Userinit - Bad image

Hi anyone can help me on this problems? I hav attached the image. Whenever i do a bootup or spyboot scan it alway prompts this error msg.. how can i clear this?

 

just delete the files it is showing. They are obviously not fonts so they shouldn't be in the fonts folder anyway. Make a backup elsewhere just in case though

 

Hi it was saying that the application or DLL in C:\WINDOWS\Fonts\... is not a valid windows images? But i can locate the files mention?

 

The only file types that should be in your fonts folder are font related ones, i.e. .ttf or .ttc a .dll is generally a system file or part of software, so i find it suspicious that any dll has made its way into your fonts folder.

 

I tried some of the solutions mention like doing a sfc /scannow from the XP disc but still its not working.. Im thinking of doing a repair install of XP but will that remove all my install programs & applications ? thks so much for helping

 

Windows repair will not remove any installed applications or affect your documents or anything, only the windows system files.
If you want to try a windows repair go for it, not sure if it will help your problem though.
Have you removed the files from your fonts folder yet?

 

If some sort of malware has edited the userinit file, a repair install will remove references to these .dlls, but they (and every other component of this malware) will still be on the system. I think it would be best to have this checked out by the malware folks.

Download HiJack This and post a log here for review.

 

Hi i've done a window repair but still it cant solve the problem... I did not delete the files coz I can't locate the error files located in the fonts folder..

 

Hi i post my log for yr review...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:43:46 PM, on 4/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\SYSTEM32\DWRCS.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\alvin\LOCALS~1\Temp\Temporary Directory 2 for HiJackThis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com.sg/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.yahoo.com.sg/
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,,C:\WINDOWS\system32\26SvTh.exe
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {90ABF306-38BD-4515-92B1-72BEC28F4F85} - C:\WINDOWS\System32\akfi.dll (file missing)
O2 - BHO: (no name) - {9963387B-212E-4643-B207-82DAEA0E713D} - C:\Program Files\Internet Explorer\PLUGINS\Wn_Sys8x.Sys (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [NVDispDrv] C:\WINDOWS\NVDispDRV.EXE
O4 - HKLM\..\Run: [Kvsc3] C:\WINDOWS\Kvsc3.exE
O4 - HKLM\..\RunServices: [upnpsrch] C:\WINDOWS\System32\upnpsrch.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8263C843-882A-4D7B-B0F9-9B28194F35D1}: NameServer = 203.92.64.194
O17 - HKLM\System\CS1\Services\Tcpip\..\{8263C843-882A-4D7B-B0F9-9B28194F35D1}: NameServer = 203.92.64.194
O17 - HKLM\System\CS2\Services\Tcpip\..\{8263C843-882A-4D7B-B0F9-9B28194F35D1}: NameServer = 203.92.64.194
O18 - Filter hijack: text/html - {0D61F60A-BE80-458E-86AA-EE58E6246F7C} - C:\WINDOWS\System32\akfi.dll
O20 - AppInit_DLLs: hookhelp.dll
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINDOWS\SYSTEM32\DWRCS.EXE
O23 - Service: Lync USB Auditor Service (LyncUSBServ) - Lync Software - x:\IT\Programs\Scan\lyncusb.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe

--
End of file - 4179 bytes