.exe won't run with "bad image error"

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

P0NY3XPRESS

Thread Starter
Joined
Apr 29, 2010
Messages
5
I got back from class and my computer was frozen. I reboted it and windows performed an automatic repair. I was then able to login, however when I tried to run AVG to see if I received a virus I got an error message.

avggui.exe - bad image

C:\Windows\system32\fltlib.dll is either not designed to run on windows or it contains an error. Try installing the program again using the original installation media or contact your system admin or the software vendor for support.

almost everything I try to run comes up with a similar error message

I rebooted into safe mode and did a scan and found no viruses

AVG 9.0 Anti-Virus command line scanner
Copyright (c) 1992 - 2009 AVG Technologies
Program version 9.0.782, engine 9.0.814
Virus Database: Version 271.1.1/2838 2010-04-27

C:\Boot\BCD Locked file. Not tested.
C:\Boot\BCD.LOG Locked file. Not tested.
C:\Documents and Settings\ Locked file. Not tested.
C:\found.000\file0000.chk Locked file. Not tested.
C:\hiberfil.sys Locked file. Not tested.
C:\pagefile.sys Locked file. Not tested.
C:\ProgramData\Desktop\ Locked file. Not tested.
C:\ProgramData\Documents\ Locked file. Not tested.
C:\ProgramData\Favorites\ Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\00b40bfc75ccc09a3d95cf42f8d6acf8_54f37509-9a71-4bf9-b6f9-5233b6cb9f79 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\33e0430d24f3326d0ef2c055ac916f10_54f37509-9a71-4bf9-b6f9-5233b6cb9f79 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\373541200d73e38ad1c64f46919d41bf_54f37509-9a71-4bf9-b6f9-5233b6cb9f79 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3776be71bc2e4718435751236042c4b1_54f37509-9a71-4bf9-b6f9-5233b6cb9f79 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\603f58e5329bc0e21fcb3f7481576e8e_54f37509-9a71-4bf9-b6f9-5233b6cb9f79 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6164cd06f5d5df676a4645081977263c_54f37509-9a71-4bf9-b6f9-5233b6cb9f79 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\66363b19f6b57ae0fa2db429dfdd48e4_54f37509-9a71-4bf9-b6f9-5233b6cb9f79 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6d9c8fea34da18dc1728c43aaf28779e_54f37509-9a71-4bf9-b6f9-5233b6cb9f79 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6dc0e1fd4664d2b4723427adc9080b99_54f37509-9a71-4bf9-b6f9-5233b6cb9f79 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8327b9ca9bea1862209f1531be4d0f74_54f37509-9a71-4bf9-b6f9-5233b6cb9f79 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\899df6a7f56feb511e73955d9fc44af4_54f37509-9a71-4bf9-b6f9-5233b6cb9f79 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c7e27fb95cbafda69fd9c5a463d8f5ec_54f37509-9a71-4bf9-b6f9-5233b6cb9f79 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c93d95f2054e2acc58cf01f18946a97b_54f37509-9a71-4bf9-b6f9-5233b6cb9f79 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d65f72f0cb2ef0a2be97939ff5d71989_54f37509-9a71-4bf9-b6f9-5233b6cb9f79 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e4e66687f09f8818023a45f3695e8164_54f37509-9a71-4bf9-b6f9-5233b6cb9f79 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e6a081f5fbc5972aca394757953d02fb_54f37509-9a71-4bf9-b6f9-5233b6cb9f79 Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f546ad77dd57c532e1514abb0b78a070_54f37509-9a71-4bf9-b6f9-5233b6cb9f79 Locked file. Not tested.
C:\ProgramData\Sony Corporation\VAIO Entertainment Platform\1.0\VzCdb\Master.vzdb Locked file. Not tested.
C:\ProgramData\Templates\ Locked file. Not tested.
C:\System Volume Information\ Locked file. Not tested.
C:\Users\Default\AppData\Local\History\ Locked file. Not tested.
C:\Users\Default\AppData\Local\Temporary Internet Files\ Locked file. Not tested.
C:\Users\Default\Cookies\ Locked file. Not tested.
C:\Users\Default\Documents\My Music\ Locked file. Not tested.
C:\Users\Default\Documents\My Pictures\ Locked file. Not tested.
C:\Users\Default\Documents\My Videos\ Locked file. Not tested.
C:\Users\Default\NetHood\ Locked file. Not tested.
C:\Users\Default\PrintHood\ Locked file. Not tested.
C:\Users\Default\Recent\ Locked file. Not tested.
C:\Users\Default\Templates\ Locked file. Not tested.
C:\Users\PONY\AppData\Local\Google\Chrome\User Data\Default\Current Session Locked file. Not tested.
C:\Users\PONY\AppData\Local\Google\Chrome\User Data\Default\Current Tabs Locked file. Not tested.
C:\Users\PONY\AppData\Local\Google\Chrome\User Data\Default\Visited Links Locked file. Not tested.
C:\Users\PONY\AppData\Local\History\ Locked file. Not tested.
C:\Users\PONY\AppData\Local\Microsoft\Windows\UsrClass.dat Locked file. Not tested.
C:\Users\PONY\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Locked file. Not tested.
C:\Users\PONY\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Locked file. Not tested.
C:\Users\PONY\Documents\My Music\ Locked file. Not tested.
C:\Users\PONY\Documents\My Pictures\ Locked file. Not tested.
C:\Users\PONY\Documents\My Videos\ Locked file. Not tested.
C:\Users\PONY\NetHood\ Locked file. Not tested.
C:\Users\PONY\ntuser.dat Locked file. Not tested.
C:\Users\PONY\ntuser.dat.LOG1 Locked file. Not tested.
C:\Users\PONY\ntuser.dat.LOG2 Locked file. Not tested.
C:\Users\PONY\PrintHood\ Locked file. Not tested.
C:\Users\PONY\Templates\ Locked file. Not tested.
C:\Users\Public\Documents\My Music\ Locked file. Not tested.
C:\Users\Public\Documents\My Pictures\ Locked file. Not tested.
C:\Users\Public\Documents\My Videos\ Locked file. Not tested.
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat Locked file. Not tested.
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat Locked file. Not tested.
C:\Windows\ServiceProfiles\LocalService\ntuser.dat Locked file. Not tested.
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG1 Locked file. Not tested.
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG2 Locked file. Not tested.
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat Locked file. Not tested.
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG1 Locked file. Not tested.
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG2 Locked file. Not tested.
C:\Windows\System32\catroot2\edb.log Locked file. Not tested.
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Locked file. Not tested.
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Locked file. Not tested.
C:\Windows\System32\config\default Locked file. Not tested.
C:\Windows\System32\config\DEFAULT.LOG1 Locked file. Not tested.
C:\Windows\System32\config\DEFAULT.LOG2 Locked file. Not tested.
C:\Windows\System32\config\RegBack\DEFAULT Locked file. Not tested.
C:\Windows\System32\config\RegBack\SAM Locked file. Not tested.
C:\Windows\System32\config\RegBack\SECURITY Locked file. Not tested.
C:\Windows\System32\config\RegBack\SOFTWARE Locked file. Not tested.
C:\Windows\System32\config\RegBack\SYSTEM Locked file. Not tested.
C:\Windows\System32\config\sam Locked file. Not tested.
C:\Windows\System32\config\SAM.LOG1 Locked file. Not tested.
C:\Windows\System32\config\SAM.LOG2 Locked file. Not tested.
C:\Windows\System32\config\security Locked file. Not tested.
C:\Windows\System32\config\SECURITY.LOG1 Locked file. Not tested.
C:\Windows\System32\config\SECURITY.LOG2 Locked file. Not tested.
C:\Windows\System32\config\software Locked file. Not tested.
C:\Windows\System32\config\SOFTWARE.LOG1 Locked file. Not tested.
C:\Windows\System32\config\SOFTWARE.LOG2 Locked file. Not tested.
C:\Windows\System32\config\system Locked file. Not tested.
C:\Windows\System32\config\SYSTEM.LOG1 Locked file. Not tested.
C:\Windows\System32\config\SYSTEM.LOG2 Locked file. Not tested.
C:\Windows\System32\LogFiles\WMI\RtBackup\ Locked file. Not tested.

------------------------------------------------------------
Objects scanned : 459107
Found infections : 0
Found PUPs : 0
Healed infections : 0
Healed PUPs : 0
Warnings : 0
------------------------------------------------------------

How do I fix this please?
 
Joined
Oct 3, 2007
Messages
7,889
I would back up important data now, before doing anything else, this could be signs of a failing hard drive or sectors on the hard drive.

Have you run a chkdsk /r on the drive yet?

.
 

P0NY3XPRESS

Thread Starter
Joined
Apr 29, 2010
Messages
5
All my important data is on an external. I ran chkdsk and there was no change. I did a clean boot and the error messages stopped popping up when windows loaded, however whenever I try to run a program I always get that same "bad image" error message. I can go into safe mode to get online and it works fine. Please help I am so frustrated right now, I am in the middle of Finals.
 

P0NY3XPRESS

Thread Starter
Joined
Apr 29, 2010
Messages
5
thanks a lot. I have some new info for you. before i read your post I went into safe mode and ran malwarebytes anti-malware. I found atrojan and removed it. Still didn't fix the problem i then tried a registry cleaner, which found a bunch of problems and fixed them, however i still had same problem. I then read this and did sfc/scannow. Here is the result.

Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.

C:\Users\PONY>sfc/scannow

Beginning system scan. This process will take some time.

Beginning verification phase of system scan.
Verification 100% complete.
Windows Resource Protection found corrupt files but was unable to fix some of th
em.
Details are included in the CBS.Log windir\Logs\CBS\CBS.log. For example
C:\Windows\Logs\CBS\CBS.log

C:\Users\PONY>

what is my next step?
 

antech

Banned
Joined
Feb 23, 2010
Messages
1,427
Registry Cleaners are known to cause DAMAGE to windows.
Please DO NOT USE THEM.

Follow the below Instructions Carefully:

1. Download Hijack this from the link.

(Choose the installer of HJT—Hijack This)

2. Run a Scan.

DO NOT FIX ANYTHING BY YOURSELF.

(Doing so when NOT Instructed Might cause Unwanted System Instability, BSOD's and Even Render your System Unusable)

3. Save a Log file (On your Desktop)

4. Copy and Paste all the contents.

5. Paste them in the Reply Window.

I am NOT an Authorized Malware Remover.

The Log is requested by me only for Optimization Purposes, troubleshooting and removing applications that are causing various problems such as Crashing, BSOD’s and Freezing and helping the poster remove any incompatible application/program and driver.

I will therefore NOT help if anything related to Malware is found in your log.

The thread will then be moved to the Malware Removal Forums for expert assistance.
 
Joined
Oct 3, 2007
Messages
7,889
thanks a lot. I have some new info for you. before i read your post I went into safe mode and ran malwarebytes anti-malware. I found atrojan and removed it. Still didn't fix the problem i then tried a registry cleaner, which found a bunch of problems and fixed them, however i still had same problem. I then read this and did sfc/scannow. Here is the result.

Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.

C:\Users\PONY>sfc/scannow

Beginning system scan. This process will take some time.

Beginning verification phase of system scan.
Verification 100% complete.
Windows Resource Protection found corrupt files but was unable to fix some of th
em.
Details are included in the CBS.Log windir\Logs\CBS\CBS.log. For example
C:\Windows\Logs\CBS\CBS.log

C:\Users\PONY>

what is my next step?

To see what SFC did after it is finished:

The SFC log is contained inside the cbs.log file located at:

C:\Windows\Logs\CBS\CBS.log


Since the cbs.log may be huge (it's used by other programs besides the SFC),
you might want to do this:

To create relevant SFC-only information gleaned from the cbs.log, and put it
in a small file called sfcdetails.txt, right-click Command Prompt (using the
shortcut in Start Menu\Programs\Accessories) and choose Run as
Administrator. By default, the prompt starts in C:\Users\(Your Name).
Type:

cd desktop

Press Enter on your keyboard. Then Copy and Paste this at the prompt:

findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >sfcdetails.txt

Press Enter. Sfcdetails.txt should then appear on your Desktop. Now you can view what SFC actually did.

.
 

P0NY3XPRESS

Thread Starter
Joined
Apr 29, 2010
Messages
5
@ antech here is what I got
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:50:28 AM, on 5/4/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Safe mode with network support

Running processes:
C:\Users\PONY\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\PONY\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\PONY\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\PONY\Documents\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll
R3 - URLSearchHook: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll
O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
O4 - HKLM\..\RunOnce: [GrpConv] grpconv -o
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User '?')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User '?')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User '?')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User '?')
O17 - HKLM\System\CCS\Services\Tcpip\..\{A9B5274F-5523-4A28-9245-6AB89DEEA8BE}: NameServer = 156.154.70.22,156.154.71.22
O17 - HKLM\System\CCS\Services\Tcpip\..\{D875D38D-CDDC-4062-94E7-77774AC34A37}: NameServer = 156.154.70.22,156.154.71.22
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @comres.dll,-947 (COMSysApp) - Unknown owner - C:\Windows\system32\dllhost.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6280 bytes
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top