Help Me Remove "Bad Image Error"

[bloodredautumn]

I know the experts on this site have helped quite a few people to remove the "Bad Image Error" problem that begins at start-up and continues to pop up every time an application is started. The longer this thing is on here, the more errors pop up at start-up and (most importantly) the more my wife is annoyed. I spoke to the "Geek Squad" via Best Buy. They recommended the "Webroot Spy Sweeper with Anti-Virus" which I bought, installed and ran. It removed viruses, but apparantly not this one. I'd like to think I'm good with computers but Im really lost on this one. Could somebody please guide me through the process of removing this thing? It would be greatly appreciated. Thank you so much.

p.s. - I also have diwnloaded and installed HijackThis as well as MalwareBytes' AntiMalware

What do I do now?

 

[kritius]

I need you to follow all the steps HERE and then post back with the three requested logs as attachments

• Malwarebytes
  
• SAS
  
• Hijackthis

Dont forget to make sure that Malwarebytes is set to remove the results.

 

[bloodredautumn]

Procedures Followed: Requested Logs Attached

I followed the eight steps provided in your link. The first attached log is the log from my Antivirus program "Webroot." Let me know what I can do next and thank you so much!

 

[kimsland]

Your Malwarebytes version is way too old
Download the newest version

Direct download link for MalwareBytes: http://www.malwarebytes.org/mbam/program/mbam-setup.exe

Then update it

Then run a full scan
Then provide the log

Also uninstall your Norton Antivirus
Then run the Norton Removal tool

Restart

Install Avira free AntiVirus (before scanning with Malwarebytes)

 

[kritius]

Do as Kimsland says and update MBAM then run it again,


Go to add remove programmes in your control panel and uninstall anything to do with(if there).

WindowZones

Close control panel.

Click start/run and type services.msc into the run box and press the enter key.

When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

WindowZones Service (WZSvc)

Close the services window.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

WindowZones.sys
WindowZones.exe

Close task manager.

Fix entries using HiJackThis

• Launch HiJackThis
  
• Click the Do a system scan only button
  
• Put a check next to the entries listed below
  

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
O2 - BHO: (no name) - {D3E841C1-0122-4CAD-8503-A1E30C587D4C} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab
O20 - AppInit_DLLs: yghkbv.dll hvcuqb.dll bnniow.dll
O20 - Winlogon Notify: ssttt - C:\WINDOWS\
O23 - Service: WindowZones Service (WZSvc) - ByteCrusher - C:\Program Files\WindowZones\WindowZones.sys

• IMPORTANT: Do NOT click fix until you exit all browser sessions including the one you are reading in right now
  
• Click the Fix checked button and close HiJackThis
  
• Reboot HijackThis if necessary

Download and Run ComboFix

• Download this file to your desktop from either of the two below listed places : and save it as bloodred.exe
  
  
  
  HERE or HERE
  
  
  
• Then double click bloodred.exe & follow the prompts.
  
• When finished, it shall produce a log for you. Attach that log in your next reply
  

WARNING: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Post a fesh HijackThis log as well as the ComboFix log and the updated MBAM log.

 

[bloodredautumn]

RE: Do as Kimsland says and update MBAM then run it again

Followed both sets of most recent instructions. Thank you again! Whats next?

 

[kimsland]

Here's an excellent quote from another thread

P2P Warning!

• IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.
  
  LimeWire
  
  Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
  Once upon a time, P2P file sharing was fairly safe. That is no longer true. You may continue to use P2P sharing at your own risk; however, please keep in mind that this practice may be the source of your current malware infestation
  
  I'd like you to read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.
  
  References for the risk of these programs can be found in these links: http://www.microsoft.com/windows/ie/community/columns/protection.mspx
  http://www.techweb.com/wire/160500554
  http://www.internetworldstats.com/articles/art053.htm
  See Clean/Infected P2P Programs here
  
  I would recommend that you uninstall LimeWire, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.
  
  If you wish to keep it, please do not use it until your computer is cleaned.

You presently have open ports, with no firewall protection (ie unsafe )

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25064:TCP"= 25064:TCP:BitComet 25064 TCP
"25064:UDP"= 25064:UDP:BitComet 25064 UDP

I'd like to add to the above quote and state a few important points:

• 
  Limewire will allow your computer's files and folders to be shared - even when Limewire is not running
  Limewire is highly likely (actually I'm sure) where your infections have come from
  You cannot unshare your files and folders with Limewire installed - even if you disable sharing
  You are best to remove Limewire if you have personal documents
  Limewire and Windows do not work well together due to malware
  If you want to keep Limewire (strange that some say yes) Then use it with a free Boot CD like Ubuntu

Oh and there is no use continuing malware removal with it installed, obviously it's impossible to clean a system with it installed. If you do decide to uninstall it (your choice and all) then you will need to re-run Combofix and Malwarebytes (updated) again. As your system is likely re-infected again by now.

 

[bloodredautumn]

RE:

I'll definitely get rid of Limewire, I thought I already had. Thank you for that. Thank you for fixing my computer. I have a couple of questions:

1. (After I have deleted Limewire) Do I need to keep all of the programs that you asked me to download in order to keep this from happening again?

2. Once I have deleted Limewire, will that fix the "open ports" problem?

3. I purchased a portable hard drive for my music and other files. Is there anything I can do to make sure I don't get a virus on the portable drive when transferring files?

 

[kimsland]

Well presently it's a mess, sorry I must be blunt.
Here is a quick quote (as I was confirming you had Avira installed just then)

AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated)
AV: Webroot AntiVirus with AntiSpyware *On-access scanning enabled* (Updated)
* Resident AV is active

You can only have one Antivirus installed at a time, otherwise when the other Antivirus tries to quarantine a virus, the next Antivirus will stop any Virus from being moved, and then it will try to quarantine the Virus, and the vicious circle continues! By the way Avira preferred

You have the option to back up and start again as well. If you cannot get into Windows normally you can use this tool: The Ultimate Boot CD, I have some info here on that as well https://www.techspot.com/vb/topic123957.html

Or you can continue try to clean your system as it it presently stands, so you need to tell us which way you want to go about this.

Removing Limewire should also remove the open ports, but we can just as easy fix that by removing these allowed entries in your Firewall (be that Windows or other)

Regarding the portable Harddrive. An excellent place to back to by the way.
No you cannot stop viruses attaching to that, (except by having an updated Antivirus software, and scanning done regularly) But as this is not the OS harddrive, it will not normally spread through that drive. ie Viruses are made to attack Windows.

Anyway, I'll await your proper decision (I'd re-install by the way.)