Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Everytime i open a program (program name).exe bad image appears

This is a discussion on Everytime i open a program (program name).exe bad image appears within the Resolved HJT Threads forums, part of the Tech Support Forum category. . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 10.4.1 Run by Artur Ferreira at 19:59:57 on 2012-05-26 Microsoft Windows


 
 
Thread Tools Search this Thread
Old 05-26-2012, 01:10 PM   #1
Registered Member
 
Join Date: May 2012
Posts: 2
OS: xp Service pack 3



.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 10.4.1
Run by Artur Ferreira at 19:59:57 on 2012-05-26
Microsoft Windows XP Professional 5.1.2600.3.1252.351.2070.18.1023.311 [GMT 1:00]
.
AV: AntiVir Desktop *Enabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\spoolsv.exe
C:\Programas\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programas\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Programas\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Programas\Ficheiros comuns\Java\Java Update\jusched.exe
C:\Programas\DivX\DivX Update\DivXUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programas\Avira\AntiVir Desktop\avguard.exe
C:\Programas\Application Updater\ApplicationUpdater.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Programas\Avira\AntiVir Desktop\avshadow.exe
C:\Programas\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Programas\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Programas\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Programas\WeGame\WGClientService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programas\uTorrent\uTorrent.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\Artur Ferreira\Ambiente de trabalho\Downloads\HijackThis.exe
C:\Documents and Settings\Artur Ferreira\Definições locais\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Artur Ferreira\Definições locais\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Artur Ferreira\Definições locais\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Artur Ferreira\Definições locais\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Artur Ferreira\Definições locais\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Artur Ferreira\Definições locais\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Artur Ferreira\Definições locais\Application Data\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
uURLSearchHooks: H - No File
uURLSearchHooks: NCH EN Toolbar: {37483b40-c254-4a72-bda4-22ee90182c1e} - c:\programas\nch_en\prxtbNCH_.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\programas\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\programas\ficheiros comuns\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: MediaBar: {28387537-e3f9-4ed7-860c-11e69af4a8a0} - c:\progra~1\imesha~1\mediabar\datamngr\toolbar\imeshdtxmltbpi.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\programas\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: NCH EN Toolbar: {37483b40-c254-4a72-bda4-22ee90182c1e} - c:\programas\nch_en\prxtbNCH_.dll
BHO: UrlHelper Class: {474597c5-ab09-49d6-a4d5-2e8d7341384e} - c:\progra~1\imesha~1\mediabar\datamngr\IEBHO.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\programas\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\programas\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programas\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\programas\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: MediaBar: {28387537-e3f9-4ed7-860c-11e69af4a8a0} - c:\progra~1\imesha~1\mediabar\datamngr\toolbar\imeshdtxmltbpi.dll
TB: NCH EN Toolbar: {37483b40-c254-4a72-bda4-22ee90182c1e} - c:\programas\nch_en\prxtbNCH_.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\programas\hp\digital imaging\smart web printing\hpswp_bho.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [VPNReactor] ;"c:\programas\vpnreactor\VPNReactor.exe" -hide
uRun: [Steam] "c:\programas\steam\Steam.exe" -silent
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [avgnt] "c:\programas\avira\antivir desktop\avgnt.exe" /min
mRun: [CmPCIaudio] RunDll32 CMICNFG3.cpl,CMICtrlWnd
mRun: [StartCCC] "c:\programas\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [Malwarebytes' Anti-Malware] "c:\programas\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [SunJavaUpdateSched] "c:\programas\ficheiros comuns\java\java update\jusched.exe"
mRun: [DivXUpdate] "c:\programas\divx\divx update\DivXUpdate.exe" /CHECKNOW
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: &Download All using 4shared Desktop - c:\programas\4shared desktop\down_all.htm
IE: E&xportar para o Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programas\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\programas\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\programas\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.254 192.168.1.254
TCP: Interfaces\{26EAB575-6304-4308-8A64-F47A1DA8D941} : DhcpNameServer = 192.168.1.254 192.168.1.254
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\programas\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: c:\progra~1\imesha~1\mediabar\datamngr\datamngr.dll c:\progra~1\imesha~1\mediabar\datamngr\iebho.dll
STS: FencesShlExt Class: {1984dd45-52cf-49cd-ab77-18f378fea264} - c:\programas\stardock\fences\FencesMenu.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [2012-5-9 160640]
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [2012-5-9 5248]
R1 avgio;avgio;c:\programas\avira\antivir desktop\avgio.sys [2011-4-25 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\programas\avira\antivir desktop\sched.exe [2011-4-25 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\programas\avira\antivir desktop\avguard.exe [2011-4-25 269480]
R2 Application Updater;Application Updater;c:\programas\application updater\ApplicationUpdater.exe [2012-3-4 748440]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-4-25 66616]
R2 MBAMService;MBAMService;c:\programas\malwarebytes' anti-malware\mbamservice.exe [2011-4-25 654408]
R2 WeGameClientService;WeGame Client Service;c:\programas\wegame\wgclientservice.exe [2011-10-23 18472]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-4-25 22344]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-1 257696]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\eaglexnt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 OverwolfUpdaterService;Overwolf Updater Service;c:\programas\overwolf\\overwolfupdater.exe --> c:\programas\overwolf\\OverwolfUpdater.exe [?]
S3 XDva391;XDva391;\??\c:\windows\system32\xdva391.sys --> c:\windows\system32\XDva391.sys [?]
.
=============== Created Last 30 ================
.
2012-05-26 18:48:13 -------- d-----w- c:\programas\Spybot - Search & Destroy
2012-05-26 18:48:13 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2012-05-26 18:37:18 -------- d-----w- c:\documents and settings\artur ferreira\application data\Ad-Aware Antivirus
2012-05-26 18:24:50 -------- d-----w- C:\LinhaDefensiva
2012-05-26 17:55:54 -------- d-----w- c:\documents and settings\artur ferreira\application data\OnLive App
2012-05-26 12:34:42 -------- d-----w- c:\programas\MSI Afterburner
2012-05-20 11:49:28 -------- d-----w- c:\documents and settings\artur ferreira\application data\DDMSettings
2012-05-20 10:53:18 -------- d-----w- c:\programas\ficheiros comuns\DivX Shared
2012-05-20 10:52:41 -------- d-----w- c:\programas\DivX
2012-05-20 10:51:42 -------- d-----w- c:\documents and settings\all users\application data\DivX
2012-05-18 20:12:07 -------- d-----w- c:\programas\Runes of Magic
2012-05-18 18:04:41 -------- d-----w- c:\programas\Runes_of_Magic_4_0_8_2506_slim_eu
2012-05-16 16:18:31 -------- d-----w- c:\programas\Steam
2012-05-15 17:34:15 -------- d-----w- c:\documents and settings\artur ferreira\application data\Unity
2012-05-11 20:09:20 -------- d-----w- c:\programas\ATI
2012-05-11 20:05:14 -------- d-----w- C:\AMD
2012-05-11 19:39:53 -------- d-----w- c:\programas\Oracle
2012-05-11 19:38:54 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-05-10 18:04:23 -------- d-----w- c:\programas\GPU-Z
2012-05-10 15:35:48 -------- d-----w- c:\programas\Rockstar Games
2012-05-09 18:23:57 5248 ----a-w- c:\windows\system32\drivers\a347scsi.sys
2012-05-09 18:23:57 160640 ----a-w- c:\windows\system32\drivers\a347bus.sys
2012-05-03 14:30:44 -------- d-----w- c:\programas\VPNReactor
2012-05-02 19:35:30 -------- d-----w- c:\programas\Microsoft Games
2012-05-02 19:03:26 -------- d-----w- c:\programas\ficheiros comuns\SWF Studio
2012-05-02 19:02:38 -------- d-----w- c:\windows\FSX Flight Weather Report
2012-05-02 18:14:30 -------- d-----w- c:\programas\Asprate
.
==================== Find3M ====================
.
2012-05-04 22:35:28 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-04 22:35:27 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-26 12:48:00 65536 ----a-w- c:\windows\system32\frapsvid.dll
2012-04-10 01:45:17 138520 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-04-10 01:44:36 234536 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-04-10 01:44:36 234536 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-04-08 15:58:03 271200 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-04-04 17:47:36 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-04 17:47:02 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-04 14:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-21 19:09:33 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-03-17 09:07:21 22328 ----a-w- c:\documents and settings\artur ferreira\application data\PnkBstrK.sys
.
============= FINISH: 20:00:57,40 ===============
Attached Files
File Type: zip attach.zip (4.1 KB, 30 views)
pgermac is offline  
Sponsored Links
Advertisement
 
Old 05-27-2012, 04:14 AM   #2
Registered Member
 
Join Date: May 2012
Posts: 2
OS: xp Service pack 3



this was solved by:
When i opened a program (program name.exe) appears
but inside the warning the following directory was written
C:\progra~1\imesha~1\mediaBar\datamngr\iebho.dll
destroyed the files on mediabar and it works.
pgermac is offline  
Old 06-12-2012, 08:37 PM   #3
TSF Security Manager
Emeritus
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



Thanks for letting us know you found the source. Best wishes to you.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] VCExpress Problem, Probably AppData\Permissions Problem?
I think it should be related to this forum because I think the problem is something with AppData \ Permissions which is related to Windows 7. I'm having a problem while running\installing Visual C++. The problem started 2 days ago, it did work before. When I'm trying to run I'm getting this...
benben12 Windows 7 , Windows Vista Support 8 02-09-2011 01:45 PM
Netgear FVX538 Firewall
Hi All, I am a newly joined to these forum, hopefully this is the correct section to post my inquiry. could anyone help me secure my network. we are running windows server 2003. the services installed are exchange 2003, AD, DNS, and our antivirus is Escan. When i am blocking some ports...
pdelcast Networking Support 3 02-07-2011 05:34 PM
bad image error
Win XP (Program Name).exe...Bad Image Error Everytime I open a program I get a bad image error for that program and for every program it opens I get the following message, the program opens fine after I click ok...... The application or DLL C:\WINDOWS\system32\w8c6s4xcm66s.dll is not a valid...
Nancy49 Windows XP Support 4 01-22-2011 10:54 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 09:28 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2019, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2019 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2019 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts