TechSpot

Help Me Remove "Bad Image Error"

By bloodredautumn
Mar 15, 2009
  1. I know the experts on this site have helped quite a few people to remove the "Bad Image Error" problem that begins at start-up and continues to pop up every time an application is started. The longer this thing is on here, the more errors pop up at start-up and (most importantly) the more my wife is annoyed. I spoke to the "Geek Squad" via Best Buy. They recommended the "Webroot Spy Sweeper with Anti-Virus" which I bought, installed and ran. It removed viruses, but apparantly not this one. I'd like to think I'm good with computers but Im really lost on this one. Could somebody please guide me through the process of removing this thing? It would be greatly appreciated. Thank you so much.

    p.s. - I also have diwnloaded and installed HijackThis as well as MalwareBytes' AntiMalware

    What do I do now?
     
  2. kritius

    kritius TS Guru Posts: 2,084

    I need you to follow all the steps HERE and then post back with the three requested logs as attachments

    • Malwarebytes
    • SAS
    • Hijackthis

    Dont forget to make sure that Malwarebytes is set to remove the results.
     
  3. bloodredautumn

    bloodredautumn TS Rookie Topic Starter

    Procedures Followed: Requested Logs Attached

    I followed the eight steps provided in your link. The first attached log is the log from my Antivirus program "Webroot." Let me know what I can do next and thank you so much!
     

    Attached Files:

  4. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

  5. kritius

    kritius TS Guru Posts: 2,084

    Do as Kimsland says and update MBAM then run it again,


    Go to add remove programmes in your control panel and uninstall anything to do with(if there).

    WindowZones

    Close control panel.

    Click start/run and type services.msc into the run box and press the enter key.

    When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

    WindowZones Service (WZSvc)

    Close the services window.

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    WindowZones.sys
    WindowZones.exe

    Close task manager.

    Fix entries using HiJackThis

    • Launch HiJackThis
    • Click the Do a system scan only button
    • Put a check next to the entries listed below

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
    O2 - BHO: (no name) - {D3E841C1-0122-4CAD-8503-A1E30C587D4C} - (no file)
    O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
    O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
    O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
    O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab
    O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab
    O20 - AppInit_DLLs: yghkbv.dll hvcuqb.dll bnniow.dll
    O20 - Winlogon Notify: ssttt - C:\WINDOWS\
    O23 - Service: WindowZones Service (WZSvc) - ByteCrusher - C:\Program Files\WindowZones\WindowZones.sys



    • IMPORTANT: Do NOT click fix until you exit all browser sessions including the one you are reading in right now
    • Click the Fix checked button and close HiJackThis
    • Reboot HijackThis if necessary

    [​IMG]Download and Run ComboFix

    • Download this file to your desktop from either of the two below listed places : and save it as bloodred.exe



      HERE or HERE


    • Then double click bloodred.exe & follow the prompts.
    • When finished, it shall produce a log for you. Attach that log in your next reply

    WARNING: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

    Post a fesh HijackThis log as well as the ComboFix log and the updated MBAM log.
     
  6. bloodredautumn

    bloodredautumn TS Rookie Topic Starter

    RE: Do as Kimsland says and update MBAM then run it again

    Followed both sets of most recent instructions. Thank you again! Whats next?
     

    Attached Files:

  7. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Here's an excellent quote from another thread
    You presently have open ports, with no firewall protection (ie unsafe ;) )
    I'd like to add to the above quote and state a few important points:

    • Limewire will allow your computer's files and folders to be shared - even when Limewire is not running
      Limewire is highly likely (actually I'm sure) where your infections have come from
      You cannot unshare your files and folders with Limewire installed - even if you disable sharing
      You are best to remove Limewire if you have personal documents
      Limewire and Windows do not work well together due to malware
      If you want to keep Limewire (strange that some say yes) Then use it with a free Boot CD like Ubuntu

    Oh and there is no use continuing malware removal with it installed, obviously it's impossible to clean a system with it installed. If you do decide to uninstall it (your choice and all) then you will need to re-run Combofix and Malwarebytes (updated) again. As your system is likely re-infected again by now.
     
  8. bloodredautumn

    bloodredautumn TS Rookie Topic Starter

    RE:

    I'll definitely get rid of Limewire, I thought I already had. Thank you for that. Thank you for fixing my computer. I have a couple of questions:

    1. (After I have deleted Limewire) Do I need to keep all of the programs that you asked me to download in order to keep this from happening again?

    2. Once I have deleted Limewire, will that fix the "open ports" problem?

    3. I purchased a portable hard drive for my music and other files. Is there anything I can do to make sure I don't get a virus on the portable drive when transferring files?
     
  9. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Well presently it's a mess, sorry I must be blunt.
    Here is a quick quote (as I was confirming you had Avira installed just then)
    You can only have one Antivirus installed at a time, otherwise when the other Antivirus tries to quarantine a virus, the next Antivirus will stop any Virus from being moved, and then it will try to quarantine the Virus, and the vicious circle continues! By the way Avira preferred

    You have the option to back up and start again as well. If you cannot get into Windows normally you can use this tool: The Ultimate Boot CD, I have some info here on that as well ;) http://www.techspot.com/vb/topic123957.html

    Or you can continue try to clean your system as it it presently stands, so you need to tell us which way you want to go about this.

    Removing Limewire should also remove the open ports, but we can just as easy fix that by removing these allowed entries in your Firewall (be that Windows or other)

    Regarding the portable Harddrive. An excellent place to back to by the way.
    No you cannot stop viruses attaching to that, (except by having an updated Antivirus software, and scanning done regularly) But as this is not the OS harddrive, it will not normally spread through that drive. ie Viruses are made to attack Windows.

    Anyway, I'll await your proper ;) decision (I'd re-install by the way.)
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...