Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

bad image error


  • Please log in to reply

#1
sugarita

sugarita

    New Member

  • Member
  • Pip
  • 2 posts
My computer recently started with these pop ups saying (PROGRAM NAME) bad image c:\system32... i tried everything and nothing seems to work. I desperately need to fix this...I cant open some programs and others are lagging and slow. i tried system restore,command prompt scan and malwarebytes (found nothing) and also combofix(included scan log).... please help

I also ran some free registry software which of course insn't completely free and it found over 1000 registry errors and couldnt remove them (cause i didnt pay lol)





ComboFix 11-01-10.04 - me 01/10/2011 15:56:13.1.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.1915.828 [GMT -5:00]
Running from: c:\users\me\Documents\Downloads\ComboFix.exe
AV: Norton Security Suite *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton Security Suite *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Norton Security Suite *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Spyware Doctor *Enabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\SysWoW32
c:\programdata\SysWoW32\mu1989486576v4
c:\programdata\SysWoW32\mu1989486576v4.kwd
c:\programdata\SysWoW32\mu1989486576v5
c:\programdata\SysWoW32\mu1989486576v5.kwd
c:\programdata\SysWoW32\mu1989486576v6
c:\programdata\SysWoW32\mu1989486576v6.kwd
c:\programdata\SysWoW32\mu1989486576v7
c:\programdata\SysWoW32\mu1989486576v7.kwd
c:\programdata\SysWoW32\wu1989486576v0
c:\programdata\SysWoW32\wu1989486576v0.kwd
c:\programdata\SysWoW32\wu1989486576v1
c:\programdata\SysWoW32\wu1989486576v1.kwd
c:\programdata\SysWoW32\wu1989486576v2
c:\programdata\SysWoW32\wu1989486576v2.kwd
c:\programdata\SysWoW32\wu1989486576v3
c:\programdata\SysWoW32\wu1989486576v3.kwd
c:\windows\system32\scvideo.dll

.
((((((((((((((((((((((((( Files Created from 2010-12-10 to 2011-01-10 )))))))))))))))))))))))))))))))
.

2011-01-10 21:24 . 2011-01-10 21:24 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-01-10 21:24 . 2011-01-10 21:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-10 21:24 . 2011-01-10 21:24 -------- d-----w- c:\users\Boop\AppData\Local\temp
2011-01-10 21:24 . 2011-01-10 21:24 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-01-10 19:59 . 2011-01-10 19:59 -------- d-----w- c:\users\me\AppData\Roaming\Registry Mechanic
2011-01-10 19:58 . 2011-01-10 20:12 -------- d-----w- c:\program files\Registry Easy
2011-01-10 19:46 . 2010-09-16 17:26 37336 ----a-w- c:\windows\system32\CleanMFT32.exe
2011-01-10 19:46 . 2008-04-02 21:54 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
2011-01-10 19:46 . 2008-04-02 21:53 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
2011-01-10 19:46 . 2008-04-02 21:53 880640 ----a-w- c:\windows\system32\UniBox10.ocx
2011-01-10 19:46 . 2004-08-04 13:00 506368 ----a-w- c:\windows\system32\msxml.dll
2011-01-10 19:46 . 2008-09-18 03:17 658432 ----a-w- c:\windows\system32\MSCOMCT2.OCX
2011-01-10 18:18 . 2011-01-10 18:18 -------- d-----w- c:\users\me\AppData\Roaming\Uniblue
2011-01-10 18:16 . 2011-01-10 18:16 -------- dc-h--w- c:\programdata\{DE8EABB5-1C85-4410-A68D-79BD8A4518F4}
2011-01-10 18:15 . 2011-01-10 18:15 -------- d-----w- c:\program files\Uniblue
2011-01-10 18:11 . 2011-01-10 18:11 -------- d-----w- c:\users\me\AppData\Local\PackageAware
2010-12-26 22:02 . 2010-12-26 22:02 -------- d-----w- c:\users\me\AppData\Roaming\DAEMON Tools Lite
2010-12-26 22:02 . 2010-12-26 22:02 -------- d-----w- c:\programdata\DAEMON Tools Lite
2010-12-26 21:04 . 2010-12-26 21:04 -------- d-----w- C:\extensions
2010-12-20 03:03 . 2010-12-20 03:03 -------- d-----w- c:\users\me\AppData\Local\Yahoo
2010-12-20 02:47 . 2010-12-20 02:48 -------- d-----w- c:\programdata\Yahoo! Companion
2010-12-15 17:42 . 2010-10-28 12:56 2048 ----a-w- c:\windows\system32\tzres.dll
2010-12-15 17:40 . 2010-10-12 13:52 515584 ----a-w- c:\program files\Windows Mail\wab.exe
2010-12-15 17:40 . 2010-10-12 13:52 66048 ----a-w- c:\program files\Windows Mail\wabmig.exe
2010-12-15 17:40 . 2010-10-12 15:48 33280 ----a-w- c:\program files\Windows Mail\wabfind.dll
2010-12-15 17:37 . 2010-10-18 13:56 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-12-15 17:35 . 2010-11-06 11:09 603648 ----a-w- c:\windows\system32\schedsvc.dll
2010-12-15 17:35 . 2010-11-06 11:10 357376 ----a-w- c:\windows\system32\taskschd.dll
2010-12-15 17:35 . 2010-11-06 11:10 345088 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-12-15 17:35 . 2010-11-05 00:53 171520 ----a-w- c:\windows\system32\taskeng.exe
2010-12-15 17:35 . 2010-11-06 11:10 270336 ----a-w- c:\windows\system32\taskcomp.dll
2010-12-15 17:35 . 2010-10-18 14:01 81920 ----a-w- c:\windows\system32\consent.exe
2010-12-15 17:34 . 2010-10-28 13:03 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-12-15 17:34 . 2010-10-28 15:02 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-12-15 17:34 . 2010-06-16 15:12 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-12-15 17:20 . 2010-11-03 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim"="c:\program files\AIM\aim.exe" [2010-09-16 4425048]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2010-08-18 1287120]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-18 421160]
"SSDMonitor"="c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2010-11-15 112600]

c:\users\Boop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-3-30 503808]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^me^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^IMVU.lnk]
path=c:\users\me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk
backup=c:\windows\pss\IMVU.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
2008-10-17 22:52 51048 ----a-w- c:\program files\Common Files\Symantec Shared\CCAPP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-11-02 13:13 133104 ----atw- c:\users\me\AppData\Local\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-11-18 01:59 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-10-14 18:36 2793304 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
2008-02-26 07:50 988512 ----a-w- c:\program files\Norton 360\osCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 16:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2007-12-07 01:12 1029416 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToshibaServiceStation]
2008-08-04 21:46 1242424 ----a-w- c:\program files\Toshiba\TOSHIBA Service Station\TSS.exe

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-02 135664]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
R3 IO_Memory;IO_Memory;c:\windows\SYSTEM32\SYSPREP\Drivers\ioport.sys [x]
R3 MAUSBFTP;Service for M-Audio Fast Track Pro (WDM);c:\windows\system32\DRIVERS\mausb.sys [2008-03-11 143624]
R3 SVRPEDRV;SVRPEDRV;c:\windows\System32\sysprep\PEDrv.sys [2008-01-18 9216]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-08-18 218592]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308000.029\SYMEFA.SYS [2010-03-25 310320]
S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\Drivers\N360\0308000.029\BHDrvx86.sys [2010-03-25 259632]
S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\N360\0308000.029\ccHPx86.sys [2010-03-25 482432]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20101223.002\IDSvix86.sys [2010-11-09 353912]
S1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\DRIVERS\rtlprot.sys [2007-04-23 25896]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-17 40960]
S2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe [2010-03-25 117640]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-10-01 632792]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2010-03-11 366840]
S2 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2008-08-04 46392]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-04 126976]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2007-12-26 290304]
S3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\N360\0308000.029\SYMNDISV.SYS [2010-03-25 48688]


--- Other Services/Drivers In Memory ---

*Deregistered* - PCTSDInjDriver32

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder

2011-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-02 17:49]

2011-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-02 17:49]

2010-03-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-146225478-2751266370-3618135412-1000Core1cac7b23bd32580.job
- c:\users\me\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-02 13:13]

2010-12-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-146225478-2751266370-3618135412-1002Core.job
- c:\users\Boop\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-07 16:00]

2011-01-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-146225478-2751266370-3618135412-1002UA.job
- c:\users\Boop\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-07 16:00]

2010-12-23 c:\windows\Tasks\Norton Security Scan for me.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-04-12 16:50]

2011-01-10 c:\windows\Tasks\RMSchedule.job
- c:\program files\Registry Mechanic\RegMech.exe [2011-01-10 22:05]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-00TCrdMain - %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
MSConfigStartUp-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
MSConfigStartUp-HotbarSA - c:\program files\Hotbar\bin\11.0.78.0\HotbarSA.exe
MSConfigStartUp-HSON - %ProgramFiles%\TOSHIBA\TBS\HSON.exe
MSConfigStartUp-NDSTray - NDSTray.exe
MSConfigStartUp-ooVoo - c:\program files\ooVoo\ooVoo.exe
MSConfigStartUp-SmoothView - %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
MSConfigStartUp-TPwrMain - %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
MSConfigStartUp-WeatherDPA - c:\program files\Hotbar\bin\11.0.78.0\Weather.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-10 16:25
Windows 6.0.6001 Service Pack 1 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\3.8.0.41\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-01-10 16:34:17
ComboFix-quarantined-files.txt 2011-01-10 21:33

Pre-Run: 53,577,379,840 bytes free
Post-Run: 60,968,976,384 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=14 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14
- - End Of File - - 09D1C9E673ADC7E8609E3856F7B7F256
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP