TechSpot

[Refered to work IT] Bad Image dll error

By André Salgueiro
May 18, 2012
Topic Status:
Not open for further replies.
  1. Hello guys,

    Im new here. I was trying to fix this problem by reading other threads but it didnt workout.

    Im having the bad image error on several programs.

    I´ve run comboFix and malware bytes but it hasn´t change anything.

    an example of programs that won´t run is the office communicator and adobe reader.

    Can you please help me?



    here it is the hijack log:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 13:38:27, on 18-05-2012
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16421)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\Forefront TMG Client\FwcMgmt.exe
    C:\Users\nb19203\AppData\Local\Google\Update\GoogleUpdate.exe
    C:\Users\nb19203\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\nb19203\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\rundll32.exe
    C:\Users\nb19203\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\nb19203\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\nb19203\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\nb19203\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\nb19203\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\nb19203\Downloads\HijackThis (1).exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://prxptl201.novabase.intra:8080/array.dll?Get.Routing.Script
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = prxptl201.novabase.intra:8080
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    O4 - HKLM\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\communicator.exe" /fromrunkey
    O4 - HKLM\..\Run: [Microsoft Forefront Client Security Antimalware Service] "C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - Global Startup: Forefront TMG Client.lnk = C:\Program Files\Forefront TMG Client\FwcMgmt.exe
    O4 - Global Startup: VPN Client.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = novabase.intra
    O17 - HKLM\Software\..\Telephony: DomainName = novabase.intra
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = novabase.intra
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = novabase.intra
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

    --
    End of file - 5642 bytes
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Welcome to TechSpot!

    Before you do anything in a computer forum, you should look for instructions in how to proceed:

    1. Combofix should not be run unless you are directed to do so by a helper.
    2. You should never follow directions given to someone else- even if their problems seem similar.
    3. We do not use HijackThis to screen for malware.
    ======================================================
    Questions before you begin:
    1. Novabase is a Portuguese IT company.
    2. Are you working at this company? It appears that you are user nb19203
    3. If yes, is there a reason why you didn't use their IT in the office?
    4. You also have Forefront TMG Client for Routing and remote access to the VPN through a proxy server.
    =====================================================
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time. I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me. Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't follow directions given to someone else
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    Threads are closed after 5 days if there is no reply.
  3. André Salgueiro

    André Salgueiro TS Rookie Topic Starter

    Yes I´m working here =) . I thought it would be easier for everyone if I sort things out by "myself".

    Thanks for the reply.
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Considering the processes you are using, I am going to refer you to the Office IT for help. It's not a question of 'easier'. It is their job to assist on their systems and since you are doing remotes and include networks, they will be best informed about their systems.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.