Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


"Bad Image" - Corrupted file? Malware? Help!!

  • This topic is locked This topic is locked
2 replies to this topic

#1 Stephanie13


  • Members
  • 6 posts
  • Local time:06:26 AM

Posted 28 May 2009 - 07:08 AM

I was asked to re-post this here from the Windows XP forum:

My computer just developed a worrying problem this afternoon. I don't understand why--I had not installed any new programs or visited any unusual sites. The only recent change is that I've brought my computer with me on vacation with family and am running it in a different physical location. This problem started this afternoon when I moved the computer from downstairs to upstairs and brought Windows out of sleep mode to check my e-mail.

What is happening is that any time I try to start running a program, or when I reboot my computer and it automatically starts booting up programs, a "Bad Image" error appears that reads "The application or DLL C:\WINDOWS\System32\mswnlwkl.dll is not a valid Windows image. Please check this against your installation diskette."

Programs will still run even though this error will show up repeatedly, any time I start any program, and I will have to click "OK" to exit out of the error box, sometimes repeatedly during the entire time a program is running. The only program that will not run at all is Firefox.

The research I've done using Google seems to suggest this is a Malware / Vundo / rootkit, rather than an actual problem with the DLL file, though I am not sure. I have a Windows installation disc, but not with me (if I need it, I'll have to wait a week and a half until I'm back at my apartment where the disk is).

I've run Malware Bytes' Anti-Malware both in regular and Safe mode. The first time I did a full scan, it picked up and removed 4 items, but none seem to be what is causing it, as this didn't fix the problem. Running MBAB in safe mode didn't detect anything else. I also uninstalled Firefox and cleaned my registry using CCleaner.exe, then re-installed Firefox, which also didn't fix the problem. I am running Windows XP, up to date with Windows updates as far as I know.

At this point, I have no idea what else to do. Any help will be greatly appreciated!!

I was also asked to run Malware Bytes' Anti-Malware again, and I did, a full scan in Safe mode, and it came up clean, even though the problem is still occurring:

Malwarebytes' Anti-Malware 1.37
Database version: 2186
Windows 5.1.2600 Service Pack 3

5/28/2009 7:50:13 AM
mbam-log-2009-05-28 (07-50-13).txt

Scan type: Full Scan (C:\|)
Objects scanned: 199594
Time elapsed: 1 hour(s), 31 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

BC AdBot (Login to Remove)


#2 Stephanie13

  • Topic Starter

  • Members
  • 6 posts
  • Local time:06:26 AM

Posted 28 May 2009 - 08:17 AM

Update: HijackThis/DDS log posted here

#3 garmanma


    Computer Masochist

  • Members
  • 27,809 posts
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:06:26 AM

Posted 28 May 2009 - 09:40 AM

Since you have a HJT log posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the HJT Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

To avoid confusion, I am closing this topic.
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users