# bad image error



## blue_tuskfish (May 13, 2005)

Hello, this is my first posting - so sorry for the verbosity. 

At startup, a logon box appeared on the screen (usually the desktop would come straight up and I didn't have to go through this logon process). The cancel button was greyed out, so I could only accept OK. After accepting the logon (user with no password) I then received the following error message:

"userinit.exe - bad image: the application or dll C:\windows\systems32\winspool.drv is not a valid windows image. please check this against your installation diskette" 

Then none of my desktop icons would appear and all I could do was shut the PC down. I started in several of the Safe Mode options - but it made no difference. I put in the XP/ SP2 CD and that didn't help either.

After some fiddling around I managed to get my program icons up on the screen and then did a Virus Check and an Adware Check and a Malicious Software Check (all recently updated) - but all reported no problems. 

Nothing gets me to start the PC up. Very frustrated and brain-tired....can someone please help by suggesting what is wrong and what I can do to fix it!

TimO


----------



## petercj (Oct 21, 2004)

Hi

Try tapping the F8 key from start-up and when the menu appears choose: "Last good configuration".

I would also recommend a virus check at Trend Micro Housecall:-

http://housecall.trendmicro.com/

Peter


----------



## blue_tuskfish (May 13, 2005)

*bad image error - response*

Hi Peter,

Thanks for the advice. A couple of problems though; 1. Tried the "last known good configuration' but yielded same result and 2. I can't seem log onto the net to do an online virus scan (although now have an offline version of Trend Micro to try). Any other suggestions?

Tim


----------



## petercj (Oct 21, 2004)

Hi Tim

Are you able to do a 'System Restore' ?

Peter


----------



## blue_tuskfish (May 13, 2005)

*bad image error - response*

Good suggestion - Not sure if I can, but I'll give that a try!

Tim


----------



## petercj (Oct 21, 2004)

Hi again Tim

Whether the SR works or not, I would suggest you follow the advice on this link* - you can download HIJackThis and HJT Analyzer onto a floppy on another machine and move between the two if your infected machine has lost Internet access.

* http://www.techsupportforum.com/showthread.php?t=15968

Peter


----------



## dai (Jul 2, 2004)

found this
boot your computer from your Windows XP restore cd/OS cd, when the menu comes up hit the R key to get to the recovery prompt. 

The prompt should start off at C:\Windows. Type cd system32. The prompt should now read C:\Windows\system32 

Type: copy userinit.exe wsaupdater.exe 

Reboot


----------



## petercj (Oct 21, 2004)

I found that one as well dia, but when I followed up some help links I found it didn't do the trick and then I found:-

http://www.techsupportforum.com/showthread.php?t=51102&highlight=windows+bad+image

But anyway, it will be interesting to hear what works.

Peter


----------



## dai (Jul 2, 2004)

usually when i see wsaupdater.exe has a problem suspect spyware but the reply was it had fixed the problem


----------



## blue_tuskfish (May 13, 2005)

*bad image error - ongoing*

Thanks for the advice - I have lost internet access and am trying my best working between two computers (one at work and one at home).

I tried the system restore as suggested - but no success. I did try the program HJT Analyser from CD - copied into a temp directory (and it worked) - but what a list of stuff it showed up. I opted out of doing anything in fear of deleting something that was critical to XP and shouldn't be deleted.

I also tried SpyBot and AdAware copied from CD - but they wouldn't work - just the same pop-up error message about "bad Image error" - even after clicking OK, the programs wont start.

I will dig out an XP restore CD / OS cd from someone. The only CD I have is the XP CD that came with the system (i.e. for new machines only) - and when I tried to run that, it wouldn't go.

I will follow dai's suggestions too and see how I go and report back tomorrow. 

Its a shame that the registry doesn't date changes (like file names or like a tracking system) so you could see what has been altered.

Thank you for your time.

Tim


----------



## batty_professor (Jul 29, 2004)

Your restore disk should offer the repair option dai indicated. If that didn't appear, I don't think another disk will help. Are you sure you can't find a recovery console when booting with the CD? Did the boot screen offer to boot from CD? Perhaps your bios settings have that option disabled? Many remove the option to make the computer boot faster under normal conditions. If you need to access the bios, use the "delete" key at boot to access the bios, and change the boot order th CD first. Save and exit.


----------



## petercj (Oct 21, 2004)

Try holding down the F11 key from start-up which may bring up the option to boot from DVD/CD

If you post up the result of the HJT scan on the HighJackThis board they will advise on what to remove.

Peter


----------



## petercj (Oct 21, 2004)

Just a couple of points about the use of the word "restore"...

The term "restore disc" is usually used to describe an image that has been made for a specific system and includes Windows and the drivers for the hardware in that system - you definitely do not want to try and install someone elses restore software on your PC

What you need is the Microsoft Windows XP disc.

As someone has pointed out, you can go into your BIOS and change the boot order so that the first boot is CD, or, an easier way if available on your machine, may be to use the F11 key from start up and select 'boot from DVD/CD' from the menu that is offered.

Once you have XP booted up you have a number of options, to try the one mentioned by Dai, or to do a repair install of XP which should in theory leave your programs and data in place, or do a full clean install which will clear out all your programs and data but will almost certainly mean that your problems are over, including any virus or malware infection that may be on the current install of windows. You will need to reinstall all drivers, including the mainboard drivers which hopefully you have on a disc that supports your MB.

To be quite frank, if you're not too bothered about the data you have on the current copy of windows, doing a format and starting again with a clean install is probably the best option.

Peter


----------



## Removed (May 14, 2005)

I think you should try renaming the original winspool.drv and userinit.exe files to .bak files and then replacing the originals with the same files from another similar Windows OS. To do this, you may have to start up in safe mode. If the ill system is a Windows XP Home + SP2 system, use files from another Windows XP Home + SP2 system. I would definitely give it a try. If the results aren't all that good, you could always go back and restore the originals. :smooch: 

Good luck,
Sceptre


----------



## petercj (Oct 21, 2004)

This article may be relevant:-

http://support.microsoft.com/default.aspx?scid=kb;en-us;892893

Peter


----------



## blue_tuskfish (May 13, 2005)

*bad image error popup - ongoing*

Yes, I had to go into the bios and changed the priority boot setting so that I had the option of booting the computer from a CD.

Then I was able to follow the suggestion of booting the computer from my Windows XP restore cd/OS cd, by hitting the R key to get the recovery prompt. I typed in: copy userinit.exe wsaupdater.exe and rebooted the PC (BTW - I would be interested to know what this does? Isn’t it just copying userinit.exe as a backupfile to the new name of wsaupdater.exe? Anyway – what ever was supposed to happen – it didn’t work)

I then followed the advice in the HJT tech forum and downloaded various files such as SpybotS&D and AdAware (even though they were already present on the system). When I tried to run these, the system blocked them by offering the “bad image error” popup – and the program/s never started.

Because I have lost internet access, its pointless running an on-line virus check – but I did download a stinger and ran that (all files reported as being clean so I presume no viruses were detected. I also downloaded a 30-day evaluation copy of TrenMicro PC-Cillin to attempt a virus scan – but the same error popup message appeared (“bad image” the application or dll…etc, etc) and blocked the program from starting.

I then downloaded and installed HijackThis .exe and successfully created a log file, then ran the KRC HiJackThis Analyzer.exe and successfully created the result.txt file. 

I am about to create a new HJT discussion and place the result.txt file on that discussion board (unless I should also paste it in here?)..

Out of interest, I also ran RegistryFix (while in safe mode). The scan suggests 202 problems…but couldn’t do anything about them anyway without registering the program (online). 

FYI: Before this event that locked me out of my computer with the popup error message, I had a licensed copy of McAfee virus checker (which regularly updated) and I had the Windows XP firewall turned on and other security settings were kept high. I also regularly checked and installed the various Windows XP update patches. And I rarely used Internet Explorer – opting for Mozilla Firefox.

I will be interested to find out some more about the HJT data. I will also try some of the other suggestions made after Dai’s.

Thank you. 

Tim


----------



## dai (Jul 2, 2004)

most of the time the unwanted guests get on your machine,when you unknowingly invite them in,hidden in a file you think is legit


----------



## blue_tuskfish (May 13, 2005)

*Slow Progress*

I have made some progress! I can now at least start up my computer and enter my familiar desktop. 

The error messages highlighting the files winspool.drv; winhttp.dll and credui.dll are no longer appearing.

However, a new error popup message box has appeared with the following information “point32.exe – bad image. The application or DLL C:WINDOWS\systems32\HID.DLL is not a valid Windows image. Please check this against your installation diskette” 

I have searched the XP os cd, but can not find a hid.dll file? Point32.exe is associated with MS IntelliPoint5.2 software?

Well who ever accessed my PC they wouldn't have found much and most of it would probably have been quite...still its annoying thinking that someone has hacked in and buggerised around in your computer. Just how much info can they extract?

I am leaning towards a repair /re-installation.

Regards,

Tim


----------



## dai (Jul 2, 2004)

reinstall your mouse software,just about everytime i boot i get the message ms intellimouse failed need to restart click to send error message to ms.


----------



## blue_tuskfish (May 13, 2005)

*more progress*

I have internet access - but can't see if my firewall is on - system blocking that from starting up. Also McAfee virus scanner wont scan. 

Not keen on IE6 - but using it for an online scan - but IE is running very slow.

Also at start-up, the Windows logon box appears; I can input my user / administrator name and push ok - but the cancel button is greyed out. Before I used to just switch on the PC and go straight to the desktop (no logon boxes to fill out?? - or at least I could click on cancel and the box and it wouldn't re-appear at the next logon).

No feedback form the HJT discussion board yet.


----------



## blue_tuskfish (May 13, 2005)

*F11 for CD/DVD bootup option*

Sorry - this didn't seem to work either.


----------



## dai (Jul 2, 2004)

in the run box type
sfc /scannow
and press enter


----------



## petercj (Oct 21, 2004)

Try running AdAware and Spybot in safe mode (Tap F8 from start-up to find a menu offering SM)

Also, try downloading McAfee stinger (I think it will work from a disk)

Do you have the PC Pro magazine where you are? There's several programs on the June cover disk that would be useful, including AVG, AdAware, Spybot, Tweak Now reg cleaner and Firefox.

You could also try a file check to see if it will restore any functionality to IE :-
With XP disk in drive go to START>RUN and type sfc /scannow and hit Enter.

Peter


----------



## petercj (Oct 21, 2004)

It may be that your system doesn't support the F11 key menu... but it can be a bit touch and go at times because you need to press it at the right point after starting - try waiting 3 to 4 seconds before holding the key down.


----------



## djspoof (May 17, 2005)

your computer is screaming for a good format and reinstall of windows. just get your xp cd key and figure out which version of the OS you run and start over. headaches are gone.


----------



## blue_tuskfish (May 13, 2005)

*A good clean out....?*

Yep you are probably right - but what a hassle. I just thought there was a way of running a few fix-its to save the grief. Data isn't an issue - I have backups. For me its more about getting the right drivers and setups, etc, etc, and the relaoding all the favorite software and settups again!

After some more fiddling around - I did manage to get internet access. I ran the Panda online virus & adware scan and then also SpybotS&D. Spybot identified and removed some issues (DSE or DSO issues, etc) - which did improve access to files, but it wasn't enough to solve the problem. The online virus scanner and adware checker - found no problems.

I also noticed when openning the Control Panel, that I had no access to "Adding / Removing programs" to uninstall software. I couldn't understand this - because I was logged on as an administrator...... I was also intrigued that when using Outlook for email - I couldn't type in any text except in the subject line?

_edit - And when attempting to run Ad-Aware SE, the program locked up.._

Tim


----------

