Task Manager error: C:\Windows\System32\UTILDLL.dll is not a valid Windows image

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by boom929, Dec 28, 2008.

  1. boom929

    boom929 Private E-2

    Howdy! This is my first post on here so I apologize for any breach in etiquette on my part.

    I recently discovered some issues with my system, mostly unwanted popups that started just a few days ago. I ran through everything in the Read & Run Me First post and it appears to have done the trick with regards to popups. I have not had a single one since completing that marathon of a list!

    I did notice something that started acting up shortly BEFORE I began the R&RMF list though.

    Whenever I Ctrl-Alt-Del and click Task Manager, I get the error message:

    TaskMgr.exe - Bad Image

    "The application or DLL C:\Windows\System32\UTILDLL.dll is not a valid Windows image. Please check this against your installation diskette."


    I have my initial logs from when I ran the various scans/etc. but I did not want to go through that list again in the event that may make my problem worse. That and the post says not to run through it again if you're still having issues.

    Another thing I noticed the first time I saw this error was that the User Name column under processes no longer displays MY name. Yesterday there were a lot of block characters in place of this, today there appear to be no names listed. One process is listed with a user name of "SYSTEM" - System Idle Process. Not sure if this is something different or the same root issue.

    I also have some hpz files that may (??) be leftover from HP printers I have used in the past. Two still show on my processes tab - HPZipm12.exe & hpzstatn.exe. I am unsure if these are valid remnants from HP printers or something hidden.

    Anyhoo, please let me know if there is anything you need me to download, run, etc. I know this post may contain a few separate issues which must be separately dealt with.

    Thank you

    BR
     
    Last edited: Dec 28, 2008
  2. boom929

    boom929 Private E-2

    Figured it may be beneficial after all to post my 4 log files. See attached.
     

    Attached Files:

  3. boom929

    boom929 Private E-2

    4th log file.
     

    Attached Files:

  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    Your Desktop is a mess. You need to clean it up immediately leaving only links. Do not store downloads, exe files, iso files....etc on your Desktop. First it is not a safe place to keep them (i.e., you may loose them due to malware, and a cluttered Desktop is an easy hiding place for malware, and last but not least it can have an effect on your PCs performance.

    If you no longer have or use the HP devices then uninstall all the related software. I see the below:
    HP Image Zone 4.7
    HP Photosmart Essential
    HP Product Assistant
    HP PSC & OfficeJet 4.7
    HPSystemDiagnostics


    Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.


    Now we need to use ComboFix
    • Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
      • If it is not on your Desktop, the below will not work.
    • Open Notepad and copy/paste the text in the below quote box into it:
    • Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    • At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    • You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    • Now use your mouse to drag CFscript.txt on top of ComboFix.exe
    • Follow the prompts.
    • When it finishes, a log will be produced named c:\combofix.txt
    • I will ask for this log below
    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.


    Now run Ccleaner!

    Now goto this link Using MGtools and download the new version of MGtools.exe using the black bold print link in the first sentence.


    Run MGtools.exe then attach the below logs:
    • C:\ComboFix.txt
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
  5. boom929

    boom929 Private E-2

    Thanks for the reply Chaslang. See attached for the requested files.

    After reinstalling the "non-scanning" printer to my wife's computer I found out it does indeed work. For some reason something on my computer is causing it to be unable to communicate in some fashion with the scanner portion of the HP All-in-one.

    But I digress.... after going through all of your steps, I still get the same error when opening task manager as stated in the subject & first post.

    Any further things I should do?

    Thanks,

    BR
     

    Attached Files:

  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome.
    This is really a problem within Windows. You either have missing or corrupted files. Since I have one more thing for you to do to finish your malware cleaning, I will give you one thing to try which may fix this issue with Task Manager. If it does not, you will have to work this out in the Software Forum.

    Click Start, Run, and enter sfc /scannow and click OK. There is a space after the sfc. This runs System Rile Checker which looks for missing or corrupted system files and attempts to replace/repair them from files on your hard disk or from the CD if necessary. So it will ask for the Windows CD if it needs it.

    Now due to a typo in my last fix, a registry change did not get made correctly.

    Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    Make sure that you tell me if you receive a success message about adding the above
    to the registry. If you do not get a success message, it definitely did not work.


    Now reboot your PC

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

    Then attach the below log:
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
  7. boom929

    boom929 Private E-2

    Okay, System File Checker did not report anything unusual. It did ask for the Windows XP CD but once it finished scanning it did not give me any message of any kind (left the computer alone for 20 minutes just to be sure).

    I then ran fixme.reg using the text you provided and got a success message. Then I rebooted.

    Ran GetLogs.bat - see attached for my MGLogs.zip file.

    Thanks again Chaslang. If this points to a software issue I will bring it up there once I get the go-ahead from you.

    **Edit: I won't hold my breath, but when opening task manager the first time I did NOT get the error message from before. This may have fixed it!**
     

    Attached Files:

    Last edited: Jan 4, 2009
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Yes that is what I was hoping sfc would do.

    Your logs are clean.

    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /u
        • Notes: The space between the combofix" and the /u, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
      • Delete the C:\combofix folder from combofix (if it exists)
    3. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    4. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    5. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    6. Go to add/remove programs and uninstall HijackThis.
    7. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
    8. If you are running Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures in step 3 the READ ME for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    9. After doing the above, you should work thru the below link:
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds