Bad Image - No programs run

[jdugan4859]

I have a home brew system that I recently swapped hard drives on. I did a clean install on the new drive, and everthing ran fine for about 2 weeks. I went to use the computer and got a couple error warnings when the computer started, and didn't think much of it. I did a restart, and got several "Bad Image" error messages. When I tried to open programs, I got the same basic messages.

I did some internet searching, and came up with the idea to run sfc /scannow, it ran and this is what I got back:



Log is posted below

Some further reading suggested malware, and while I doubted it on a fresh install with AVG and no bad surfing, went ahead and ran Malwarebyte's and SUPERAntiSpyware. Both turned up nothing earth shattering.

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7640

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

9/3/2011 12:47:07 AM
mbam-log-2011-09-03 (00-47-07).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 698938
Time elapsed: 1 hour(s), 37 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\installer\{d7926497-e476-489b-b4e9-dbfca45483a2}\icond79264971.bmp  (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\windows.old.000\Windows\installer\{d7926497-e476-489b-b4e9-dbfca45483a2}\icond79264971.bmp  (Extension.Mismatch) -> Quarantined and deleted successfully.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/02/2011 at 09:32 PM

Application Version : 5.0.1118

Core Rules Database Version : 7644
Trace Rules Database Version: 5456

Scan type       : Complete Scan
Total Scan Time : 02:05:19

Operating System Information
Windows 7 Ultimate 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned      : 760
Memory threats detected   : 0
Registry items scanned    : 73775
Registry threats detected : 0
File items scanned        : 211130
File threats detected     : 1

Adware.Tracking Cookie
    spe.atdmt.com [ C:\USERS\JON DUGAN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\4MEH3VWG ]

I tried to reinstall windows inplace using the upgrade option while Windows was running, and it got stuck at 87%. I have also restored back to a know good date, and still have the same issue. I ran WD LifeGaurd Diagnostics and everything came back good on that as well.

I am just lost at this point on what to do.

 

[Mashed1316]

Hmm, is the disk that you have an original one?

Did you download it from a 3rd party website?

 

[jdugan4859]

Windows 7 disk?

Yes, when I reinstalled everything the first time, I dug out my old XP CD, loaded that up, then used my Windows 7 Ultimate to do an Update, using the same disk to attempt the "new" upgrade.

 

[Mashed1316]

Um, as i remember correctly, you can't upgrade from XP to 7. but you can use your upgrade disk to do a clean install.

But i'm still confused.

What did the CBS.log gave you? did you run the system file check to make sure that there aren't any corrupted files?

 

[jdugan4859]

You have to have xp installed, then do a clean install of 7, which is what I did. Once this issue popped up, I attempted to reinstall 7 while it was running.

I'm not sure what the CBS file says, it's all Greek to me. I did figure out how to attach it though, and it's in the first post.

 

[Mashed1316]

Actually you don't need XP installed to upgrade to Windows 7.

Here: http://www.sevenforums.com/tutorials/31402-clean-install-upgrade-windows-7-version.html

Maybe that's the problem, i'll check the cbs.log and report back

 

[seth500]

If windows installer has been infected and removed then it's impossible to get it back without doing a clean install, but what punkster was saying is that disk of windows 7 a good image from a reputable site or was it downloaded from a third party site. We wouldn't want you to reinstall if you were going to have the same infected file on your computer from a bad image.

 

[Mashed1316]

If windows installer has been infected and removed then it's impossible to get it back without doing a clean install, but what punkster was saying is that disk of windows 7 a good image from a reputable site or was it downloaded from a third party site. We wouldn't want you to reinstall if you were going to have the same infected file on your computer from a bad image.

Exactly, download a copy only from Microsoft partners sites: TechNet or MSDN.

And if you download your copy from a 3rd party website for "X" reason (being "X", any reason) always check the MD5 and HASH numbers to make sure that the file you downloaded is not altered in any way.

Using a modified image of Windows 7 could give you the problems you're already presenting.

And as Seth said, it wont help that you perform a clean install!

 

[jdugan4859]

It's not a download. It's an actual Windows 7 ultimate upgrade disk. I bought it at Fry's a year or so ago, did an upgrade on my CPU. I bought a new 1tb WD black drive, and did a fresh install rather than a clone. Never had an problems on the old HD.