Solved Bad Image Error when anything and everything runs

[ericd8027]

1) Changes:
a) Right click for the mouse on the built-in glide pad did not work but now works very well.
b) Initial error described in first post is gone
c) New error runs upon trying to execute any file

C:\Users\Eric\Desktop\ComboFix.exe

The specified service does not exist as an installed service.

2) Normal mode has always been accessible and has not been hindered at any point in regards to access.

3) My model did not have malware shipped with it.

4) Combofix will not run in safe mode. It causes the above mentioned error box.

5) I have Win 7 Starter 32 bit system

6) While running HijackThis v2.04 the following message came up:

For some reason your system denied write access to the Hosts file. If any hijacked domains are in this file, HijackThis may NOT be able to fix this.

If that happens, you need to edit the file yourself. To do this, click Start, Run and type:

notepad C:\windows\System32\drivers\etc\hosts

and press enter. Find the line(s) HijackThis reports and delete them. Save the file as 'hosts.' (with quotes), and reboot.

For Vista: simply, exit HijackThis, right click on the HijackThis icon, choose 'Run as Administrator'.

After this message and exiting out of HijackThis, I was able to access the Notepad report. Here is the information:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:36:03 PM, on 3/25/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\Program Files\asus\MailServer\MailServerWatchDog.exe
C:\Program Files\asus\ASUS WebStorage\SERVICE\AsusWSService.exe
C:\Windows\AsScrPro.exe
C:\Program Files\asus\TouchHomeKey\TouchHomeKey.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\asus\LivCam\LivCam.exe
C:\Program Files\asus\MailServer\MailServer.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\ASUS\Memos\Memos.exe
C:\windows\system32\igfxsrvc.exe
C:\Users\Eric\AppData\Local\RadioSure\RadioSure.exe
C:\Users\Eric\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\ASUS\Memos\DeskNote.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eric\AppData\Local\RadioSure\RadioSure.exe
C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\Explorer.exe
C:\Program Files\Asus\Eee Docking Touch\Eee Docking Touch.exe
C:\Users\Eric\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [HotkeyMon] AsusSender.exe C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
O4 - HKLM\..\Run: [HotkeyService] AsusSender.exe C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
O4 - HKLM\..\Run: [SuperHybridEngine] AsusSender.exe C:\Program Files\EeePC\SHE\SuperHybridEngine.exe
O4 - HKLM\..\Run: [MailServerWatchDog] C:\Program Files\asus\MailServer\MailServerWatchDog.exe
O4 - HKLM\..\Run: [ASUS WebStorage] C:\Program Files\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe MySyncFolder
O4 - HKLM\..\Run: [LiveUpdate] AsusSender.exe C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe auto
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Eee Docking Touch] C:\Program Files\ASUS\Eee Docking Touch\Eee Docking Touch.exe autorun
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe
O4 - HKLM\..\Run: [TouchHomeKey] C:\Program Files\asus\TouchHomeKey\TouchHomeKey.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [LivCam] "C:\Program Files\ASUS\LivCam\LivCam.exe"
O4 - HKLM\..\Run: [PenWrite] C:\Program Files\ASUS\PenWrite\PenWrite.exe AutoRun
O4 - HKLM\..\Run: [ASUSPRP] C:\Program Files\ASUS\APRP\APRP.EXE
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [IgfxTray] C:\windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\Update\realsched.exe" -osboot
O4 - HKCU\..\Run: [Start Memos] C:\Program Files\Asus\Memos\StartMemos.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Eric\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [RadioSure] C:\Users\Eric\AppData\Local\RadioSure\RadioSure.exe /hidden
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GoogleDesktopNetwork3.dll
O23 - Service: Asus Launcher Service (AsusService) - Unknown owner - C:\Windows\System32\AsusService.exe
O23 - Service: Asus process privilege adjust service (AsusUacSvc) - Unknown owner - C:\Program Files\asus\TouchSuite\AsusUacSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Oberon Media Game Console service (OberonGameConsoleService) - Unknown owner - C:\Program Files\Asus\Game Park\GameConsole\OberonGameConsoleService.exe

--
End of file - 9494 bytes

) I will be removing bloatware and then post more as to what is going on.

 

[ericd8027]

After booting into safe mode, I was still unable any of the bloatware

 

[Bobbye]

Eric, Please give me an accurate Description of any malware related problem.

As for Combofix, I would prefer you to run it in Normal Mode. If this is a problem and/or if we have been over it previously, please refresh my mind.. As for removing 'bloatware', that is something you can do on your own. Try doing it in Normal Mode- some uninstallers won't work in Safe Mode. You may have to take them off of the Start Menu first.

 

[ericd8027]

I really don't know what the issue is any more. All I know is that for the most part my computer runs much better. The ONLY error I get is when I try to install or uninstall a program. When I attempt to do this, from any form of start up (Normal or Safe Mode), I get the following message in an error box:

C:\Users\Eric\Desktop\ComboFix.exe

The specified service does not exist as an installed service.

Other than that, my system runs smooth and quick. I don't know what else to tell you as I have done everything according to the directions to the best of my ability and capability of my computer (which is limited by the above quoted error message).

Honestly, I can only imagine how frustrated you are as I am exceptionally frustrated that I can't update anything other than Windows 7. I am seriously contemplating doing a fresh install of Win 7 Ultimate.

 

[Bobbye]

Download Windows Installer: For Win 7: http://msdn.microsoft.com/en-us/library/dd408114(v=vs.85).aspx

 

[ericd8027]

Is it me or is it MS being retarded? I clicked on the link you gave me and have been unable to find the download for Windows Installer 5.0

 

[Bobbye]

Eric, the link if good and opens to the page needed. What is the problem you have when you attempt the download?

 

[ericd8027]

Well, when I go to that page, there is no link to be able to download 5.0. Furthermore, when I go to the redistributables, I try WI 4.5 and I get the same error message, as always, when I try to run it/install WI 4.5

 

[ericd8027]

Bobbye;

Just wanted to inform you a friend has bought me Win 7 Ultimate and so I also wanted to thank you for all your help. It has been greatly appreciated.

Eric

 

[Bobbye]

That will surely be a great adventure for you! As far as the problem you have had opening files: Note: Do all of the processes that won't open have the .exe file extension?

If you are going to use Windows 7 Ultimate on a different computer, or if you upgrade and experience the same problem, try the following to see if it will fix the problem with opening:

Note: You will need to be logged on to an administrator account to apply these. As a backup, you should create a restore point before applying the downloaded default file extension below.
Restoring default File Extension

1. Click on executable to download it's .zip file.
2. Save the .zip file to your desktop.
3. Double click to Open the downloaded .zip file> extract (drag and drop) the .reg file to the desktop.
4. Right click on the extracted .reg file> Click on Merge.
5. If prompted, click on Run> Yes (UAC)> Yes> OK.
6. When done, you can delete the downloaded .zip and .reg files on the desktop if you like.
7. Log off and log on, or restart the computer to apply.

Now try opening those .exe files.

This same process can be used to restore other file extensions on Windows 7 only.
Directions and additional information courtesy of Windows Seven Forum