Userinit - Bad image

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

spec_r

Thread Starter
Joined
Apr 10, 2008
Messages
12
Hi anyone can help me on this problems? I hav attached the image. Whenever i do a bootup or spyboot scan it alway prompts this error msg.. how can i clear this?
 

Attachments

Joined
Jun 7, 2007
Messages
6
just delete the files it is showing. They are obviously not fonts so they shouldn't be in the fonts folder anyway. Make a backup elsewhere just in case though
 

spec_r

Thread Starter
Joined
Apr 10, 2008
Messages
12
just delete the files it is showing. They are obviously not fonts so they shouldn't be in the fonts folder anyway. Make a backup elsewhere just in case though
Hi it was saying that the application or DLL in C:\WINDOWS\Fonts\... is not a valid windows images? But i can locate the files mention?
 
Joined
Jun 7, 2007
Messages
6
The only file types that should be in your fonts folder are font related ones, i.e. .ttf or .ttc a .dll is generally a system file or part of software, so i find it suspicious that any dll has made its way into your fonts folder.
 

spec_r

Thread Starter
Joined
Apr 10, 2008
Messages
12
I tried some of the solutions mention like doing a sfc /scannow from the XP disc but still its not working.. Im thinking of doing a repair install of XP but will that remove all my install programs & applications ? thks so much for helping
 
Joined
Jun 7, 2007
Messages
6
Windows repair will not remove any installed applications or affect your documents or anything, only the windows system files.
If you want to try a windows repair go for it, not sure if it will help your problem though.
Have you removed the files from your fonts folder yet?
 
Joined
Oct 25, 2007
Messages
2,393
If some sort of malware has edited the userinit file, a repair install will remove references to these .dlls, but they (and every other component of this malware) will still be on the system. I think it would be best to have this checked out by the malware folks.

Download HiJack This and post a log here for review.
 

spec_r

Thread Starter
Joined
Apr 10, 2008
Messages
12
Windows repair will not remove any installed applications or affect your documents or anything, only the windows system files.
If you want to try a windows repair go for it, not sure if it will help your problem though.
Have you removed the files from your fonts folder yet?
Hi i've done a window repair but still it cant solve the problem... I did not delete the files coz I can't locate the error files located in the fonts folder..
 

spec_r

Thread Starter
Joined
Apr 10, 2008
Messages
12
If some sort of malware has edited the userinit file, a repair install will remove references to these .dlls, but they (and every other component of this malware) will still be on the system. I think it would be best to have this checked out by the malware folks.

Download HiJack This and post a log here for review.
Hi i post my log for yr review...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:43:46 PM, on 4/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\SYSTEM32\DWRCS.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\alvin\LOCALS~1\Temp\Temporary Directory 2 for HiJackThis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com.sg/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.yahoo.com.sg/
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,,C:\WINDOWS\system32\26SvTh.exe
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {90ABF306-38BD-4515-92B1-72BEC28F4F85} - C:\WINDOWS\System32\akfi.dll (file missing)
O2 - BHO: (no name) - {9963387B-212E-4643-B207-82DAEA0E713D} - C:\Program Files\Internet Explorer\PLUGINS\Wn_Sys8x.Sys (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [NVDispDrv] C:\WINDOWS\NVDispDRV.EXE
O4 - HKLM\..\Run: [Kvsc3] C:\WINDOWS\Kvsc3.exE
O4 - HKLM\..\RunServices: [upnpsrch] C:\WINDOWS\System32\upnpsrch.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8263C843-882A-4D7B-B0F9-9B28194F35D1}: NameServer = 203.92.64.194
O17 - HKLM\System\CS1\Services\Tcpip\..\{8263C843-882A-4D7B-B0F9-9B28194F35D1}: NameServer = 203.92.64.194
O17 - HKLM\System\CS2\Services\Tcpip\..\{8263C843-882A-4D7B-B0F9-9B28194F35D1}: NameServer = 203.92.64.194
O18 - Filter hijack: text/html - {0D61F60A-BE80-458E-86AA-EE58E6246F7C} - C:\WINDOWS\System32\akfi.dll
O20 - AppInit_DLLs: hookhelp.dll
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINDOWS\SYSTEM32\DWRCS.EXE
O23 - Service: Lync USB Auditor Service (LyncUSBServ) - Lync Software - x:\IT\Programs\Scan\lyncusb.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe

--
End of file - 4179 bytes
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top