All exe files present Bad Image Error Message Windows

[JMCJR]

virus total analysis . . .

ALYac 20150311 AVG 20150311 AVware 20150311 Ad-Aware 20150311 AegisLab 20150311 Agnitum 20150311 AhnLab-V3 20150311 Alibaba 20150311 Antiy-AVL 20150311 Avast 20150311 Avira 20150311 Baidu-International 20150311 BitDefender 20150311 Bkav 20150311 ByteHero 20150311 CAT-QuickHeal 20150311 CMC 20150304 ClamAV 20150311 Comodo 20150311 Cyren 20150311 DrWeb 20150311 ESET-NOD32 20150311 Emsisoft 20150311 F-Prot 20150311 F-Secure 20150311 Fortinet 20150311 GData 20150311 Ikarus 20150311 Jiangmin 20150310 K7AntiVirus 20150311 K7GW 20150311 Kaspersky 20150311 Kingsoft 20150311 Malwarebytes 20150311 McAfee 20150311 McAfee-GW-Edition 20150311 MicroWorld-eScan 20150311 Microsoft 20150311 NANO-Antivirus 20150311 Norman 20150311 Panda 20150311 Qihoo-360 20150311 Rising 20150311 SUPERAntiSpyware 20150311 Sophos 20150311 Symantec 20150311 Tencent 20150311 TheHacker 20150310 TotalDefense 20150311 TrendMicro 20150311 TrendMicro-HouseCall 20150311 VBA32 20150311 VIPRE 20150311 ViRobot 20150311 Zillya 20150310 Zoner 20150311 nProtect 20150311

[Juliet]

The virus total post above doesn't tell me anything, when you scanned it did it have any red flags?

 

How's your computer now?

[JMCJR]

Juliet, I pray I'm not being paranoid, but though my computer's been acting healthy, I discovered today that a lengthy word document containing all my passwords for EVERYTHING seems to have simply vanished from my machine - I cannot even find an older version of it. What do you make of that?

[JMCJR]

Can you see the results with this link?

https://www.virustotal.com/en/file/c3f22da5cb53155ac60f74bff2f126ab4eb30c58633e0a70061707ddd60902c1/analysis/1426096368/

[Juliet]

Glad the computer acts healthy.

 

I discovered today that a lengthy word document containing all my passwords for EVERYTHING seems to have simply vanished from my machine

When you saved the document, what name was it saved with?

 

I think maybe it's just been misplaced.

[JMCJR]

Think it was "current pw doc" or "current pw" - I can find early versions of the pw one, but I renamed it with "current" in front to distinguish it . . .

[Juliet]

I know there was nothing we did that deleted it.

 

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2

• Double-click SystemLook.exe to run it.
• Copy the content of the following codebox into the main textfield:

  :folderfind
  current pw
  current pw doc
  :filefind
  current pw
  current pw doc
  :regfind
  current pw
  current pw doc

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

[JMCJR]

No luck . Results below. Weird though . . . first time I downloaded it (all downloads go automatically to download folder, no "save as", just "save" and that's where it saves it to, so I have to go and move it to the desktop). When I tried to move it to the desktop, it didn't appear. When I searched for it and looked at properties, it said it was on the desktop, but I could not see it. Opening the desktop folder in explorer shows it, but not just looking at the desktop. Then the txt file results did the same thing, can't see it on the desktop, but it is in the folder for the desktop.

 

SystemLook 30.07.11 by jpshortstuff
Log created at 08:36 on 12/03/2015 by LAdams
Administrator - Elevation successful

========== folderfind ==========

Searching for "current pw"
No folders found.

Searching for "current pw doc"
No folders found.

========== filefind ==========

Searching for "current pw"
No files found.

Searching for "current pw doc"
No files found.

========== regfind ==========

Searching for "current pw"
No data found.

Searching for "current pw doc"
No data found.

-= EOF =-

[JMCJR]

Windows recovered from an unexpected shut down. Third time I noticed my computer restarted on it's own, first time to notice that message.

[Juliet]

Something went goofy

 

please download Windows Repair (all in one) from here

 

Install the program then go to step 4 and create a new system restore point and new registry backup.

 

Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:

 

 

 

NEXT

On the the Start Repairs tab => Click the Start

 

 

Please ensure that ONLY items seen in the image below are ticked as indicated (they're all checked by default):

 

Click on box next to the Restart System when Finished. Then click on Start.

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~`

 

lets first have a look at the stop code.

 

 

Download BlueScreenView

No installation required.

Double click on BlueScreenView.exe file to run the program.

When scanning is done, go Edit>Select All.

Go File>Save Selected Items, and save the report as BSOD.txt.

Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.

[JMCJR]

 

Install the program then go to step 4 and create a new system restore point and new registry backup.

 

What is meant by 'create a new system restore point'? A date? i.e., do I determine this and if so how? (btw, thank you)

[Juliet]

If you click on the button that says System Restore, it should create one for you.

 

If you click on the button that says Registry Backup, it should create one for you.

[JMCJR]

As soon as Windows repair was installed, system rebooted by itself again suddenly. Had a few other quirky issues, the version was different/updated but I think we got it right per your instructions, just found items in different places. here are the results of the last one you asked for:

 

==================================================
Dump File : 031215-27596-01.dmp
Crash Time : 3/12/2015 1:05:11 PM
Bug Check String : BAD_POOL_HEADER
Bug Check Code : 0x00000019
Parameter 1 : 0x00000020
Parameter 2 : 0x89f5c950
Parameter 3 : 0x89f5d500
Parameter 4 : 0x0976c2e0
Caused By Driver : iaStor.sys
Caused By Address : iaStor.sys+4d600
File Description : Intel Rapid Storage Technology driver - x86
Product Name : Intel Rapid Storage Technology driver
Company : Intel Corporation
File Version : 9.6.0.1014
Processor : 32-bit
Crash Address : ntkrnlpa.exe+120c6b
Stack Address 1 : iaStor.sys+20844
Stack Address 2 : iaStor.sys+1fbc4
Stack Address 3 : iaStor.sys+1fd6a
Computer Name :
Full Path : C:\Windows\Minidump\031215-27596-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7601
Dump File Size : 143,512
Dump File Time : 3/12/2015 1:07:03 PM
==================================================

==================================================
Dump File : 031215-25209-01.dmp
Crash Time : 3/12/2015 12:49:44 PM
Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x000000d1
Parameter 1 : 0x7775edd8
Parameter 2 : 0x00000002
Parameter 3 : 0x00000008
Parameter 4 : 0x7775edd8
Caused By Driver : usbehci.sys
Caused By Address : usbehci.sys+4023
File Description : EHCI eUSB Miniport Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.18328 (win7sp1_gdr.131126-1436)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+40b7f
Stack Address 1 :
Stack Address 2 : Wdf01000.sys+8008
Stack Address 3 : Wdf01000.sys+3ed1
Computer Name :
Full Path : C:\Windows\Minidump\031215-25209-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7601
Dump File Size : 143,512
Dump File Time : 3/12/2015 12:51:34 PM
==================================================

[Juliet]

Caused By Driver : iaStor.sys

File Description : Intel Rapid Storage Technology driver - x86

Product Name : Intel Rapid Storage Technology driver

 

Caused By Driver : usbehci.sys

Caused By Address : usbehci.sys+4023

File Description : EHCI eUSB Miniport Driver

 

 

This usually points to hardware rather then software being the cause.

You may also try updating your USB drivers.

 

I've asked someone to take a look, it seems to also point back to a bad USB port?

[JMCJR]

So the machine rebooting on its own - hardware related?

Any idea why that doc would have vanished?

Is there anything I need to put back as before (hidden files, delete any tools)?

[Juliet]

So the machine rebooting on its own - hardware related?

Any idea why that doc would have vanished?

Is there anything I need to put back as before (hidden files, delete any tools)?

It's my best guess that now the rebooting is due to hardware....for right now if you can disconnect any USB devices and keep them disconnected for a while to test that theory.

I've asked another colleague to look in and give thoughts but, he might not be able to respond till this evening.

 

I have no clue what went with the document, by chance could it had been saved or renamed to something else? Have you tried looking in odd places to see if it were saved to a hidden folder?

 

The below is a tutorial to show all files and folders. You may have already done this, but let's try again.

http://www.bleepingcomputer.com/tutorials/show-hidden-files-in-windows-7/

 

Try doing a windows search for the document.

 

http://www.sevenforums.com/tutorials/1538-sfc-scannow-command-system-file-checker.html

please try the tutorial above for running SFC /SCANNOW Command - System File Checker

[Y kawika]

Hi JMCJR,

 

Can you run an Overdrive Test from here at the Pit for us to take a look, it'll give us a bit more insight to the hardware & software on your rig.

 

Please go to: Start> All Programs, then Right Click on Internet Explorer and choose: 'Run as Administrator'

Navigate yourself to the Overdrive test at PC Pitstop and try to run the scan there:

http://www.pcpitstop.com/betapit/default.asp

If you've never done an Overdrive test, then on the top left corner click the "Sign Up Free" and create an account, then log in and give it a run.

Copy the link from the top address bar when the test completes and paste it in your reply to this thread so we can have a look.

Thanks

Y

[JMCJR]

I was able to finally locate the document, whew!

Do you guys want me now to run . . .

1st: SFC /SCANNOW Command - System File Checker; and then

2nd: run an Overdrive Test

?

[Juliet]

 

I was able to finally locate the document, whew!

wowssa!, where was it?, if I can ask of course.

 

 

Do you guys want me now to run . . .

1st: SFC /SCANNOW Command - System File Checker; and then

2nd: run an Overdrive Test

Can you do both please?

[JMCJR]

Yes, of course. And the document was in my documents folder - it just magically appeared this time when I searched exactly as I'd done so before. How weird is that?

[JMCJR]

 

Entering the Pit...

When you click the link below, we'll automatically take you through several steps that will determine the characteristics of the computer you are currently using. Nothing on your system will be harmed or changed.

The complete series of tests should take two to four minutes on most systems. You will notice some disk activity. This is normal, as the PC PitStop utility examines your system configuration. The utility will report its progress in your browser's status bar and a status window on the web page. If you have a firewall such as Norton Internet Security, ZoneAlarm, or CA Firewall, you may need to turn it off to complete the tests.

NOTE: If you suffer from epilepsy, we advise you not to watch the video portion of the test. We have heard reports of the repeated image patterns triggering an attack.

Ready? Just a sec...

If you're having trouble with the new test you can find the old one here.

 

If you're having trouble running the tests, please try the suggestions on our troubleshooting page.

 

Is the tool optimized for Explorer? I am using Firefox . . .

[JMCJR]

Also, the sfc/scannow completed and noted:

 

Windows Resource Protection did not find any integrity violations

 

Btw, PC hasn't been doing the random reboot and seems to be behaving

[Y kawika]

 

Is the tool optimized for Explorer? I am using Firefox . . .

Yes, it will only run in Internet Explorer and should be executed as an Administrator as outlined in the previous instructions.

 

Thanks

 

Y

[JMCJR]

 

At Overdrive over in IE:

 

PC Pitstop requires Internet Explorer 5 or higher. You do not seem to be running IE.

I am running IE 11. Regarding ActiveX, also over in IE:

 

Test Your ActiveX Installation

This page tests whether you have your browser properly configured to download, authenticate, install, and display ActiveX controls, and manipulate them with JavaScript.

When prompted with a certificate, please accept it. The current date and time should appear below:

ActiveX is not supported

If you see the current date and time displayed above, congratulations! ActiveX and scripting are working properly. (If you see a date and time but it isn't the right time, your PC's clock is set wrong! Double-click the time in the system tray to correct it.)

If, instead of the time, you see a box with a small x in it, either:

• ActiveX is not supported: Use Internet Explorer to view the site.
• ActiveX is not enabled: See these instructions to enable ActiveX.
• You didn't accept the certificate: You must click Yes on the security certificate to load the ActiveX control.
• You are using an ad blocker, popup stopper, or firewall that blocks ActiveX: Disable these utilities to see if they are the cause.
• Your system has spyware installed or a virus that interferes with ActiveX: Scan for spyware with a product like Pest Patrol or Panda, available in our store.

If you see a blank space, ActiveX is probably working properly, but not scripting. Check your security settings for scripting.

If you see the message ActiveX is not supported, then your browser doesn't recognize ActiveX at all. Netscape, Opera, or other browsers usually do not support ActiveX.

When you think you've corrected any problem you are having with this, simply refresh the page [press F5] to try again.

What next?

[JMCJR]

PC just rebooted on its own, logged into the machine and a program that runs on startup was stuck (again), so I went to task mgr and there was one other item there: DSD_2156---Running. I closed task mgr but didn't stop this program. Will shut the machine down overnight.