

This machine was hector's brothers machine. The provided passwords from him to access the accounts for admin, and seth did not work, So I don't think there's anything we can do there. Do we have other options? Can I use a utility to just move/delete the Seth folder?

The control userpasswords2 does have an option to change the administrator password, go back into the control userpasswords2, highlight administrator and underneath the user accounts list should be a change password option.

Successfully changed hte password and tried to login as administrator again. Get message unable to log you in because of an account restriction.

Hmm.
I'll give this one more shot then ask another forum tech to drop by.
In control usepasswords2, click the Advanced tab.
Under the Advanced user management, click Advanced.

This opens the advanced user control. Double click on "Users", then right click Seth if it's there and delete it.

After clicking the "Advanced" tab under advanced user management i get a message in the right hand column stating that this snapin can not be used with windows XP home.

Okay, hang tight and we'll see what my colleagues think.

For what it's worth, I am able to login to the machine under the administrator account in safe mode, tried deleting the "seth" folder and it still says access denied.

Oh, you got in.
In the control panel, go into the user accounts again.
Is Seth there?

The user "Seth" is no in the user accounts. Just FYI, I also tried deleting the seth folder in documents and settings and still got the access denied.

Okay.
You can empty the temp folder anyway.

1. Open My Computer.
   
2. Go to Tools > Folder Options.
   
3. Select the View tab.
   
4. Scroll down to Hidden files and folders.
   
5. Select Show hidden files and folders.
   
6. Uncheck (untick) Hide extensions of known file types.
   
7. Uncheck (untick) Hide protected operating system files (Recommended).
   
8. Click Yes when prompted.
   
9. Click OK.
   
10. Close My Computer.

Now locate C:\Documents and settings\Seth\Local Settings\Temp
Delete EVERYTHING inside the temp folder, but don't delete the Temp folder.

I keep getting access denied.

Even from the administrator account?
Anyway, I wouldn't say your in trouble, the file is only a temp file.

What problems remain?

The run a DLL as an application message pops up pretty consistently. And my device manager is completely broken. I tried pluggin in a USB mouse and thumb drive and neither one was recognized so something is still up.

Lets take a look at the event viewer.
Press Start > Run.
Type in eventvwr and hit enter.

This opens the event viewer. Double click on system.
Press the "Date" header to sort them into the most recent.

Double click the most recent and it has a big description box explaining the problem.
Highlight what's inside the box, copy and paste it back here.

The WMI Performance Adapter service entered the stopped state.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Hmm.
Have a look through a few of them and see if any of the descriptions mention a rundll32 error.

I don't see anything relating to the dll problem

Okay, hold tight and we'll see if my colleagues have any ideas.

Any news back from your colleagues?

I've told him about this thread, he told me he'd drop by later. I might have to just split out a post or two to move it into the hardware section because he works better in that area.

No problem, thank you.

Hello.
I got feedback.

"From what I know, Vista doesn't allow you to delete the account folder, so it should be the same in XP"

Although you can't delete it, the temp files leftover can't cause you any harm.

As for the device manager problem, is the device manager window blank?

No the device manager window isn't blank, but it's missing some of the icons up top (such as the "scan for hardware changes button." It's also missing all of the icons next to each device, (like the little memory icon next to where it would say memory) I believe this problem, the dll message, and the lack of USB devices (and probably others) might be related, as I always get the dll message when i click on one of the objects inside of device manager, or when i try to plug in a USB stick, which is recognized, but it's almost as though it can't load it, thus doesn't show up as driveX in MyComputer. USB doesn't appear to be working as if i plug in a USB mouse it doesn't work.

Windows update through Internet explorer will not work as well... keep getting errors. I really can't afford to do a clean install on this machine either.

If you have your XP disc, we can do a repair install. (repair install is different than formatting, your files are not touched, only legit files are replaced)

Sounds like a sensible next step, I have the cd, can you post the instructions?

Using repair install instructions here:
http://www.michaelstevenstech.com/XPrepairinstall.htm

I'll be here if you have any questions.

I found the same instructions, performing the repair now ty.

Did the repair and all seems to be doing well no dll problems, device manager checks out ok, anything else i should check for?