Jump to content

mbam.exe - Bad Image - after installation , opengl32.dll


MKWest
 Share

Recommended Posts

Hello,

I have a two year subscription to Malwarebytes Premium. I have loaded it on other computers but one is having issues. After installing it will not run but throws a mbam.exe - Bad Image error. The error says: "OPENGL32.dll is either not designed to run on Windows or ir contains an error, etc., etc.". I tried grabbing the file from another computer and re-installing my video driver/software but no joy. I could use some help and direction on this.

Thanks!

Link to post
Share on other sites

I noticed a couple others having this problem and some common suggestions. BTW, I have scanned this machine with the installed McAfee as well as Stinger, Spy Bot Search & Destroy, and CCleaner. These found a few issues and cleaned them up. I still cannot start MalwareBytes. I noticed the Farbar Recovery Scan Tool is mentioned in all of these responses so I downloaded and run a scan. I have attached the First.txt and Addition.txt files. Let me know if you want me to actually post the text in the response.

Addition.txt

FRST.txt

Link to post
Share on other sites

  • Staff

Hello and :welcome:

 

2eyjdoj.png Check Disk

  • Press the WindowsKey.png on your keyboard. Type cmd and right click >> Run as Administrator.
  • Copy/Enter the command below and press Enter:
    chkdsk C: /r
  • You should get a message to schedule Check Disk at next system restart. Please type Y and press Enter.
  • All you should do now is to restart your PC and let the Check Disk process finish uninterrupted.


Check Disk report:

  • Press the WindowsKey.png + R on your keyboard at the same time. Type powershell.exe and click OK.
  • Copy and paste the following command inside powershell window and press Enter:
    get-winevent -FilterHashTable @{logname="Application"; id="1001"}| ?{$_.providername –match "wininit"} | fl timecreated, message | out-file Desktop\CHKDSKResults.txt
  • Paste the contents into your next reply.

Link to post
Share on other sites

Windows PowerShell
Copyright (C) 2009 Microsoft Corporation. All rights reserved.

PS C:\Users\Rick> get-winevent -FilterHashTable @{logname="Application"; id="100
1"}| ?{$_.providername -match "wininit"} | fl timecreated, message | out-file De
sktop\CHKDSKResults.txt

Results: 


Get-WinEvent : The interface is unknown
At line:1 char:13
+ get-winevent <<<<  -FilterHashTable @{logname="Application"; id="1001"}| ?{$_
.providername -match "wininit"} | fl timecreated, message | out-file Desktop\CH
KDSKResults.txt
    + CategoryInfo          : NotSpecified: (:) [Get-WinEvent], EventLogExcept
   ion
    + FullyQualifiedErrorId : System.Diagnostics.Eventing.Reader.EventLogExcep
   tion,Microsoft.PowerShell.Commands.GetWinEventCommand

PS C:\Users\Rick>

Link to post
Share on other sites

If I bring up powershell in the menu and run as administrator I get the following:

Windows PowerShell
Copyright (C) 2009 Microsoft Corporation. All rights reserved.

PS C:\Windows\system32> get-winevent -FilterHashTable @{logname="Application"; i
d="1001"}| ?{$_.providername -match "wininit"} | fl timecreated, message | out-f
ile Desktop\CHKDSKResults.txt


Out-File : Could not find a part of the path 'C:\Windows\system32\Desktop\CHKDS
KResults.txt'.
At line:1 char:140
+ get-winevent -FilterHashTable @{logname="Application"; id="1001"}| ?{$_.provi
dername -match "wininit"} | fl timecreated, message | out-file <<<<  Desktop\CH
KDSKResults.txt
    + CategoryInfo          : OpenError: (:) [Out-File], DirectoryNotFoundExce
   ption
    + FullyQualifiedErrorId : FileOpenFailure,Microsoft.PowerShell.Commands.Ou
   tFileCommand

PS C:\Windows\system32>

Link to post
Share on other sites

  • Staff

Can you try this please:

  • Press the WindowsKey.png + R on your keyboard at the same time. Type eventvwr and click OK.
  • In the left panel, expand Windows Logs and then click on Application.
  • Now, on the right side, click on Filter Current Log.
  • Under Event Sources, check only Wininit and click OK.
  • Now you'll be presented with one or multiple Wininit logs.
  • Click on an entry corresponding to the date and time of the disk check.
  • On the top main menu, click Action > Copy > Copy Details as Text.
  • Paste the contents into your next reply.

Link to post
Share on other sites

Well, we might have started to narrow down this particular problem. When I do that I get an error: "Event Log  service is unavailable. Verify that the  service is running."

When i go to services and try and start it manually I get another error:  "WIndows could not start the Windows Event Log service on Local Computer. Error 5: Access is denied"

I am logged in as an administrator.

Link to post
Share on other sites

OK, finally got it working and did another scan last night and here are the results:

Log Name:      Application
Source:        Microsoft-Windows-Wininit
Date:          10/11/2016 6:42:39 PM
Event ID:      1001
Task Category: None
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      Rick-PC
Description:


Checking file system on C:
The type of the file system is NTFS.

A disk check has been scheduled.
Windows will now check the disk.                         

CHKDSK is verifying files (stage 1 of 5)...
Cleaning up instance tags for file 0x15b9f.
Cleaning up instance tags for file 0x6fd78.
  507648 file records processed.                                        
File verification completed.
  1580 large file records processed.                                  
  0 bad file records processed.                                    
  2 EA records processed.                                          
  107 reparse records processed.                                      
CHKDSK is verifying indexes (stage 2 of 5)...
  619148 index entries processed.                                        
Index verification completed.
  0 unindexed files scanned.                                        
  0 unindexed files recovered.                                      
CHKDSK is verifying security descriptors (stage 3 of 5)...
  507648 file SDs/SIDs processed.                                        
Cleaning up 622 unused index entries from index $SII of file 0x9.
Cleaning up 622 unused index entries from index $SDH of file 0x9.
Cleaning up 622 unused security descriptors.
Security descriptor verification completed.
  55751 data files processed.                                          
CHKDSK is verifying Usn Journal...
  33863776 USN bytes processed.                                            
Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
  507632 files processed.                                                
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
  85778334 free clusters processed.                                        
Free space verification is complete.
Windows has made corrections to the file system.

 488282111 KB total disk space.
 144312480 KB in 418615 files.
    231052 KB in 55752 indexes.
         4 KB in bad sectors.
    625235 KB in use by the system.
     65536 KB occupied by the log file.
 343113340 KB available on disk.

      4096 bytes in each allocation unit.
 122070527 total allocation units on disk.
  85778335 allocation units available on disk.

Internal Info:
00 bf 07 00 0a 3d 07 00 d8 57 0d 00 00 00 00 00  .....=...W......
4c 04 00 00 6b 00 00 00 00 00 00 00 00 00 00 00  L...k...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................

Windows has finished checking your disk.
Please wait while your computer restarts.

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
    <EventID Qualifiers="16384">1001</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2016-10-12T01:42:39.000000000Z" />
    <EventRecordID>78829</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>Application</Channel>
    <Computer>Rick-PC</Computer>
    <Security />
  </System>
  <EventData>
    <Data>

Checking file system on C:
The type of the file system is NTFS.

A disk check has been scheduled.
Windows will now check the disk.                         

CHKDSK is verifying files (stage 1 of 5)...
Cleaning up instance tags for file 0x15b9f.
Cleaning up instance tags for file 0x6fd78.
  507648 file records processed.                                        
File verification completed.
  1580 large file records processed.                                  
  0 bad file records processed.                                    
  2 EA records processed.                                          
  107 reparse records processed.                                      
CHKDSK is verifying indexes (stage 2 of 5)...
  619148 index entries processed.                                        
Index verification completed.
  0 unindexed files scanned.                                        
  0 unindexed files recovered.                                      
CHKDSK is verifying security descriptors (stage 3 of 5)...
  507648 file SDs/SIDs processed.                                        
Cleaning up 622 unused index entries from index $SII of file 0x9.
Cleaning up 622 unused index entries from index $SDH of file 0x9.
Cleaning up 622 unused security descriptors.
Security descriptor verification completed.
  55751 data files processed.                                          
CHKDSK is verifying Usn Journal...
  33863776 USN bytes processed.                                            
Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
  507632 files processed.                                                
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
  85778334 free clusters processed.                                        
Free space verification is complete.
Windows has made corrections to the file system.

 488282111 KB total disk space.
 144312480 KB in 418615 files.
    231052 KB in 55752 indexes.
         4 KB in bad sectors.
    625235 KB in use by the system.
     65536 KB occupied by the log file.
 343113340 KB available on disk.

      4096 bytes in each allocation unit.
 122070527 total allocation units on disk.
  85778335 allocation units available on disk.

Internal Info:
00 bf 07 00 0a 3d 07 00 d8 57 0d 00 00 00 00 00  .....=...W......
4c 04 00 00 6b 00 00 00 00 00 00 00 00 00 00 00  L...k...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................

Windows has finished checking your disk.
Please wait while your computer restarts.
</Data>
  </EventData>
</Event>

 

Link to post
Share on other sites

Still no joy. Get the same error. 

For more background, we got hit with a ransomware virus about a week ago. I had a tech company I have used before come in to clean it up. The actual  machine infected was a different machine but I had a couple of large shares on my machine which were encrypted.Fortunately, I had cloud backups of everything. However, I think when the "clean-up" was done it did something to my machine as a few things are not working right. Perhaps some important permissions were changed like the permissions for the event viewer which I fixed with a fix I found online. Mine was the only machine out of 5 that had any problems installing and running malwarebytes. Hope that helps.

Link to post
Share on other sites

  • Staff

Okay, let's scan again:

 

FRST.gif Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition.txt option is checked. option is checked.

    2873ryc.png

  • Press Scan button and wait.

  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.


Please attach report into your next reply.

Link to post
Share on other sites

  • Staff

Let's try this:

 

mbam-old.png Uninstall outdated/damaged Malwarebytes' Anti-Malware

Please download MBAM-clean and save it to your desktop.

  • Right-click on mbam-clean.exe icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • It will ask you to reboot the machine - please do so.

After that follow my next instructions to download & install the latest MBAM version.

51a46ae42d560-malwarebytes_anti_malware. Scan with Malwarebytes' Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.

  • Install the progam and select update.
  • Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.
  • In the same tab, under PUP and PUM detections make sure it is set to Treat detections as malware.
  • Click the Scan tab, choose Threat Scan is checked and click Start Scan.
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • At the bottom click Export and choose Text file.


Save the file to your desktop and include its content in your next reply.

Link to post
Share on other sites

Ran Windows Repair - All in One on request of tech support as the permissions and security descriptors appear to be all messed up. Helped some, was able to apply a couple Windows updates I couldn't before. However, Mbam still wouldn't run. Did the MBAM-Clean you suggested and reinstalled but same error as before with opengl32.dll.

 

Link to post
Share on other sites

  • Staff

I would like to see fresh FRST reports.

 

FRST.gif Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition.txt option is checked. option is checked.

    2873ryc.png

  • Press Scan button and wait.

  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.


Please attach report into your next reply.

Link to post
Share on other sites

  • Staff

Let's try this fix:

 

FRST.gif Fix with Farbar Recovery Scan Tool

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif


icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finishes FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.


  • Download the MBAM-Check tool from this page.
        
  • Run the MBAM-Check tool.
        
  • A black command prompt window will open briefly, then close. Afterwards a log file will open.
        
  • A new log file, CheckResults.txt, will be created on your desktop.


Once the CheckResults.txt file is created, please attach it here.

fixlist.txt

Edited by TwinHeadedEagle
Link to post
Share on other sites

  • Staff

Let's try this:

 

2eyjdoj.pngSystem File Checker

  • Press the WindowsKey.png on your keyboard. Type cmd and right click >> Run as Administrator.
  • Copy/Enter the command below and press Enter:
  • sfc /scannow
  • Windows will begin with system scan.
  • When done, please reboot your system.


System File Checker report:

  • Press WindowsKey.png + R on your keyboard at the same time. Type cmd and click OK.
  • Copy/Enter the command below and press Enter:
  • findstr /c:"[SR]" %windir%\Logs\CBS\CBS.log >"%userprofile%\Desktop\sfcdetails.txt"
  • Attach sfcdetails.txt from your Desktop in your next reply.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.