"Bad Image"&"Unexpected Error" messages
Hi illukka::)
This post refers to Sysclean. (Log is posted in separate post because I could only put in 20000 characters).
I followed instructions & links.
The Official Pattern Release file I downloaded was the Virus Pattern File 3.219.0. :o I hope this was the one you meant. There was also one called Spyware Pattern File.
I unzipped lpt219.zip and put it in the Sysclean folder on my desktop.
I turned off my AVG antivirus, as you instructed, to do the scan.(My antivirus is now re-activated).
(:scratch: I noticed there are tons of [Access denied] in the log. Did I forget to do something? There is also a [TSCDebug] text in the Sysclean folder. Do you need to see this?)
Thanks again from Dorothy:)
"Bad Image"&"Unexpected Error" messages
Sysclean logfrom Dorothy:) 2 posts required for the complete log
/--------------------------------------------------------------\
| Trend Micro Sysclean Package |
| Copyright 2002, Trend Micro, Inc. |
| http://www.trendmicro.com |
\--------------------------------------------------------------/
2006-02-18, 14:05:25, Auto-clean mode specified.
2006-02-18, 14:05:25, Running scanner "C:\Documents and Settings\Dorothy Blake\Desktop\Sysclean\TSC.BIN"...
2006-02-18, 14:05:42, Scanner "C:\Documents and Settings\Dorothy Blake\Desktop\Sysclean\TSC.BIN" has finished running.
2006-02-18, 14:05:42, TSC Log:
Damage Cleanup Engine (DCE) 3.98(Build 1012)
Windows XP(Build 2600: Service Pack 2)
Start time : Sat Feb 18 2006 14:05:27
Load Damage Cleanup Template (DCT) "C:\Documents and Settings\Dorothy Blake\Desktop\Sysclean\tsc.ptn" (version 708) [success]
Complete time : Sat Feb 18 2006 14:05:42
Execute pattern count(4727), Virus found count(0), Virus clean count(0), Clean failed count(0)
2006-02-18, 14:06:35, Could not set file for reading on "C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp": Access is denied.
2006-02-18, 14:06:59, An error occurred while scanning file "C:\Documents and Settings\Dorothy Blake\ntuser.dat": Access is denied.
2006-02-18, 14:06:59, An error occurred while scanning file "C:\Documents and Settings\Dorothy Blake\ntuser.dat.LOG": Access is denied.
2006-02-18, 14:07:37, An error occurred while scanning file "C:\Documents and Settings\Dorothy Blake\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat": Access is denied.
2006-02-18, 14:07:37, An error occurred while scanning file "C:\Documents and Settings\Dorothy Blake\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG": Access is denied.
2006-02-18, 14:09:53, An error occurred while scanning file "C:\Documents and Settings\LocalService\NTUSER.DAT": Access is denied.
2006-02-18, 14:09:53, An error occurred while scanning file "C:\Documents and Settings\LocalService\ntuser.dat.LOG": Access is denied.
2006-02-18, 14:09:53, An error occurred while scanning file "C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat": Access is denied.
2006-02-18, 14:09:53, An error occurred while scanning file "C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG": Access is denied.
2006-02-18, 14:09:53, An error occurred while scanning file "C:\Documents and Settings\NetworkService\NTUSER.DAT": Access is denied.
2006-02-18, 14:09:53, An error occurred while scanning file "C:\Documents and Settings\NetworkService\ntuser.dat.LOG": Access is denied.
2006-02-18, 14:09:54, An error occurred while scanning file "C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat": Access is denied.
2006-02-18, 14:09:54, An error occurred while scanning file "C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG": Access is denied.
2006-02-18, 14:21:08, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB828028$\msasn1.dll": Access is denied.
2006-02-18, 14:23:47, Could not set file for reading on "C:\WINDOWS\PCHEALTH\ErrorRep\UserDumps\svchost.exe.20050623-175825-00.hdmp": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\ACRORD32.EXE-13285B88.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\ACRORD32INFO.EXE-013EA364.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\AD-AWARE.EXE-2ED3360E.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\AGENTSVR.EXE-002E45AB.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\ALG.EXE-0F138680.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\ANTINYXEM-EN.EXE-37BA044C.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\ARENA106.EXE-03C79771.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\AVGCC.EXE-36A38F59.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\AVGINET.EXE-3038B75E.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\AVGINET.EXE-3B0744C3.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\AVGVV.EXE-0A3F8C17.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\AVGVV.EXE-21F74736.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\AVGW.EXE-00A2F684.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\AVGW.EXE-011FD837.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\AVGWB.DAT-01D5CE53.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\AVGWB.DAT-25B8DD3B.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\BLBETA.EXE-05F7E9E5.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\BOOTSTRAP.EXE-029F9551.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\CLEANUP.EXE-1B0F5664.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\CLOKSPL.EXE-06FE98F1.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\CMD.EXE-087B4001.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\CONTROL.EXE-013DBFB5.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\DEFRAG.EXE-273F131E.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\DEUSEX.EXE-36857429.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\DFRGNTFS.EXE-269967DF.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\DISCIPLES2.EXE-0D57C04B.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\DUMPREP.EXE-1B46F901.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\EWIDO-SETUP.EXE-32981F35.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\EWIDO-SIGNATURES-20060211.EXE-312F37A2.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\EWIDO-SIGNATURES-FULL-2006021-1CEA2D19.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\EWIDO-SIGNATURES-FULL-2006021-3B015D17.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\EWIDOCTRL.EXE-0EEA53F9.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\FCEU.EXE-2BC92791.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\FCEU.EXE-304D0E4F.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\GAME.EXE-2635C338.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\GOLEM.EXE-1872B826.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\HELPCTR.EXE-3862B6F5.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\HELPSVC.EXE-2878DDA2.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\HH.EXE-2D1A70B3.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\HIJACKTHIS.EXE-085E9953.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\HIJACKTHIS.EXE-1BC9B572.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\HIJACKTHIS.EXE-1F35F0D6.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\IDRIVER.EXE-3B6DD980.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\IEXPLORE.EXE-27122324.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\IMAPI.EXE-0BF740A4.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\IUN3405.EXE-10F422FB.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\IUN507.EXE-092E1DB6.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\JAVA.EXE-2427EF62.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\JUCHECK.EXE-197A10BB.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\JUSCHED.EXE-2ABC3D1B.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\KHALMNPR.EXE-098E13FC.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\LAUNCHER.EXE-31F89DC2.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\Layout.ini": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\LOGON.SCR-151EFAEA.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\LOGONUI.EXE-0AF22957.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\LVCOMS.EXE-2DC18031.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\MDM.EXE-07915C2C.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\MMC.EXE-1EF9AA05.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\MMC.EXE-3D93B3AE.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\MSGR0.EXE-3317DF91.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\MSIEXEC.EXE-2F8A8CAE.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\MSN6.EXE-2001F6AE.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\MSNMSGR.EXE-25A27ADA.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\MSNMSGR.EXE-366A1A81.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\MSPAINT.EXE-11CBB631.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\MSWORKS.EXE-31812CA4.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\NOTEPAD.EXE-336351A9.pf": Access is denied.
2006-02-18, 14:24:05,
BALANCE TO FOLLOW
"Bad Image"&"Unexpected Error" messages.
Hi illukka::) re: your Feb.16 post-final section
Hijackthis is still not available. I can unzip program & see [icon of dynamite], but i get the following message[Hijackthis][Unexpected error] when I double click.
Did you get my previous post about MWAV antivirus tool?
I read your response to the Sysclean log. Thanks for answering my question.
Please let me know what I have to do after this. Thanks again for your time & patience.:) from Dorothy
Here is logfile for diamondcs.com
DiamondCS Autostart Viewer (www.diamondcs.com.au) - Report for Dorothy Blake@BLAKESCOTT, 02-18-2006
c:\windows\system32\autoexec.nt
C:\WINDOWS\system32\mscdexnt.exe
C:\WINDOWS\system32\redir.exe
C:\WINDOWS\system32\dosx.exe
c:\windows\system32\config.nt
C:\WINDOWS\system32\himem.sys
c:\windows\wininit.ini [rename]
NUL=C:\Skip98\FILE_ID.DIZ
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=C:\WINDOWS\downlo~1\ymsgrins.exe
c:\windows\system.ini [drivers]
timer=timer.drv
c:\windows\system.ini [boot]\shell
C:\WINDOWS\Explorer.exe
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
C:\WINDOWS\Explorer.exe
HKCR\vbsfile\shell\open\command\
C:\WINDOWS\System32\WScript.exe "%1" %*
HKCR\vbefile\shell\open\command\
C:\WINDOWS\System32\WScript.exe "%1" %*
HKCR\jsfile\shell\open\command\
C:\WINDOWS\System32\WScript.exe "%1" %*
HKCR\jsefile\shell\open\command\
C:\WINDOWS\System32\WScript.exe "%1" %*
HKCR\wshfile\shell\open\command\
C:\WINDOWS\System32\WScript.exe "%1" %*
HKCR\wsffile\shell\open\command\
C:\WINDOWS\System32\WScript.exe "%1" %*
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Detect Kbd Daemon
C:\WINDOWS\system32\SK2000DM.EXE
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\LVCOMS
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\NvCplDaemon
RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\nwiz
nwiz.exe /install
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\AVG7_CC
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Logitech Hardware Abstraction Layer
C:\WINDOWS\KHALMNPR.EXE
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\KernelFaultCheck
C:\WINDOWS\system32\dumprep 0 -k
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\UserFaultCheck
C:\WINDOWS\system32\dumprep 0 -u
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\QuickTime Task
C:\Program Files\QuickTime\qttask.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\SunJavaUpdateSched
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
HKU\.Default\Software\Microsoft\Windows\CurrentVersion\Run\AVG7_Run
C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE
HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\System32\webcheck.dll
C:\WINDOWS\System32\stobject.dll
C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute
autocheck autochk *
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
C:\WINDOWS\system32\userinit.exe
HKLM\System\CurrentControlSet\Control\WOW\cmdline
C:\WINDOWS\system32\ntvdm.exe
HKLM\System\CurrentControlSet\Control\WOW\wowcmdline
C:\WINDOWS\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\
C:\WINDOWS\system32\mswsock.dll
C:\WINDOWS\system32\rsvpsp.dll
HKLM\System\CurrentControlSet\Services\VxD\JAVASUP\
C:\WINDOWS\system32\JAVASUP.VXD
"Bad Image"&"Unexpected Error" messages
Hi illukka::)
I got your reply of Feb.19 (today.)
I downloaded the vdmdbg.dll and srclient.dll files from the links you provided. I saved them in [Program files](not sure where I was supposed to save them).
However, now I'm confused:scratch: . How do I replace the corrupted ones with the new ones?:
It's probably something REALLY easy, obvious & simple, but I can't think of how to do it. Sorry about that.:(
Could you please reply with instructions? I'd really appreciate that.
Thanks once again for your patience & sharing your knowledge.:angel:
from Dorothy...starting to see some light at the end of the tunnel...
"Bad Image"&"Unexpected Error" messages
Hi illukka::)
I got your reply about this morning. Thanks...I'll do what you suggested & get back to you with the results.
Thanks from Dorothy...here's hoping:)
"Bad Image"&"Unexpected Error" messages
:) Hi illukka::)
As I previously said, I downloaded the new files...vdmdbg.dll & srclient.dll (saved in Program files) from your links in Feb.19 post.
I replaced the corrupted ones in C:Windows/system32...with the new ones. and restarted computer after replacing each corrupted file.
SUCCESSES: :)
Taskmanager,MicroWorld Antivirus Spyware Toolkit Utility,Spybot-Search & Destroy, System Restore all load OKAY and no messages come up.YEAH:bigthumb:
Also, previously, in System Restore, a "Bad Image"message for file [rstrui.exe] was coming up when I would click [OK] for [Restore my computer...earlier time.]. That message no longer comes up either.:)
Problems: :(
Spyware Blaster still gets message [Unexpected Error] & a big red X (no file name given) and will not load & I cant check for updates.
Previous to writing to this forum, I had uninstalled & reinstalled Spyware Blaster hoping that that would correct the problem but, alas, it didnt.
HijackThis STILL gets the message [Unexpected Error] & a big red X. It will not load or run(not sure of the term to use for this).
I still have a file with HijackThis from 2005 when I received help. :confused: Im not sure if this is causing a problem. Since I have the contents saved on a floppy, should I just delete it from my computer?
MSN Messenger still gets the message:
[msnmsgr.exe] [The application or DLL C:Windows/system32/msdmo.dll is not a valid Windows image. Please check this against your installation diskette.]
The program loads though & we can use it.
It's GREAT that some of the issues are fixed. Thank you very much :)
Please let me know your ideas on fixing the others.
You're doing a terrific job, illukka.
Thanks from Dorothy:)