Bad image error problem

Solved
By nbk7pos
Jun 14, 2010
Topic Status:
Not open for further replies.
  1. I read a post to follow 8 steps which were condensed to 7 and attached the following documents.

    Any assistance would be greatly appreciated since I can not get rid of this problem...

    Attached Files:

  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    I will check the logs. But please tell me what you are trying to do when the 'bad image' message comes up.

    The more information (in as few words as possible) you give us, the better it is to help you.
  3. nbk7pos

    nbk7pos Newcomer, in training Topic Starter

    Everytime I open a new application (internet, control panel, anything) I receive a bad image error popup. When it first appeared I only saw it with internet explorer but now as I turn on the computer I recieve about 5-6 error messages before windows starts. I tried to install AVG but it will not load correctly and fails installation kicking out more error messages.
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    Boot into Safe Mode
    • Restart your computer and start pressing the F8 key on your keyboard.
    • Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.

    Follow the directions and screen shots here: http://www.netsquirrel.com/msconfig/msconfig_vista.html
    Once you have accessed the msconfig utility, choose Selective Startup then Startup tab
    Uncheck each of the following and any related processes> see notes:
    AVG
    ParetoLogic PC Health Advisor
    Uniblue RegistryBooster
    Hijackthis 1.99.1
    Java

    Click on Apply> OK> Reboot into Normal Mode> Close the nag message after checking 'don't show this message again.' Stay in Selective Startup.

    Some notes:
    1. Antivirus: you have Microsoft Windows OneCare Live AntiSpyware and AntiVirus installed.You have some processes for AVG running. Decide if you want #1 or #2 for the AV and remove the other.
    3. Registry cleaners:
    Please disable the Uniblue RegistryBooster. We don't recommend Registry cleaners and it's important that it does not run and/or make Registry changes while I'm helping you.

    About ParetoLogic PC Health Advisor. Their hype:
    I guarantee you that using this will cause system problems. Hopefully you're still using the trial because I recommend you uninstall it now.

    4. Hijackthis 1.99.1 is outdated. Please remove it. I will have you download the current version later.
    5. You have Java(TM) 6 Update 7. The current version is v6u20. Update the Java. The old version is a vulnerability. Check this site .Java Updates . Uninstall any earlier versions in Add/Remove Programs.
    ===================================
    See if this makes any difference to what you can do in the system.

    If it does not. Please run this and see if there is an Error corresponding to the times you're getting this message:

    Please download VEW and save it to your Desktop:

    Setting up the program

    Double-click VEW.exe to run.

    • Select log to query, select
    • Application
    • System

      Under Select type to list, select:
    • Critical (Vista only)
    • Error

      Click the radio button for Number of events
    • Type 20 in the 1 to 20 box
    • Then click the Run button.
    • Notepad will open with the output log.

      Load the log
    • In Notepad, click Edit> Select all
    • Then press Edit > Copy
    • Press Ctrl+V on your keyboard to paste the log to your next reply.
    (Courtesy rev-Olie)
  5. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    One more thought:
    ATI Catalyst Control Center™:
    What are the system requirements for the ATI Catalyst™ Control Center?

    Your Processor: Intel(R) Core(TM)2 Duo CPU P8400 @ 2.26GHz

    There are also many reported problems from Catalyst users for the atikmdag.sys. It is noted in your logs that this driver may have a problem.

    Hardware isn't my things, so bear with me if this shows my ignorance!
  6. nbk7pos

    nbk7pos Newcomer, in training Topic Starter

    I removed:
    ParetoLogic PC Health Advisor
    Uniblue RegistryBooster
    Hijackthis 1.99.
    ATI Catalyst™ Control Center
    AVG

    Within "msconfig" I unchecked all startup processes

    I updated java per your request above

    I downloaded VEW but when I hit "run" I get the following error:
    Run-time error '75':
    Path/file access error

    Anythoughts of how to fix VEW?
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

  8. nbk7pos

    nbk7pos Newcomer, in training Topic Starter

    I saved to the desktop and tried to run but that is when I receive the error message noted above. Any thoughts on why I am receiving this?
  9. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    Are you still getting the Bad Image Error?
  10. nbk7pos

    nbk7pos Newcomer, in training Topic Starter

    As I try to run the VEW application from the desktop I receive the bad image error and then select the criteria you mentioned. Once I hit "run" within VEW I get the run time error 75.
  11. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    2 questions:

    Is your operating system 64bit? (GMER won't run on 64bit, VEW also might not run)
    Is your copy of the operating system legitimate?
  12. nbk7pos

    nbk7pos Newcomer, in training Topic Starter

    I checked my opperating system and it said 32 bit under system control panel.

    In addition I have a genuine windows copy.
  13. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    We are getting way off track here. Your original problem was 'bad image'. Are you still getting that doing the things you did previously, before trying to run VEW?
     
  14. nbk7pos

    nbk7pos Newcomer, in training Topic Starter

    I appologize for the late reply. I had to go out of town and am just now getting a chance to reply.

    I still receive the bad image error any time I open a application.

    For example when I try to open internet explorer I get the folowing:

    "Iexplore.exe - Bad Image

    C:\Progra~1\google\GOOGLE~3\GOEC62~1.DLL is either not designed to run on Windows or it contains an error. Try installing the program again using the original installation media or contact your system administrator or the software vendor for support."

    I tried to reinstall google but nothing changed.
  15. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    Thanks for the example. It appears that Google added a BHO to their at some point. This has caused problems, so I'll have you remove the entries and see if that helps: Can't believe I got this far and haven't had you run Combofix yet! I have the script all written to run:

    Please download ComboFix from Here and save to your Desktop.

    • [1]. Do NOT rename Combofix unless instructed.
      [2].Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3].Close any open browsers.
      [4]. Double click combofix.exe & follow the prompts to run.
    • NOTE: Combofix will disconnect your machine from the Internet as soon as it starts. The connection is automatically restored before CF completes its run. If it does not, restart your computer to restore your connection.
      [5]. If Combofix asks you to install Recovery Console, please allow it.
      [6]. If Combofix asks you to update the program, always allow.
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      [7]. A report will be generated after the scan. Please post the C:\ComboFix.txt in next reply.
    Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.
    Note: Make sure you re-enable your security programs, when you're done with Combofix..
    =====================================
    After you have run Combofix, reboot the machine and go on to this:

    Custom CFScript


    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad and copy/paste the text in the code below into it:
    Code:
    File::
    Folder::
    
    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED58-01DD-4D91-8333-CF10577473F7}\TypeLib]
    
    DDS::
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    
    Driver::
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please attach to your next reply.
    ====================
    Then Download the HijackThis Installer HERE and save to the desktop:
    1. Double-click on HJTInstall.exe to run the program.
    2. By default it will install to C:\Program Files\Trend Micro\HijackThis.
    3. Accept the license agreement by clicking the "I Accept" button.
    4. Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
    5. Click "Save log" to save the log file and then the log will open in notepad.
    6. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    7. Come back here to this thread and paste (Ctrl+V) the log in your next reply.

    NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

    The Bad Image error should be gone after the script, but if there are any entries left, I'll see them in the HJT log and have you remove them-wait until I instruct you before doing anything with this log.
  16. nbk7pos

    nbk7pos Newcomer, in training Topic Starter

    I ran combofix and it would appear the problem has been resolved. I am not sure what it did but I assume you do not need to see the results. THank you so much for your help in getting rid of the problem.

    I appreciate all of your time and help!
  17. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    You're welcome. I'd like to finish up with the Combofix log that was created after the script and the log from HijackThis. Sometimes a particular problem may be resolve, but that is not an indication that there is no more malware on this system.

    The I will have you remove the cleaning tools and the logs they created. However, if you do not want to finish up, I can close the thread.
  18. nbk7pos

    nbk7pos Newcomer, in training Topic Starter

    Let me know if there is anything that looks bad.

    Thanks

    Combofix attachments:

    View attachment combofix results.txt
    View attachment combofix with script.txt

    HIJACHTHIS LOG:
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 12:28:14 PM, on 09/07/2010
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.18882)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    C:\Program Files\AVG\AVG9\avgtray.exe
    C:\Windows\ehome\ehtray.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\notepad.exe
    C:\Windows\explorer.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wermgr.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (file missing)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
    O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
    O16 - DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} (FBootloaderAX) - http://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab
    O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
    O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
    O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll
    O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f091b975\aestsrv.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\Program Files\Fingerprint Sensor\AtService.exe
    O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe
    O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
    O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
    O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
    O23 - Service: @C:\Program Files\DigitalPersona\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
    O23 - Service: FlipShare Service - Unknown owner - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
    O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
    O23 - Service: Google Update Service (gupdate1ca55e42ae09450) (gupdate1ca55e42ae09450) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Advanced Networking Service (hnmsvc) - Dell Inc. - c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE

    --
    End of file - 6945 bytes
  19. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    Looks good! If the problems have been resolved, Removing all of the tools we used and the files and folders they created
    • Uninstall ComboFix and all Backups of the files it deleted
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
      [​IMG]
    • Download OTCleanIt by OldTimer and save it to your Desktop.
    • Double click OTCleanIt.exe.
    • Click the CleanUp! button.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.

    Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
    • You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
    • Go to Start > All Programs > Accessories > System Tools
    • Click "System Restore".
    • Choose "Create a Restore Point" on the first screen then click "Next".
    • Give the Restore Point a name> click "Create".
    • Go back and follow the path to > System Tools.
      [*]Choose Disc Cleanup
      [*]Click "OK" to select the partition or drive you want.
      [*]Click the "More Options" Tab.
      [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.


    Empty the Recycle Bin

    Let me know if I can be of anymore help.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.