Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Need help with rundll32.exe bad image issue please and thx

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Need help with rundll32.exe bad image issue please and thx

Unread postby dionneleep » April 15th, 2008, 11:00 pm

I decided to delete it since it wasn't a great picture anyways (although my aunt I'm sure would disagree) :D
I have tried twice to run the scan and it won't get past this jpg file even though I deleted it and emptied the recycle bin. Sooo, now what???
dionneleep
Regular Member
 
Posts: 26
Joined: April 6th, 2008, 12:43 am
Advertisement
Register to Remove

Re: Need help with rundll32.exe bad image issue please and thx

Unread postby Katana » April 16th, 2008, 4:49 am

find a file
Please copy (Ctrl+C) and paste (Ctrl+V) the following text in the quote to Notepad.
Save it as "All Files" and name it findfiles.bat Please save it on your desktop.

Please put the name of the picture where it says INSERT NAME HERE (Below) you don't need to add .jpg
This will tell us if there is a copy of the file somewhere else.

@echo off
if exist C:\look*.txt del /q C:\look*.txt
if exist C:\kresults.txt del /q C:\kresults.txt
dir /a "INSERT NAME HERE.*" >> C:\look.txt
type C:\look*.txt >> C:\kresults.txt
start notepad C:\kresults.txt
del /q C:\look*.txt


Notepad will open, copy paste the results here
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Need help with rundll32.exe bad image issue please and thx

Unread postby dionneleep » April 17th, 2008, 12:16 am

Apparently we don't have an operational Notepad. It is under programs/accessories, but it doesn't open. So the documents I have been saving to the desktop are WordPad. The "all files" isn't an option for WordPad. What should I do next?? Let me know if you get annoyed and want to chuck it. My husband's IT guy at work said he'd look at it if we want him to, so whenever you feel that this is too annoying, let me know. :lol:
dionneleep
Regular Member
 
Posts: 26
Joined: April 6th, 2008, 12:43 am

Re: Need help with rundll32.exe bad image issue please and thx

Unread postby Katana » April 17th, 2008, 5:40 am

Don't worry, I'm not fed up yet :lol:

It sounds from that as if your OS has become corrupt.
There is no valid reason why Notepad shouldn't run

Click "Start >> Run" and type "Notepad"
Press enter and see what happens
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Need help with rundll32.exe bad image issue please and thx

Unread postby dionneleep » April 17th, 2008, 11:41 pm

Ok, so I found notepad and this is what it said

Volume in drive C has no label.
Volume Serial Number is 88DE-7FFE

Directory of C:\Documents and Settings\David\Desktop

Somehow, as computer illiterate as I am, I'm thinking this didn't resolve anything and that the computer is out to get me... :roll:
dionneleep
Regular Member
 
Posts: 26
Joined: April 6th, 2008, 12:43 am

Re: Need help with rundll32.exe bad image issue please and thx

Unread postby Katana » April 18th, 2008, 3:48 am

OK, let's try this.....



Reset System Restore.
Now you should disable System restore to purge any infected files and then re-enable it,

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
Restart your computer

Turn ON System Restore

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Un-Check Turn off System Restore.
Click Apply, and then click OK.


CCleaner
Please download CCleaner from here to clean temp files from your computer.
  • Double click on the ccsetup.exe file to start the installation of the program.
  • Select your language and click OK, then next.
  • Read the license agreement and click I Agree.
  • Click next to use the default install location.
  • Under Install Options, choose all the default settings
  • Click Install then finish to complete installation.
  • Double click the CCleaner shortcut on the desktop to start the program.
  • On the "Windows" tab, under "Internet Explorer," uncheck "Cookies" if you do not want them deleted. (If deleted, you will likely need to reenter your passwords at all sites where a cookie is used to recognize you when you visit).
  • If you use either the Firefox or Mozilla browsers, the box to uncheck for "Cookies" is on the Applications tab, under Firefox/Mozilla.
  • Click on the "Options" icon at the left side of the window, then click on "Advanced."
    deselect "Only delete files in Windows Temp folders older than 48 hours."
  • Caution: It is not recommended that you use the "Issues" feature unless you are very familiar with the registry as it has been known to find legitimate items. Click on Issues and make sure Registry Integrity is UNchecked!
  • Click on the "Cleaner" icon on the left side of the window, then click Run Cleaner to run the program.
  • After CCleaner has completed its process, click Exit.



Eset NOD32 Online AntiVirus

Run Eset NOD32 Online AntiVirus
http://www.eset.eu/online-scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Disable your current Antivirus software. You can usually do this with its Notfication Tray icon near the clock.
  • Click Start
  • Make sure that the option "Remove found threats" is Un-checked, and the option "Scan unwanted applications" is checked
  • Click Scan
  • Wait for the scan to finish
  • Re-enable your Anvirisus software.
  • A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.


Please post the NOD 32 log, along with a list/description of any problems you still have.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Need help with rundll32.exe bad image issue please and thx

Unread postby dionneleep » April 19th, 2008, 12:13 am

Okay, here is the NOD 32 log

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3039 (20080418)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=4bda5a8c5a627545aff38863982a27b9
# end=finished
# remove_checked=false
# unwanted_checked=true
# utc_time=2008-04-19 02:57:40
# local_time=2008-04-18 07:57:40 (-0800, Pacific Daylight Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
# scanned=388260
# found=1
# scan_time=4964
C:\Documents and Settings\David\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\animan.class-15a2109c-70e77dba.class Java/TrojanDownloader.OpenStream.NAC trojan DBEE24E93B7EFBC279DAA14F64E9575E

As to other issues-
I right clicked on the desktop after this scan and went to properties and it still comes up w/ the original mssg that started this whole thing.
We also have been unable to download the service pack 3 for xp. We purchased xp directly from microsoft online, so I'm not sure why it won't download.
There is a yellow shield in the bottom tray today that says there are updates are ready to install on my computer, but I'm not sure who this is from? My mother did that once and it really jacked up her computer, so I've yet to try it.

I will say that after cleaning w/ the ccleaner, it runs faster. We just got fios about a month ago and haven't really been all that impressed with the speed thus far. After the cleaner it did seem to load pages faster.

Thanks for all the help!
dionneleep
Regular Member
 
Posts: 26
Joined: April 6th, 2008, 12:43 am

Re: Need help with rundll32.exe bad image issue please and thx

Unread postby Katana » April 19th, 2008, 4:31 am

Where did you buy the machine from ?
Did you get an XP install CD
OTMoveIt
Please download OTMoveIt2 by OldTimer and save it to your desktop
  • Double-click OTMoveIt2.exe to run it.
  • Copy the lines in the codebox below.
Code: Select all
C:\Documents and Settings\David\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file

  • Return to OTMoveIt2, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar), and paste it in your next reply.
  • Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



Please run the MGA Diagnostic Tool and post back the report it creates:

  • Download MGADiag to your desktop.
  • Double-click on MGADiag.exe to launch the program
  • Click "Continue"
  • Ensure that the "Windows" tab is selected (it should be by default).
  • Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.
  • Paste the MGA Diagnostic Report back here in your next reply.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Need help with rundll32.exe bad image issue please and thx

Unread postby dionneleep » April 19th, 2008, 11:43 am

A friend built it for us and we periodically take it out to him when we want to upgrade components or he will walk us through things. He couldn't figure out why we were unable to get the service pack three and he didn't really seem to have the inclination to figure it out, so we just left it not having it. And yes, we do have the XP Install CD w/ service pack 2.
Here is OT Move It:

C:\Documents and Settings\David\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 04192008_084248
dionneleep
Regular Member
 
Posts: 26
Joined: April 6th, 2008, 12:43 am

Re: Need help with rundll32.exe bad image issue please and thx

Unread postby dionneleep » April 19th, 2008, 11:49 am

Here is the MGADiag report:

Diagnostic Report (1.7.0095.0):
-----------------------------------------
WGA Data-->
Validation Status: Genuine
Validation Code: 0
Online Validation Code: N/A
Cached Validation Code: N/A
Windows Product Key: *****-*****-FFFYD-DH8YC-F9W6Q
Windows Product Key Hash: nij7oO6JAAe3CkFlxXqtQetlmwE=
Windows Product ID: 55274-084-3340056-22921
Windows Product ID Type: 5
Windows License Type: Retail
Windows OS version: 5.1.2600.2.00010100.2.0.pro
CSVLK Server: N/A
CSVLK PID: N/A
ID: {AA7CED98-6AFB-40BA-8F40-7B90ACE7E4CE}(3)
Is Admin: Yes
TestCab: 0x0
WGA Version: Registered, 1.7.59.1
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-171-1
Resolution Status: N/A

WgaER Data-->
ThreatID(s): N/A
Version: N/A

WGA Notifications Data-->
Cached Result: 0
File Exists: Yes
Version: 1.7.18.7
WgaTray.exe Signed By: Microsoft
WgaLogon.dll Signed By: Microsoft

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
WGATray.exe Signed By: Microsoft
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 114 Blocked VLK 2
Microsoft Office Professional Edition 2003 - 114 Blocked VLK 2
Microsoft Office OneNote 2003 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-171-1

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\IEXPLORE.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{AA7CED98-6AFB-40BA-8F40-7B90ACE7E4CE}</UGUID><Version>1.7.0095.0</Version><OS>5.1.2600.2.00010100.2.0.pro</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-F9W6Q</PKey><PID>55274-084-3340056-22921</PID><PIDType>5</PIDType><SID>S-1-5-21-1004336348-1801674531-725345543</SID><SYSTEM><Manufacturer>NVIDIA</Manufacturer><Model>AWRDACPI</Model></SYSTEM><BIOS><Manufacturer>Phoenix Technologies, LTD</Manufacturer><Version>6.00 PG</Version><SMBIOSVersion major="2" minor="2"/><Date>20031002000000.000000+000</Date></BIOS><HWID>BD7D369F0184A05F</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Pacific Standard Time(GMT-08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><BRT/></MachineData><Software><Office><Result>114</Result><Products><Product GUID="{90110409-6000-11D3-8CFE-0150048383C9}"><LegitResult>114</LegitResult><Name>Microsoft Office Professional Edition 2003</Name><Ver>11</Ver><Val>59D1605114E3500</Val><Hash>vfZmaSmFPIYrLWTcZSZErUQg+Fo=</Hash><Pid>73931-640-0000106-57264</Pid><PidType>14</PidType></Product><Product GUID="{90A10409-6000-11D3-8CFE-0150048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Office OneNote 2003</Name><Ver>11</Ver><Val>5EA9C3672EB0500</Val><Hash>GZD+9sfb5ecL3RxyV4F75a86u2M=</Hash><Pid>70172-640-0000106-55635</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="11" Result="114"/><App Id="16" Version="11" Result="114"/><App Id="18" Version="11" Result="114"/><App Id="19" Version="11" Result="114"/><App Id="1A" Version="11" Result="114"/><App Id="1B" Version="11" Result="114"/><App Id="44" Version="11" Result="114"/><App Id="A1" Version="11" Result="100"/></Applications></Office></Software></GenuineResults>
dionneleep
Regular Member
 
Posts: 26
Joined: April 6th, 2008, 12:43 am

Re: Need help with rundll32.exe bad image issue please and thx

Unread postby Katana » April 19th, 2008, 3:35 pm

Well, that looks fine as well ????????
Let's see what this tells us.


find a file
Please copy (Ctrl+C) and paste (Ctrl+V) the following text in the quote to Notepad.
(Click "Start >> Run" and type "Notepad")
Save it as "All Files" and name it findfiles.bat Please save it on your desktop.

@echo off
if exist C:\look*.txt del /q C:\look*.txt
if exist C:\kresults.txt del /q C:\kresults.txt
dir /a /s "Shimgvw.dll" >> C:\look.txt
cacls "C:\Windows\System32\Shimgvw.dll" >> C:\look1.txt
cacls "C:\Windows\System32\notepad.exe" >> C:\look2.txt
type C:\look*.txt >> C:\kresults.txt
start notepad C:\kresults.txt
del /q C:\look*.txt
del /q findfiles.bat


Double click findfiles.bat. Notepad will open, copy and paste the contents in your reply.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Need help with rundll32.exe bad image issue please and thx

Unread postby dionneleep » April 19th, 2008, 3:58 pm

Volume in drive C has no label.
Volume Serial Number is 88DE-7FFE
C:\Windows\System32\shimgvw.dll BUILTIN\Users:R
BUILTIN\Power Users:R
BUILTIN\Administrators:F
NT AUTHORITY\SYSTEM:F
dionneleep
Regular Member
 
Posts: 26
Joined: April 6th, 2008, 12:43 am

Re: Need help with rundll32.exe bad image issue please and thx

Unread postby Katana » April 19th, 2008, 4:24 pm

Make sure you have your XP Disc handy

Click "Start >> Run" and type sfc /scannow

This will check to make sure all your system files are valid.
If it replaces any then when it has finished, you will need to go to windows update and check for any updates.

Let me know how you get on, and check if the problem is still there.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Need help with rundll32.exe bad image issue please and thx

Unread postby dionneleep » April 20th, 2008, 3:14 am

Well, it got about 2/3 through the verification and then proceed to tell me that the CD provided is the wrong CD and to please insert the WindowsXP Professional CDRom into the CDRom drive. I am so annoyed. The Cd is genuine and clearly the Windows website recognizes that the computer has the authentic version since we are set up for automatic updates (according to the update history, it just updated active x on4/9). Oh-and it is the Microsoft Word 2003 service pk that fails to update. It looks as if there is an attempt daily to update the Word service pk.

Another strange thing that it does that I forgot to mention: I changed the desktop screen picture a couple of months ago. When the computer is rebooted, the original desktop picture comes up first and stays up until almost the end of the rebooting process, then the screen and icons all go blue, and then the newer desktop pic come up w/ all the icons. I've changed pictures before on the desktop and never had this happen before. Just seems weird, and not an issue for me unless it is symptomatic of a problem.
dionneleep
Regular Member
 
Posts: 26
Joined: April 6th, 2008, 12:43 am

Re: Need help with rundll32.exe bad image issue please and thx

Unread postby Katana » April 20th, 2008, 4:28 am

It sounds like either the OS on your machine has become corrupt (which is possible from the errors you are getting), or the OS on your machine is not the same as the one on your install disc.

Does the disc say XP Professional, or XP Home ?

The Microsoft Word 2003 is because of
Office Status: 114 Blocked VLK 2
Microsoft Office Professional Edition 2003 - 114 Blocked VLK 2
Microsoft Office OneNote 2003 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-171-1


114 Blocked VLK 2 means a Volume Licence Key that has been blocked by Microsoft.
If you paid for Word/office 2003 then you need to contact Microsoft and ask them why it is blocked.
If you didn't pay for it, then you need to uninstall it.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 28 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware