Jump to content

Change Mode

Bad Image Error (windows Xp)


Recommended Posts

Hello,

 

I've gotten a couple of these before on start-up, but I disregarded them. I logged in today, and got about 30 one after the other, pertaining to almost every application. Happens when I click on icons too, I have no clue what to do about it.

 

Could anyone please give me step by step help?

 

Thanks.

Link to post
Share on other sites

Hello,

 

I've gotten a couple of these before on start-up, but I disregarded them. I logged in today, and got about 30 one after the other, pertaining to almost every application. Happens when I click on icons too, I have no clue what to do about it.

 

Could anyone please give me step by step help?

 

Thanks.

 

Going to suggest that you download and run SUPERAntispyware and Malwarebytes. You can download them here:

SUPERAntispyware > download, install, update and run a full/complete scan.

Malwarebytes here's how to run it:

Double-click mbam-setup.exe and follow the prompts to install the program.

At the end, be sure a check mark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, select Perform full scan, then click Scan.

When the scan is complete, click OK, then Show Results to view the results.

Be sure that everything is checked, and click Remove Selected.

When completed, a log will open in Notepad. Please save it to a convenient location and post the results. SUPERAntispyware also produces a log, please post the results of both logs in your next post.

 

p.s. going to move this over to our Virus/Spyware forums...

 

 

 

 

:geezer:

Link to post
Share on other sites

Thanks for your reply.

 

After the scans finished, I restarted and the same things showed up.

 

SUPERAntiSpyware Scan Log

 

 

Generated 05/17/2011 at 01:50 PM

 

Application Version : 4.52.1000

 

Core Rules Database Version : 7074

Trace Rules Database Version: 4886

 

Scan type : Complete Scan

Total Scan Time : 02:34:49

 

Memory items scanned : 460

Memory threats detected : 0

Registry items scanned : 7791

Registry threats detected : 98

File items scanned : 24752

File threats detected : 16

 

Adware.MyWebSearch

HKU\S-1-5-21-1547161642-343818398-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D}

HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}

HKU\S-1-5-21-1547161642-343818398-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D}

HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}

HKU\S-1-5-21-1547161642-343818398-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}

HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}

HKU\S-1-5-21-1547161642-343818398-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA}

HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}

 

Adware.IWinGames

HKU\S-1-5-21-1547161642-343818398-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8CA5ED52-F3FB-4414-A105-2E3491156990}

HKCR\CLSID\{8CA5ED52-F3FB-4414-A105-2E3491156990}

 

Adware.Tracking Cookie

C:\Documents and Settings\Owner\Cookies\[email protected][2].txt

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

C:\Documents and Settings\Owner\Cookies\[email protected][2].txt

C:\Documents and Settings\Owner\Cookies\[email protected][3].txt

C:\Documents and Settings\Owner\Cookies\[email protected][2].txt

C:\Documents and Settings\Owner\Cookies\[email protected][2].txt

.msnportal.112.2o7.net [ C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.atdmt.com [ C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.atdmt.com [ C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.atdmt.com [ C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.atdmt.com [ C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.bellcan.adbureau.net [ C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.doubleclick.net [ C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.tribalfusion.com [ C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

 

Adware.MyWebSearch/FunWebProducts

HKU\S-1-5-21-1547161642-343818398-1417001333-1003\SOFTWARE\Fun Web Products

HKLM\SOFTWARE\Fun Web Products

HKLM\SOFTWARE\Fun Web Products#JpegConversionLib

HKLM\SOFTWARE\Fun Web Products#CacheDir

HKLM\SOFTWARE\Fun Web Products\MSNMessenger

HKLM\SOFTWARE\Fun Web Products\MSNMessenger#DLLFile

HKLM\SOFTWARE\Fun Web Products\MSNMessenger#DLLDir

HKLM\SOFTWARE\Fun Web Products\ScreenSaver

HKLM\SOFTWARE\Fun Web Products\ScreenSaver#ImagesDir

HKLM\SOFTWARE\Fun Web Products\Settings

HKLM\SOFTWARE\Fun Web Products\Settings\CursorManiaBtn

HKLM\SOFTWARE\Fun Web Products\Settings\CursorManiaBtn#LastHTMLMenuURL

HKLM\SOFTWARE\Fun Web Products\Settings\CursorManiaBtn#HTMLMenuRevision

HKLM\SOFTWARE\Fun Web Products\Settings\CursorManiaBtn#ETag

HKLM\SOFTWARE\Fun Web Products\Settings\Promos

HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyTextNone.numActive

HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyTextNone.0

HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyFreqNone

HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyTextUninstalled.numActive

HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyTextUninstalled.0

HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyFreqUninstalled

HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.numActive

HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.numActive2

HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.1

HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.2

HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.3

HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.4

HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.5

HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.6

HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.7

HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.8

HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn

HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn#HTMLMenuPosDeleted

HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn#LastHTMLMenuURL

HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn#HTMLMenuRevision

HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn#ETag

HKU\S-1-5-21-1547161642-343818398-1417001333-1003\SOFTWARE\FunWebProducts

HKU\S-1-5-21-1547161642-343818398-1417001333-1003\SOFTWARE\MyWebSearch

HKLM\SOFTWARE\MyWebSearch

HKLM\SOFTWARE\MyWebSearch\bar

HKLM\SOFTWARE\MyWebSearch\bar#UseFWB

HKLM\SOFTWARE\MyWebSearch\bar#pid

HKLM\SOFTWARE\MyWebSearch\bar#fwp

HKLM\SOFTWARE\MyWebSearch\bar#tiec

HKLM\SOFTWARE\MyWebSearch\bar#Dir

HKLM\SOFTWARE\MyWebSearch\bar#UninstallString

HKLM\SOFTWARE\MyWebSearch\bar#PluginPath

HKLM\SOFTWARE\MyWebSearch\bar#RegHookPath

HKLM\SOFTWARE\MyWebSearch\bar#Id

HKLM\SOFTWARE\MyWebSearch\bar#CurInstall

HKLM\SOFTWARE\MyWebSearch\bar#SettingsDir

HKLM\SOFTWARE\MyWebSearch\bar#sr

HKLM\SOFTWARE\MyWebSearch\bar#pl

HKLM\SOFTWARE\MyWebSearch\bar#CacheDir

HKLM\SOFTWARE\MyWebSearch\bar#ConfigDateStamp

HKLM\SOFTWARE\MyWebSearch\bar#HTMLMenuRevision

HKLM\SOFTWARE\MyWebSearch\bar#sscLabel

HKLM\SOFTWARE\MyWebSearch\bar#sscURL

HKLM\SOFTWARE\MyWebSearch\bar#Flags

HKLM\SOFTWARE\MyWebSearch\bar#HistoryDir

HKLM\SOFTWARE\MyWebSearch\bar#AutocompleteURL

HKLM\SOFTWARE\MyWebSearch\SearchAssistant

HKLM\SOFTWARE\MyWebSearch\SearchAssistant#pid

HKLM\SOFTWARE\MyWebSearch\SearchAssistant#fwp

HKLM\SOFTWARE\MyWebSearch\SearchAssistant#esh

HKLM\SOFTWARE\MyWebSearch\SearchAssistant#lsp

HKLM\SOFTWARE\MyWebSearch\SearchAssistant#ABS

HKLM\SOFTWARE\MyWebSearch\SearchAssistant#DES

HKLM\SOFTWARE\MyWebSearch\SearchAssistant#ie8h

HKLM\SOFTWARE\MyWebSearch\SkinTools

HKLM\SOFTWARE\MyWebSearch\SkinTools#PlayerPath

HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}

HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}

HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0

HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\0

HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\0\win32

HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\FLAGS

HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\HELPDIR

HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}

HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid

HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid32

HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib

HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib#Version

HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}

HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\ProxyStubClsid

HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\ProxyStubClsid32

HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\TypeLib

HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\TypeLib#Version

C:\PROGRAM FILES\WINDOWS LIVE\MESSENGER\RICHED20.DLL

 

 

 

Malwarebytes' Anti-Malware 1.50.1.1100

 

 

Database version: 6599

 

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

 

17/05/2011 3:17:39 PM

mbam-log-2011-05-17 (15-17-39).txt

 

Scan type: Full scan (C:\|)

Objects scanned: 224679

Time elapsed: 2 hour(s), 28 minute(s), 52 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 31

Registry Values Infected: 3

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{100EB1FD-D03E-47FD-81F3-EE91287F9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{2AA2FBF8-9C76-4E97-A226-25C5F4AB6358} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2AA2FBF8-9C76-4E97-A226-25C5F4AB6358} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

 

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} (Adware.Zango) -> Value: {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} (Adware.Zango) -> Value: {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> Value: (default) -> Delete on reboot.

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

c:\program files\windows live\messenger\riched20.dll (PUP.FunWebProducts) -> Not selected for removal.

 

 

Edited by Sparks
Link to post
Share on other sites

You need to grab HiJackThis here. Save it to it's own folder on your desktop. Open the program and select to "Do a scan and save a log file". After the scan completes it will open the log in Notepad. Copy the contents of the log and paste into a new thread that you start here > http://forums.pcpitstop.com/index.php?/forum/25-hijackthis-logs/

Wait for help there from one of our Trusted Advisors, they are busy so it may take a little while.

 

 

 

 

:geezer:

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...