1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

THe application or DLL C: is not a valid Windows Image

Discussion in 'Virus & Other Malware Removal' started by Dgriff, Oct 28, 2009.

Thread Status:
Not open for further replies.
Advertisement
  1. Dgriff

    Dgriff Thread Starter

    Joined:
    Oct 28, 2009
    Messages:
    17
    Hi

    I keep getting this warning;

    THe application or DLL C xxxxxx: is not a valid Windows Image. Please check this against your installation diskette.

    I went ahead and ran a Combo Fix scan and here are the results. Can anyone help? Thanks


    ComboFix 09-10-27.08 - Darragh 10/28/2009 19:54.1.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.503.133 [GMT 0:00]
    Running from: c:\documents and settings\Darragh\My Documents\Downloads\ComboFix.exe
    AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\recycler\S-1-5-21-1409082233-448539723-682003330-1003

    .
    ((((((((((((((((((((((((( Files Created from 2009-09-28 to 2009-10-28 )))))))))))))))))))))))))))))))
    .

    2009-10-06 20:08 . 2009-10-06 20:08 -------- d-----w- c:\program files\Common Files\xing shared
    2009-10-06 20:07 . 2009-10-06 20:07 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2009-10-06 20:07 . 2009-10-06 20:07 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2009-10-06 20:06 . 2009-10-06 20:06 -------- d-----w- c:\program files\Real
    2009-10-06 20:06 . 2009-10-06 20:10 -------- d-----w- c:\program files\Common Files\Real

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-10-25 18:11 . 2009-07-18 19:16 -------- d-----w- c:\documents and settings\Darragh\Application Data\FileZilla
    2009-10-18 04:10 . 2009-07-18 19:15 -------- d-----w- c:\program files\FileZilla FTP Client
    2009-09-28 13:41 . 2009-09-23 12:59 -------- d-----w- c:\program files\PhotoScape
    2009-09-23 13:00 . 2009-07-17 17:43 36936 ----a-w- c:\documents and settings\Darragh\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-09-05 11:24 . 2009-07-17 17:43 1946 ----a-w- c:\documents and settings\Darragh\Application Data\wklnhst.dat
    2009-08-19 14:04 . 2009-07-17 17:15 11952 ----a-w- c:\windows\system32\avgrsstx.dll
    2009-08-19 14:04 . 2009-07-17 17:15 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
    2009-08-19 14:04 . 2009-07-17 17:15 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]
    "Google Update"="c:\documents and settings\Darragh\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-07-17 133104]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-24 104984]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-24 121368]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-24 100888]
    "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-19 102400]
    "AsusTray"="c:\program files\Asus\EeePC ACPI\AsTray.exe" [2008-01-21 98304]
    "AsusACPIServer"="c:\program files\Asus\EeePC ACPI\AsAcpiSvr.exe" [2007-12-26 454656]
    "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-17 2025752]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-06 198160]
    "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-09-04 16841216]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    AutoRun OSCleaner.lnk - c:\program files\ASUS\Asus OS Cleaner\AsOSCleaner.exe [2008-3-8 118784]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2008-12-22 11:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2009-08-19 14:04 11952 ----a-w- c:\windows\system32\avgrsstx.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
    "c:\\Program Files\\Huawei technologies\\Huawei UMTS Data Card\\3 DataModem HSDPA.exe"=
    "c:\\Documents and Settings\\Darragh\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7/17/2009 5:15 PM 335240]
    R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [7/17/2009 5:15 PM 108552]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/28/2009 9:53 AM 9968]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/28/2009 9:53 AM 74480]
    R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [7/17/2009 5:14 PM 908056]
    R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/17/2009 5:14 PM 297752]
    R3 AsusACPI;ASUS ACPI Driver;c:\windows\system32\drivers\ASUSACPI.SYS [3/8/2008 6:39 PM 11264]
    S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [7/28/2009 9:53 AM 7408]

    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - MBR
    *Deregistered* - mbr
    .
    Contents of the 'Scheduled Tasks' folder

    2009-10-28 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
    - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 16:20]

    2009-10-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-189360610-2128447289-3906628755-1005Core.job
    - c:\documents and settings\Darragh\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-17 18:22]

    2009-10-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-189360610-2128447289-3906628755-1005UA.job
    - c:\documents and settings\Darragh\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-17 18:22]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://eeepc.asus.com/global
    uInternet Connection Wizard,ShellNext = hxxp://eeepc.asus.com/global
    IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-10-28 20:03
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(692)
    c:\program files\SUPERAntiSpyware\SASWINLO.dll
    c:\windows\system32\igfxdev.dll
    .
    Completion time: 2009-10-28 20:07
    ComboFix-quarantined-files.txt 2009-10-28 20:07

    Pre-Run: 579,792,896 bytes free
    Post-Run: 717,316,096 bytes free

    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

    - - End Of File - - A18819EF4290DB773156BA605BED0F72
     
  2. Dgriff

    Dgriff Thread Starter

    Joined:
    Oct 28, 2009
    Messages:
    17
    Anyone?
     
  3. Dgriff

    Dgriff Thread Starter

    Joined:
    Oct 28, 2009
    Messages:
    17
    Anyone? Pretty Please?
     
  4. cybertech

    cybertech Moderator

    Joined:
    Apr 16, 2002
    Messages:
    69,449
    Hi, Welcome to TSG!

    Follow these steps to uninstall Combofix
    • Click START then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
      [​IMG]


    Click here to download HJTInstall.exe
    • Save HJTInstall.exe to your desktop.
    • Doubleclick on the HJTInstall.exe icon on your desktop.
    • By default it will install to C:\Program Files\Trend Micro\HijackThis .
    • Click on Install.
    • It will create a HijackThis icon on the desktop.
    • Once installed, it will launch Hijackthis.
    • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and Paste the log in your next reply.
    • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.
     
  5. Dgriff

    Dgriff Thread Starter

    Joined:
    Oct 28, 2009
    Messages:
    17
    Hi
    I uninstalled the Combo Fix and installed Hijack This. Here are the results of the scan:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:27:36 PM, on 11/17/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    C:\Program Files\Asus\EeePC ACPI\AsTray.exe
    C:\Program Files\Asus\EeePC ACPI\AsAcpiSvr.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\igfxext.exe
    C:\Documents and Settings\Darragh\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Documents and Settings\Darragh\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Darragh\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Darragh\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\WINDOWS\system32\mspaint.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Documents and Settings\Darragh\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Program Files\AVG\AVG8\avgui.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eeepc.asus.com/global
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://eeepc.asus.com/global
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    O4 - HKLM\..\Run: [AsusTray] C:\Program Files\Asus\EeePC ACPI\AsTray.exe
    O4 - HKLM\..\Run: [AsusACPIServer] C:\Program Files\Asus\EeePC ACPI\AsAcpiSvr.exe
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Darragh\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - Global Startup: AutoRun OSCleaner.lnk = ?
    O4 - Global Startup: Outlook Plugin.lnk = C:\Program Files\PayPal Payment Request Wizard\Outlook Wizard\OEHook.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

    --
    End of file - 5784 bytes
     
  6. cybertech

    cybertech Moderator

    Joined:
    Apr 16, 2002
    Messages:
    69,449
    Are you still getting the not a valid image message?
     
  7. Dgriff

    Dgriff Thread Starter

    Joined:
    Oct 28, 2009
    Messages:
    17
    Yes, I am still getting not a valid image message.
     
  8. cybertech

    cybertech Moderator

    Joined:
    Apr 16, 2002
    Messages:
    69,449
    Download OTS.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTS on your desktop.
    1. Close any open browsers.
    2. If your Real protection or Antivirus intervenes with OTS, allow it to run.
    3. Open the OTS folder and double-click on OTS.exe to start the program.
    4. In Additional Scans section put a check in Disabled MS Config Items and EventViewer logs
    5. Now click the Run Scan button on the toolbar.
    6. The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
    7. When the scan is complete Notepad will open with the report file loaded in it.
    8. Save that notepad file
    Use the Reply button, scroll down to the attachments section and attach the notepad file here.

    NOTE: The only people who can see attachments in the HJT forum are: the thread starter, Admins & Mods, and HJT Helpers & Trainees.
     
  9. Dgriff

    Dgriff Thread Starter

    Joined:
    Oct 28, 2009
    Messages:
    17
    OTS file attched
     

    Attached Files:

    • OTS.Txt
      File size:
      96.6 KB
      Views:
      3
  10. cybertech

    cybertech Moderator

    Joined:
    Apr 16, 2002
    Messages:
    69,449
    I think the majority of your problems are being caused by Chrome.


    Try removing all the Google stuff from add/remove programs.


    Let me know if that helps.
     
  11. Dgriff

    Dgriff Thread Starter

    Joined:
    Oct 28, 2009
    Messages:
    17
    The only Google stuff I see is Chrome itself. Would you suggest I uninstall this?
    If so, what browser would you recommend? IE? Firefox?
     
  12. cybertech

    cybertech Moderator

    Joined:
    Apr 16, 2002
    Messages:
    69,449
    Ok, if that is all you see I suggest removing it. If it makes the machine run better I would not put it back on. IE and FireFox are both good browsers and the only ones I have tried in quite some time. I know there are others out there though.
     
  13. Dgriff

    Dgriff Thread Starter

    Joined:
    Oct 28, 2009
    Messages:
    17
    I am still getting the error message even though I have removed Google Chrome and I dont see any other program related to Google.

    This is the error message:

     
  14. cybertech

    cybertech Moderator

    Joined:
    Apr 16, 2002
    Messages:
    69,449
    That file is likely damaged.

    Go to Start, Run, type CMD and click OK
    Now type SFC /SCANNOW (space between C and /) and hit Enter.
    Have your WinXP CD ready to insert for it may ask for it.
     
  15. Dgriff

    Dgriff Thread Starter

    Joined:
    Oct 28, 2009
    Messages:
    17
    I did that it told me that files have been replaced by unrecognized versions and to insert my Window XP CD. The only problem is that I dont have a CD drive. I have one of those small ASUS EeePC laptops.

    Any suggestions? THanks
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/872555