Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

bad image error


  • Please log in to reply

#1
sugarita

sugarita

    New Member

  • Member
  • Pip
  • 2 posts
My computer recently started with these pop ups saying (PROGRAM NAME) bad image c:\system32... i tried everything and nothing seems to work. I desperately need to fix this...I cant open some programs and others are lagging and slow. i tried system restore,command prompt scan and malwarebytes (found nothing) and also combofix(included scan log).... please help

I also ran some free registry software which of course insn't completely free and it found over 1000 registry errors and couldnt remove them (cause i didnt pay lol)



Attached File  combofix.txt   14.76KB   89 downloads
ComboFix 11-01-10.04 - me 01/10/2011 15:56:13.1.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.1915.828 [GMT -5:00]
Running from: c:\users\me\Documents\Downloads\ComboFix.exe
AV: Norton Security Suite *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton Security Suite *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Norton Security Suite *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Spyware Doctor *Enabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\SysWoW32
c:\programdata\SysWoW32\mu1989486576v4
c:\programdata\SysWoW32\mu1989486576v4.kwd
c:\programdata\SysWoW32\mu1989486576v5
c:\programdata\SysWoW32\mu1989486576v5.kwd
c:\programdata\SysWoW32\mu1989486576v6
c:\programdata\SysWoW32\mu1989486576v6.kwd
c:\programdata\SysWoW32\mu1989486576v7
c:\programdata\SysWoW32\mu1989486576v7.kwd
c:\programdata\SysWoW32\wu1989486576v0
c:\programdata\SysWoW32\wu1989486576v0.kwd
c:\programdata\SysWoW32\wu1989486576v1
c:\programdata\SysWoW32\wu1989486576v1.kwd
c:\programdata\SysWoW32\wu1989486576v2
c:\programdata\SysWoW32\wu1989486576v2.kwd
c:\programdata\SysWoW32\wu1989486576v3
c:\programdata\SysWoW32\wu1989486576v3.kwd
c:\windows\system32\scvideo.dll

.
((((((((((((((((((((((((( Files Created from 2010-12-10 to 2011-01-10 )))))))))))))))))))))))))))))))
.

2011-01-10 21:24 . 2011-01-10 21:24 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-01-10 21:24 . 2011-01-10 21:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-10 21:24 . 2011-01-10 21:24 -------- d-----w- c:\users\Boop\AppData\Local\temp
2011-01-10 21:24 . 2011-01-10 21:24 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-01-10 19:59 . 2011-01-10 19:59 -------- d-----w- c:\users\me\AppData\Roaming\Registry Mechanic
2011-01-10 19:58 . 2011-01-10 20:12 -------- d-----w- c:\program files\Registry Easy
2011-01-10 19:46 . 2010-09-16 17:26 37336 ----a-w- c:\windows\system32\CleanMFT32.exe
2011-01-10 19:46 . 2008-04-02 21:54 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
2011-01-10 19:46 . 2008-04-02 21:53 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
2011-01-10 19:46 . 2008-04-02 21:53 880640 ----a-w- c:\windows\system32\UniBox10.ocx
2011-01-10 19:46 . 2004-08-04 13:00 506368 ----a-w- c:\windows\system32\msxml.dll
2011-01-10 19:46 . 2008-09-18 03:17 658432 ----a-w- c:\windows\system32\MSCOMCT2.OCX
2011-01-10 18:18 . 2011-01-10 18:18 -------- d-----w- c:\users\me\AppData\Roaming\Uniblue
2011-01-10 18:16 . 2011-01-10 18:16 -------- dc-h--w- c:\programdata\{DE8EABB5-1C85-4410-A68D-79BD8A4518F4}
2011-01-10 18:15 . 2011-01-10 18:15 -------- d-----w- c:\program files\Uniblue
2011-01-10 18:11 . 2011-01-10 18:11 -------- d-----w- c:\users\me\AppData\Local\PackageAware
2010-12-26 22:02 . 2010-12-26 22:02 -------- d-----w- c:\users\me\AppData\Roaming\DAEMON Tools Lite
2010-12-26 22:02 . 2010-12-26 22:02 -------- d-----w- c:\programdata\DAEMON Tools Lite
2010-12-26 21:04 . 2010-12-26 21:04 -------- d-----w- C:\extensions
2010-12-20 03:03 . 2010-12-20 03:03 -------- d-----w- c:\users\me\AppData\Local\Yahoo
2010-12-20 02:47 . 2010-12-20 02:48 -------- d-----w- c:\programdata\Yahoo! Companion
2010-12-15 17:42 . 2010-10-28 12:56 2048 ----a-w- c:\windows\system32\tzres.dll
2010-12-15 17:40 . 2010-10-12 13:52 515584 ----a-w- c:\program files\Windows Mail\wab.exe
2010-12-15 17:40 . 2010-10-12 13:52 66048 ----a-w- c:\program files\Windows Mail\wabmig.exe
2010-12-15 17:40 . 2010-10-12 15:48 33280 ----a-w- c:\program files\Windows Mail\wabfind.dll
2010-12-15 17:37 . 2010-10-18 13:56 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-12-15 17:35 . 2010-11-06 11:09 603648 ----a-w- c:\windows\system32\schedsvc.dll
2010-12-15 17:35 . 2010-11-06 11:10 357376 ----a-w- c:\windows\system32\taskschd.dll
2010-12-15 17:35 . 2010-11-06 11:10 345088 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-12-15 17:35 . 2010-11-05 00:53 171520 ----a-w- c:\windows\system32\taskeng.exe
2010-12-15 17:35 . 2010-11-06 11:10 270336 ----a-w- c:\windows\system32\taskcomp.dll
2010-12-15 17:35 . 2010-10-18 14:01 81920 ----a-w- c:\windows\system32\consent.exe
2010-12-15 17:34 . 2010-10-28 13:03 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-12-15 17:34 . 2010-10-28 15:02 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-12-15 17:34 . 2010-06-16 15:12 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-12-15 17:20 . 2010-11-03 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim"="c:\program files\AIM\aim.exe" [2010-09-16 4425048]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2010-08-18 1287120]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-18 421160]
"SSDMonitor"="c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2010-11-15 112600]

c:\users\Boop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-3-30 503808]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^me^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^IMVU.lnk]
path=c:\users\me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk
backup=c:\windows\pss\IMVU.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
2008-10-17 22:52 51048 ----a-w- c:\program files\Common Files\Symantec Shared\CCAPP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-11-02 13:13 133104 ----atw- c:\users\me\AppData\Local\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-11-18 01:59 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-10-14 18:36 2793304 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
2008-02-26 07:50 988512 ----a-w- c:\program files\Norton 360\osCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 16:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2007-12-07 01:12 1029416 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToshibaServiceStation]
2008-08-04 21:46 1242424 ----a-w- c:\program files\Toshiba\TOSHIBA Service Station\TSS.exe

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-02 135664]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
R3 IO_Memory;IO_Memory;c:\windows\SYSTEM32\SYSPREP\Drivers\ioport.sys [x]
R3 MAUSBFTP;Service for M-Audio Fast Track Pro (WDM);c:\windows\system32\DRIVERS\mausb.sys [2008-03-11 143624]
R3 SVRPEDRV;SVRPEDRV;c:\windows\System32\sysprep\PEDrv.sys [2008-01-18 9216]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-08-18 218592]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308000.029\SYMEFA.SYS [2010-03-25 310320]
S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\Drivers\N360\0308000.029\BHDrvx86.sys [2010-03-25 259632]
S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\N360\0308000.029\ccHPx86.sys [2010-03-25 482432]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20101223.002\IDSvix86.sys [2010-11-09 353912]
S1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\DRIVERS\rtlprot.sys [2007-04-23 25896]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-17 40960]
S2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe [2010-03-25 117640]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-10-01 632792]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2010-03-11 366840]
S2 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2008-08-04 46392]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-04 126976]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2007-12-26 290304]
S3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\N360\0308000.029\SYMNDISV.SYS [2010-03-25 48688]


--- Other Services/Drivers In Memory ---

*Deregistered* - PCTSDInjDriver32

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder

2011-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-02 17:49]

2011-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-02 17:49]

2010-03-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-146225478-2751266370-3618135412-1000Core1cac7b23bd32580.job
- c:\users\me\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-02 13:13]

2010-12-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-146225478-2751266370-3618135412-1002Core.job
- c:\users\Boop\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-07 16:00]

2011-01-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-146225478-2751266370-3618135412-1002UA.job
- c:\users\Boop\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-07 16:00]

2010-12-23 c:\windows\Tasks\Norton Security Scan for me.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-04-12 16:50]

2011-01-10 c:\windows\Tasks\RMSchedule.job
- c:\program files\Registry Mechanic\RegMech.exe [2011-01-10 22:05]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-00TCrdMain - %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
MSConfigStartUp-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
MSConfigStartUp-HotbarSA - c:\program files\Hotbar\bin\11.0.78.0\HotbarSA.exe
MSConfigStartUp-HSON - %ProgramFiles%\TOSHIBA\TBS\HSON.exe
MSConfigStartUp-NDSTray - NDSTray.exe
MSConfigStartUp-ooVoo - c:\program files\ooVoo\ooVoo.exe
MSConfigStartUp-SmoothView - %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
MSConfigStartUp-TPwrMain - %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
MSConfigStartUp-WeatherDPA - c:\program files\Hotbar\bin\11.0.78.0\Weather.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-10 16:25
Windows 6.0.6001 Service Pack 1 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\3.8.0.41\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-01-10 16:34:17
ComboFix-quarantined-files.txt 2011-01-10 21:33

Pre-Run: 53,577,379,840 bytes free
Post-Run: 60,968,976,384 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=14 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14
- - End Of File - - 09D1C9E673ADC7E8609E3856F7B7F256

Edited by sugarita, 10 January 2011 - 04:18 PM.

  • 0

Advertisements


#2
phillipcorcoran

phillipcorcoran

    Member 1K

  • Member
  • PipPipPipPip
  • 1,293 posts
You will need to post on the 'Malware Removal' forum since we aren't allowed to give advice on problems which, like yours, could be due to malware.
That sort of stuff is left exclusively to the experts on the malware removal forum so that members do not receive bad advice from people who haven't had sufficient training. The malware removal forum is here: http://www.geekstogo...alware-removal/

One thing I am allowed to tell you: Do not use any registry cleaners because they are uneccessary and may even damage the Registry by removing vital entries which are not errors at all. I would say that most of us have errors or redundant entries in the Registry but it's rare for any of them to cause problems. Just leave the Registry alone unless a malware expert specifically instructs you otherwise.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP