1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Userinit - Bad image

Discussion in 'Windows XP' started by spec_r, Apr 10, 2008.

Thread Status:
Not open for further replies.
Advertisement
  1. spec_r

    spec_r Thread Starter

    Joined:
    Apr 10, 2008
    Messages:
    12
    Hi anyone can help me on this problems? I hav attached the image. Whenever i do a bootup or spyboot scan it alway prompts this error msg.. how can i clear this?
     

    Attached Files:

  2. ice_monsta

    ice_monsta

    Joined:
    Jun 7, 2007
    Messages:
    6
    just delete the files it is showing. They are obviously not fonts so they shouldn't be in the fonts folder anyway. Make a backup elsewhere just in case though
     
  3. spec_r

    spec_r Thread Starter

    Joined:
    Apr 10, 2008
    Messages:
    12
    Hi it was saying that the application or DLL in C:\WINDOWS\Fonts\... is not a valid windows images? But i can locate the files mention?
     
  4. ice_monsta

    ice_monsta

    Joined:
    Jun 7, 2007
    Messages:
    6
    The only file types that should be in your fonts folder are font related ones, i.e. .ttf or .ttc a .dll is generally a system file or part of software, so i find it suspicious that any dll has made its way into your fonts folder.
     
  5. spec_r

    spec_r Thread Starter

    Joined:
    Apr 10, 2008
    Messages:
    12
    I tried some of the solutions mention like doing a sfc /scannow from the XP disc but still its not working.. Im thinking of doing a repair install of XP but will that remove all my install programs & applications ? thks so much for helping
     
  6. ice_monsta

    ice_monsta

    Joined:
    Jun 7, 2007
    Messages:
    6
    Windows repair will not remove any installed applications or affect your documents or anything, only the windows system files.
    If you want to try a windows repair go for it, not sure if it will help your problem though.
    Have you removed the files from your fonts folder yet?
     
  7. Dr. Chauncey

    Dr. Chauncey

    Joined:
    Oct 25, 2007
    Messages:
    2,393
    If some sort of malware has edited the userinit file, a repair install will remove references to these .dlls, but they (and every other component of this malware) will still be on the system. I think it would be best to have this checked out by the malware folks.

    Download HiJack This and post a log here for review.
     
  8. spec_r

    spec_r Thread Starter

    Joined:
    Apr 10, 2008
    Messages:
    12
    Hi i've done a window repair but still it cant solve the problem... I did not delete the files coz I can't locate the error files located in the fonts folder..
     
  9. spec_r

    spec_r Thread Starter

    Joined:
    Apr 10, 2008
    Messages:
    12
    Hi i post my log for yr review...

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 3:43:46 PM, on 4/14/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
    C:\WINDOWS\SYSTEM32\DWRCS.EXE
    C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\igfxtray.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\DOCUME~1\alvin\LOCALS~1\Temp\Temporary Directory 2 for HiJackThis.zip\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com.sg/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.yahoo.com.sg/
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,,C:\WINDOWS\system32\26SvTh.exe
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {90ABF306-38BD-4515-92B1-72BEC28F4F85} - C:\WINDOWS\System32\akfi.dll (file missing)
    O2 - BHO: (no name) - {9963387B-212E-4643-B207-82DAEA0E713D} - C:\Program Files\Internet Explorer\PLUGINS\Wn_Sys8x.Sys (file missing)
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    O4 - HKLM\..\Run: [NVDispDrv] C:\WINDOWS\NVDispDRV.EXE
    O4 - HKLM\..\Run: [Kvsc3] C:\WINDOWS\Kvsc3.exE
    O4 - HKLM\..\RunServices: [upnpsrch] C:\WINDOWS\System32\upnpsrch.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
    O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8263C843-882A-4D7B-B0F9-9B28194F35D1}: NameServer = 203.92.64.194
    O17 - HKLM\System\CS1\Services\Tcpip\..\{8263C843-882A-4D7B-B0F9-9B28194F35D1}: NameServer = 203.92.64.194
    O17 - HKLM\System\CS2\Services\Tcpip\..\{8263C843-882A-4D7B-B0F9-9B28194F35D1}: NameServer = 203.92.64.194
    O18 - Filter hijack: text/html - {0D61F60A-BE80-458E-86AA-EE58E6246F7C} - C:\WINDOWS\System32\akfi.dll
    O20 - AppInit_DLLs: hookhelp.dll
    O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
    O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINDOWS\SYSTEM32\DWRCS.EXE
    O23 - Service: Lync USB Auditor Service (LyncUSBServ) - Lync Software - x:\IT\Programs\Scan\lyncusb.exe
    O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
    O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe

    --
    End of file - 4179 bytes
     
  10. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/702556

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice