This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

windows 7 machine with Bad image error

i have one Windows 7 PC with this error upon login.

how do i get rid of it 

there is no installation error for my endpoint.



This thread was automatically locked due to age.
Parents Reply Children
  • sophos endpoint from sophos central.

    installed for 2-3 weeks.

    the error start appearing last week.

  • Hello yeowkm,

    Is Sophos UI.exe the only .exe returning this message?
    Can you please verify the following? :

    Open your registry (regedit)
    And navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
    Once there, look for "AppInit_DLLs"
    Double click on it and copy the value data here please

    Do the same for this key please
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows

    If possible, compare to another computer where the error is not present and see if there are any differences as to where is it pointing to.

    Regards,

    Barb@Sophos
    Community Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

     

  • this is what i found on the registry at "AppInit_DLLs"

     

    C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL

     

    C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL

  • Hello yeowkm,

    Those locations look correct, you can double check against one of your systems that does not return the issue, to ensure they look the same.

    Is Sophos UI.exe the only .exe returning this message?

    Has anything changed in the system prior to this issue starting?

    I conducted some online searches and it seems that you may want to run a system scan 

    I would recommend to also check your system startup to see if there's anything in there pointing to that icm32.dll 

    Regards,

    Barb@Sophos
    Community Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

     

  • sopohsUI.exe is the one returning the message.

    i disable sophos from startup and reboot the machine.

    the machine startup normally. but the moment i go launch sophos endpoint, the message appears.

    already tried running system scan once.

    will try one more time

  • Hi yeowkm,

    Can you check if there are any corrupt system files on the machine which could be resulting us this error?

    RunCommand prompt as Admin > sfc /scannow (The expected result is 'Windows resource protection did not find any integrity violations').

    Regards,

    Gowtham Mani
    Community Support Engineer | Sophos Technical Support

    Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

  • there are corrupted files found.

    this is the sfc details

     

    2018-08-08 10:56:44, Info CSI 000004b0 [SR] Could not reproject corrupted file [ml:520{260},l:62{31}]"\??\C:\Windows\System32\drivers"\[l:18{9}]"ipnat.sys"; source file in store is also corrupted
    2018-08-08 10:56:44, Info CSI 000004b2 [SR] Cannot repair member file [l:22{11}]"d3d8thk.dll" of Microsoft-Windows-DirectX-Direct3D9, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
    2018-08-08 10:56:44, Info CSI 000004b3 [SR] This component was referenced by [l:202{101}]"Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.WindowsFoundationDelivery"
    2018-08-08 10:56:44, Info CSI 000004b5 [SR] Cannot repair member file [l:16{8}]"d3d9.dll" of Microsoft-Windows-DirectX-Direct3D9, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
    2018-08-08 10:56:44, Info CSI 000004b6 [SR] This component was referenced by [l:202{101}]"Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.WindowsFoundationDelivery"
    2018-08-08 10:56:44, Info CSI 000004b9 [SR] Could not reproject corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:22{11}]"d3d8thk.dll"; source file in store is also corrupted
    2018-08-08 10:56:44, Info CSI 000004bc [SR] Could not reproject corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:16{8}]"d3d9.dll"; source file in store is also corrupted
    2018-08-08 10:56:44, Info CSI 000004be [SR] Cannot repair member file [l:102{51}]"Microsoft-Windows-IE-InternetExplorer-ppdlic.xrm-ms" of Microsoft-Windows-IE-InternetExplorer, Version = 11.2.9600.19080, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
    2018-08-08 10:56:44, Info CSI 000004bf [SR] This component was referenced by [l:162{81}]"Package_39_for_KB4339093~31bf3856ad364e35~amd64~~11.2.1.0.4339093-503_neutral_GDR"
    2018-08-08 10:56:44, Info CSI 000004c2 [SR] Could not reproject corrupted file [ml:520{260},l:82{41}]"\??\C:\Windows\System32\spp\tokens\ppdlic"\[l:102{51}]"Microsoft-Windows-IE-InternetExplorer-ppdlic.xrm-ms"; source file in store is also corrupted
    2018-08-08 10:56:44, Info CSI 000004c4 [SR] Cannot repair member file [l:20{10}]"msimsg.dll" of Microsoft-Windows-Installer-Engine, Version = 6.1.7601.24052, pA = PROCESSOR_ARCHITECTURE_IA32_ON_WIN64 (10), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
    2018-08-08 10:56:44, Info CSI 000004c5 [SR] This component was referenced by [l:162{81}]"Package_106_for_KB4088878~31bf3856ad364e35~amd64~~6.1.1.2.4088878-142_neutral_LDR"
    2018-08-08 10:56:44, Info CSI 000004c8 [SR] Could not reproject corrupted file [ml:48{24},l:46{23}]"\??\C:\Windows\SysWOW64"\[l:20{10}]"msimsg.dll"; source file in store is also corrupted
    2018-08-08 10:56:44, Info CSI 000004ca [SR] Cannot repair member file [l:20{10}]"dao360.dll" of Microsoft-Windows-Microsoft-Data-Access-Components-JetDAO, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
    2018-08-08 10:56:44, Info CSI 000004cb [SR] This component was referenced by [l:202{101}]"Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.WindowsFoundationDelivery"
    2018-08-08 10:56:44, Info CSI 000004ce [SR] Could not reproject corrupted file [ml:520{260},l:120{60}]"\??\C:\Program Files (x86)\Common Files\Microsoft Shared\DAO"\[l:20{10}]"dao360.dll"; source file in store is also corrupted
    2018-08-08 10:56:44, Info CSI 000004d0 [SR] Cannot repair member file [l:38{19}]"DiskDiagnostic.adml" of Microsoft-Windows-DiskDiagnostic-Adm.Resources, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture = [l:10{5}]"en-US", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
    2018-08-08 10:56:44, Info CSI 000004d1 [SR] This component was referenced by [l:302{151}]"Microsoft-Windows-GroupPolicy-ClientTools-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.Microsoft-Windows-GroupPolicy-ClientTools-AdmFiles-Update"
    2018-08-08 10:56:44, Info CSI 000004d4 [SR] Could not reproject corrupted file [ml:520{260},l:76{38}]"\??\C:\Windows\PolicyDefinitions\en-US"\[l:38{19}]"DiskDiagnostic.adml"; source file in store is also corrupted
    2018-08-08 10:56:44, Info CSI 000004d6 [SR] Cannot repair member file [l:58{29}]"JavaScriptCollectionAgent.dll" of Microsoft-Windows-IE-JavaScriptCollectionAgent, Version = 11.2.9600.19080, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
    2018-08-08 10:56:44, Info CSI 000004d7 [SR] This component was referenced by [l:162{81}]"Package_39_for_KB4339093~31bf3856ad364e35~amd64~~11.2.1.0.4339093-481_neutral_GDR"
    2018-08-08 10:56:44, Info CSI 000004da [SR] Could not reproject corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:58{29}]"JavaScriptCollectionAgent.dll"; source file in store is also corrupted
    2018-08-08 10:56:44, Info CSI 000004dc [SR] Cannot repair member file [l:24{12}]"iernonce.dll" of Microsoft-Windows-IE-Setup-Support, Version = 11.2.9600.19080, pA = PROCESSOR_ARCHITECTURE_IA32_ON_WIN64 (10), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
    2018-08-08 10:56:44, Info CSI 000004dd [SR] This component was referenced by [l:162{81}]"Package_39_for_KB4339093~31bf3856ad364e35~amd64~~11.2.1.0.4339093-500_neutral_GDR"
    2018-08-08 10:56:44, Info CSI 000004e0 [SR] Could not reproject corrupted file [ml:48{24},l:46{23}]"\??\C:\Windows\SysWOW64"\[l:24{12}]"iernonce.dll"; source file in store is also corrupted
    2018-08-08 10:56:44, Info CSI 000004e2 [SR] Cannot repair member file [l:18{9}]"WMASF.DLL" of Microsoft-Windows-MediaPlayer-WMASF, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
    2018-08-08 10:56:44, Info CSI 000004e3 [SR] This component was referenced by [l:206{103}]"Microsoft-Windows-Media-Format-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.WindowsMediaFormatRuntime"
    2018-08-08 10:56:44, Info CSI 000004e6 [SR] Could not reproject corrupted file [ml:48{24},l:46{23}]"\??\C:\Windows\SysWOW64"\[l:18{9}]"WMASF.DLL"; source file in store is also corrupted
    2018-08-08 10:56:44, Info CSI 000004e8 [SR] Cannot repair member file [l:24{12}]"audiodev.dll" of Microsoft-Windows-WPD-LegacyWmdmShellExtension, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
    2018-08-08 10:56:44, Info CSI 000004e9 [SR] This component was referenced by [l:206{103}]"Microsoft-Windows-Media-Format-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.WindowsMediaFormatRuntime"
    2018-08-08 10:56:44, Info CSI 000004ec [SR] Could not reproject corrupted file [ml:48{24},l:46{23}]"\??\C:\Windows\SysWOW64"\[l:24{12}]"audiodev.dll"; source file in store is also corrupted
    2018-08-08 10:56:44, Info CSI 000004ee [SR] Repair complete
    2018-08-08 10:56:44, Info CSI 000004f3 [SR] Committing transaction
    2018-08-08 10:56:45, Info CSI 000004f7 [SR] Verify and Repair Transaction completed. All files and registry keys listed in this transaction have been successfully repaired

  • Hello yeowkm,

    I am not seeing any references in your system scan regarding fixing icm32.dll. 

    Is the file present on the machine? (icm32.dll). The path to the dll is the one listed in your error message.

    Do you have any other computers in your environment with the same OS and settings as this one? If so, perhaps you can try copying the dll from a working machine to the affected one.  (If possible, do a system backup first, in case anything fails. Especially since there were references to unaddressed OS issues in your scan results. ).

    You may also want to re-run the scan following my previous link, as it contains additional info regarding downloading missing/corrupted files.

    Let us know how that goes.

    Regards,

    Barb@Sophos
    Community Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.