computer weirding out

[Cusigchbotamino]

For a while now I have been getting lots of pop ups when I start my computer. Pop ups to download securiy stuff like anti virus or anti spyware. I figured this is almost certainly caused by malware and so I have proceeded to do the necessary scans in hopes that I can clean my computer. Thank you very much for any help :) My scans are below and attached as requested.



DDS (Ver_09-03-16.01) - NTFSx86
Run by adrian arthur at 17:13:50.62 on Fri 04/10/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1535.947 [GMT -7:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\reader_s.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PIXELA\ImageMixer 3 SE for SD\CameraMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.6.0_04\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\ADRIAN~1\LOCALS~1\Temp\675660118.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\adrian arthur\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.msn.com
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.msn.com
mDefault_Page_URL = hxxp://www.emachines.com
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
mSearchAssistant = hxxp://www.google.com
BHO: c:\windows\system32\hsf73ikmdf3f.dll: {b2ba40a2-74f3-42bd-f434-2604812c8954} - c:\windows\system32\hsf73ikmdf3f.dll
BHO: {fad98e69-9a97-4b5a-946e-dd067cd50df7} - c:\windows\system32\sagujele.dll
TB: {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - No File
TB: &Yahoo! Companion: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
EB: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - &Yahoo! Messenger
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [reader_s] c:\documents and settings\adrian arthur\reader_s.exe
uRun: [Diagnostic Manager] c:\docume~1\adrian~1\locals~1\temp\675660118.exe
mRun: [CHotkey] zHotkey.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_04\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Htotucobu] rundll32.exe "c:\windows\itururulip.dll",e
mRun: [e000e16c] rundll32.exe "c:\windows\system32\timinebe.dll",b
mRun: [reader_s] c:\windows\system32\reader_s.exe
mRun: [vuzewomime] Rundll32.exe "c:\windows\system32\hisozega.dll",s
mRun: [CPMe333d2f0] Rundll32.exe "c:\windows\system32\vawopijo.dll",a
dRun: [<NO NAME>] c:\windows\temp\fuoof.exe
dRun: [Windows Resurections] c:\windows\temp\fuoof.exe
dRun: [Diagnostic Manager] c:\windows\temp\3663076480.exe
dRun: [reader_s] c:\windows\system32\config\systemprofile\reader_s.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\imagem~1.lnk - c:\program files\pixela\imagemixer 3 se for sd\CameraMonitor.exe
uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
uPolicies-explorer: NoFolderOptions = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
dPolicies-explorer: NoFolderOptions = 1 (0x1)
dPolicies-system: DisableRegistryTools = 1 (0x1)
IE: Yahoo! Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
Trusted Zone: yahoo.com
DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} - hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - hxxp://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
DPF: {205FF73B-CA67-11D5-99DD-444553540006} - hxxp://www.errorguard.com/installation/Install.cab
DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} - c:\program files\yahoo!\common\yucconfig.dll
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
DPF: {4B55FE21-325E-48D5-9B39-9B430D639EE8} - hxxp://www.contentpurity.com/ScanFile.CAB
DPF: {556DDE35-E955-11D0-A707-000000521957} - hxxp://www.xblock.com/download/xclean_micro.exe
DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - hxxp://software-dl.real.com/06ba6f3d4050ce80f500/netzip/RdxIE601.cab
DPF: {58172624-85DD-4482-9E64-02ADCA637E96} - hxxp://www.shizmoo.com/activex/web665.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1115537730562
DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} - hxxp://www.acclaim.com/cabs/acclaim_v4.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - hxxp://download.yahoo.com/dl/installs/ymail/ymmapi.dll
DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} - hxxp://disteng.nefficient.com/disteng/neffy/NeffyLauncher.cab
DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - hxxp://download.yahoo.com/dl/installs/yab_af.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} - hxxp://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} - hxxp://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
Notify: tmodkm - tmodkm.dll
AppInit_DLLs: karna.dat c:\windows\system32\tukuhegu.dll c:\windows\system32\yohujoku.dll c:\windows\system32\jesuvaya.dll c:\windows\system32\midamuhi.dll c:\windows\system32\vawopijo.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\vawopijo.dll
STS: c:\windows\system32\hsf73ikmdf3f.dll: {b2ba40a2-74f3-42bd-f434-2604812c8954} - c:\windows\system32\hsf73ikmdf3f.dll
STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\vawopijo.dll
LSA: Notification Packages = scecli wmagensr.dll c:\windows\system32\yohujoku.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\adrian~1\applic~1\mozilla\firefox\profiles\wxo2wx28.default\
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npclntax_ZangoSA.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: XUL Cache: {747539CC-E206-4AB5-9B7D-47B7BD93B659} - c:\documents and settings\adrian arthur\local settings\application data\{747539CC-E206-4AB5-9B7D-47B7BD93B659}
FF - HiddenExtension: XUL Cache: {408B7FCC-ADD6-43EE-A889-7D476BE6CABD} - c:\windows\system32\config\systemprofile\local settings\application data\{408b7fcc-add6-43ee-a889-7d476be6cabd}\

============= SERVICES / DRIVERS ===============

R1 prodrv03;Star Force copy protection driver v3;c:\windows\system32\drivers\prodrv03.sys [2004-9-12 115936]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-3-3 1119888]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-1-8 45132]
S2 ICF;ICF;c:\windows\system32\svchost.exe:ext.exe []
S2 navapsvc;Norton AntiVirus Auto-Protect Service;"c:\program files\norton antivirus\navapsvc.exe" --> c:\program files\norton antivirus\navapsvc.exe [?]
S3 restore;restore;\??\c:\windows\system32\drivers\restore.sys --> c:\windows\system32\drivers\restore.sys [?]
S3 WlanUIG;2Wire 802.11g USB Driver;c:\windows\system32\drivers\WlanUIG.sys [2005-3-14 347648]
S3 XDva007;XDva007;\??\c:\windows\system32\xdva007.sys --> c:\windows\system32\XDva007.sys [?]
S3 XDva009;XDva009;\??\c:\windows\system32\xdva009.sys --> c:\windows\system32\XDva009.sys [?]
S3 XDva020;XDva020;\??\c:\windows\system32\xdva020.sys --> c:\windows\system32\XDva020.sys [?]

=============== Created Last 30 ================

2009-04-08 11:00 50,688 a--sh--- c:\windows\system32\henemate.dll
2009-04-08 10:59 <DIR> --d----- c:\program files\Microsoft Common
2009-04-07 12:57 0 a------- c:\windows\mqcd.dbt
2009-04-07 12:56 28,672 a------- c:\windows\system32\kdoqmn.sr
2009-04-07 12:56 32,768 a------- c:\windows\system32\fe3.wa
2009-04-07 12:56 32,768 a------- c:\windows\system32\kei1w.an
2009-04-07 12:56 77,312 a------- c:\windows\system32\er3r.pxf
2009-04-07 12:56 28,672 a------- c:\windows\system32\doqkm.zt
2009-04-07 12:49 182,912 ac------ c:\windows\system32\dllcache\ndis.sys
2009-04-07 12:49 49,152 a------- c:\windows\system32\reader_s.exe
2009-04-07 12:49 23,552 a------- C:\ovmhmkie.exe
2009-04-07 12:49 109,550 a------- c:\windows\system32\drivers\c61a7f68.sys
2009-04-07 12:49 46,080 a------- C:\fkajlvl.exe
2009-04-07 12:48 0 a------- c:\windows\system32\k86.bin
2009-04-07 12:48 22,640 a------- c:\windows\system32\tmodkm.dl_
2009-04-07 12:48 8,560 a------- c:\windows\system32\tmod.sys
2009-04-07 12:48 249,856 a------- c:\windows\system32\nvtpm32.dll
2009-04-07 12:48 48,640 a------- C:\hwjthdcs.exe
2009-04-07 12:48 125,440 a------- c:\windows\system32\azton.mt
2009-04-07 12:48 249,344 a------- C:\wlct.exe
2009-04-07 12:48 15,000 a------- c:\windows\system32\hsf73ikmdf3f.dll
2009-04-07 12:48 49,664 a------- C:\jurj.exe
2009-04-07 12:48 9,216 a------- c:\windows\instsp2.exe
2009-04-04 18:34 <DIR> --dsh--- c:\documents and settings\adrian arthur\PrivacIE
2009-04-04 18:30 <DIR> --dsh--- c:\documents and settings\adrian arthur\IETldCache
2009-04-04 18:25 81,920 a------- c:\windows\system32\ieencode.dll
2009-04-04 16:36 16 a------- c:\windows\Wfukuvuroviloxe.bin
2009-04-04 16:36 1,420 a------- c:\windows\Ssinijolo.dat
2009-03-31 19:55 0 a------- C:\VETlog.dmp
2009-03-31 19:50 <DIR> --d----- c:\program files\IObit
2009-03-31 19:50 <DIR> --d----- c:\docume~1\adrian~1\applic~1\IObit
2009-03-31 19:19 <DIR> --d----- c:\docume~1\adrian~1\applic~1\Uniblue
2009-03-31 19:05 2,555,161 ---sh--- c:\windows\system32\ebenimit.ini
2009-03-31 18:50 80,896 a------- c:\windows\system32\timinebe.dll
2009-03-30 11:28 2,517,765 ---sh--- c:\windows\system32\ofulugej.ini
2009-03-29 23:27 122 ---sh--- c:\windows\system32\ukabomah.ini
2009-03-29 11:28 0 a------- C:\lxdwn.exe
2009-03-29 11:28 121,344 a------- C:\ajtbyh.exe
2009-03-29 11:28 151,040 a------- C:\gldmo.exe
2009-03-29 11:28 2 a------- C:\-536813117
2009-03-29 11:28 29,696 a------- C:\wicnin.exe
2009-03-29 11:28 15,000 a------- c:\windows\system32\nhser43uhjnefr.dll
2009-03-29 11:27 57,856 a------- C:\pavw.exe
2009-03-29 11:27 67,584 a------- C:\dmsiacq.exe

==================== Find3M ====================

2009-04-10 14:15 89,088 a--sh--- c:\windows\system32\vawopijo.dll
2009-04-10 14:15 77,824 a--sh--- c:\windows\system32\dayoyadu.exe
2009-04-09 15:37 89,088 a--sh--- c:\windows\system32\midamuhi.dll
2009-04-09 15:37 77,312 a--sh--- c:\windows\system32\jusiwona.exe
2009-04-08 23:00 88,576 a--sh--- c:\windows\system32\jesuvaya.dll
2009-04-08 23:00 84,768 a--sh--- c:\windows\system32\kadageko.exe
2009-04-08 11:00 89,088 a--sh--- c:\windows\system32\bofofevu.dll
2009-04-08 11:00 84,768 a--sh--- c:\windows\system32\takavere.exe
2009-04-07 12:49 182,912 a------- c:\windows\system32\drivers\ndis.sys
2009-04-07 12:48 577,536 a------- c:\windows\system32\user32.DLL
2009-04-07 12:48 61,440 a--sh--- c:\windows\system32\vajetezo.exe
2009-04-05 23:17 84,768 a--sh--- c:\windows\system32\fofajivo.exe
2009-04-05 11:16 61,440 a--sh--- c:\windows\system32\sakabuji.exe
2009-04-04 16:34 84,768 a--sh--- c:\windows\system32\vitamine.exe
2009-04-02 17:26 50,688 a--sh--- c:\windows\system32\mijunope.dll
2009-04-02 17:25 61,440 a--sh--- c:\windows\system32\jivazona.exe
2009-03-31 18:59 50,688 a--sh--- c:\windows\system32\tatetimo.dll
2009-03-31 18:58 89,088 a--sh--- c:\windows\system32\tukuhegu.dll
2009-03-31 18:58 84,768 a--sh--- c:\windows\system32\yuhituka.exe
2009-03-30 11:28 80,896 -------- c:\windows\system32\jegulufo.dll
2009-03-30 11:28 89,088 a--sh--- c:\windows\system32\fubuveva.dll
2009-03-30 11:28 61,440 a--sh--- c:\windows\system32\gafuyowo.exe
2009-03-29 23:27 89,088 a--sh--- c:\windows\system32\giludeye.dll
2009-03-29 23:27 61,440 a--sh--- c:\windows\system32\duhifiho.exe
2009-03-29 11:28 14,336 a------- c:\windows\system32\svchost.exe
2009-03-29 11:27 81,408 a--sh--- c:\windows\system32\mawijeho.dll
2009-03-29 11:27 88,576 a--sh--- c:\windows\system32\keyutova.dll
2009-03-29 11:27 61,440 a--sh--- c:\windows\system32\reboyuti.exe
2009-02-09 03:19 1,846,272 a------- c:\windows\system32\win32k.sys
2008-12-06 11:47 12,030 a------- c:\program files\common files\hyqyl.bin
2008-12-06 11:47 11,910 a------- c:\program files\common files\xazofar.ban
2008-12-06 11:47 11,366 a------- c:\docume~1\adrian~1\applic~1\qomaj.dll
2005-04-01 16:11 186,124 ---shr-- c:\windows\system32\6tlwqkj.exe
0000-00-00 00:00 49,152 a--sh--- c:\windows\system32\hinuhilu.dll.vir
2009-01-08 11:00 50,688 a--sh--- c:\windows\system32\hisozega.dll
2009-01-08 11:00 50,688 a--sh--- c:\windows\system32\sagujele.dll
2009-01-02 17:26 50,688 a--sh--- c:\windows\system32\wemafuni.dll.vir
2009-01-08 11:00 50,688 a--sh--- c:\windows\system32\yohujoku.dll

============= FINISH: 17:14:40.07 ===============

[Angelfire777]

You are strongly advised to do the following immediately:

1. Disconnect infected computer from the internet and from any networked computers until the computer can be cleaned.

2. Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.

3. From a clean computer, change *all* your online passwords -- for ISP login, email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups you belong to.

Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passords and transaction information.


Please visit this webpage for download links, and instructions for running combofix:

http://www.bleepingcomputer.com/comb...o-use-combofix

Note: Please rename combofix.exe to cfix.exe

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

[Cusigchbotamino]

Im trying to use combofix and everything works fine until combofix tells me it is going to restart my computer. it shuts down the computer but when it trys to reboot, a blue screen flashes on screen right after the screen with the windows logo and the load bar, and the reboot start over. Im writing this on an other computer while mine is still starting and restarting

[Angelfire777]

Just to make sure I'm getting this right, you are getting the blue screen before you can even attempt to log in your account?

[Cusigchbotamino]

thats right

[Angelfire777]

Did you manage to install the recovery console through combofix?

If not, do you have a windows xp cd?

Also, try pressing F8 just before windows loads and choose "last known configuration" see if that helps.

[Cusigchbotamino]

I did install the recovery console with combofix but I do not have a windows xp CD anymore as my dad lost it. I tried rebooting in last know configuration but that didn't work either.

[Angelfire777]

1. Restart your computer
2. Before Windows loads, you will be prompted to choose which Operating System to start
3. Use the up and down arrow key to select [b]Microsoft Windows Recovery Console
4. You must enter which Windows installation to log onto. Type 1 and press enter.
5. At the C:\Windows prompt, type the following bolded text, and press Enter:


cd erdnt\hiv-backup


6. At the next prompt, type the following bolded text, and press Enter:

batch erdnt.con

7. The erunt backups will begin copying.
8. At the next prompt, type the following bolded text, and press Enter:

exit

let me know if that helps your boot.

[Cusigchbotamino]

no, it just restarts at the same place again :(

[Cusigchbotamino]

Oh and I just pressed the "Disable automatic restart on system failure" option in the windows advanced options menu so that I could read what it said on the blue screen that flashes before the computer reboots. The screen says exactly:

STOP: c0000221 {Bad Image Checksum}
The image user32.dll is possibly corrupt. The header checksum does not match the computed checksum.

I figured this would help

[Angelfire777]

Yes, that is great help. Thanks.

Go back to Recovery Console and do the following:

cd System32\dllcache
copy user32.dll C:\windows\system32\user32.dll

press 'y' when it asks if you want to overwrite or if it wants you to confirm the copy.

type exit

let me know if that works.

[Cusigchbotamino]

Now im not 100% sure im typing it in right but I typed in cd system32/dllache pressed enter (wasn't sure if i had to) and got to C:/windows/system32/dllcache> but then i tried typing in the second line and it says "The system cannot find the file or directory specified" I hope I just didn't type it right haha

[Angelfire777]

hehe, please make sure that you did it right first before we move on to something else.

[Cusigchbotamino]

ok so Im sure I typed it right and it says that the system cannot find the file specified. Im guessing its referring to the user32.dll file and I have noticed that when people are missing this file they usually reinstall it with the windows xp cd, Unfortunately my computer did not come with this CD :(. just thought I should let you know.

[Angelfire777]

Do you have a floppy or cd there? Also, do you have a computer that has xp sp2?

If yes, I want you to burn or copy to a floppy a copy of this file from the xp sp2 machine: C:\windows\system32\user32.dll

let me know please

[Cusigchbotamino]

no I don't have a computer running windows xp sp2. But I do have blank CDs

[Angelfire777]

Download this file and burn it to a blank CD.

http://www.afreedll.com/dll/download/2383/user32.dll


Load Recovery Console again and make sure the CD is in the CD drive then type the following line by line and press enter for each one.

cd system32
ren user32.dll user32.old
E: or D: whichever works (you'll know if it works if C:\windows\system32\> changed to E:\> or D:\>)
copy user32.dll C:\Windows\system32\user32.dll

if it asks if you want to overwrite or anything like that, just type 'y'

type exit

and let me know how it goes. If you encounter any problems or if you're unsure of anything, ask me first before proceeding.

[Cusigchbotamino]

well the only problem Im having is that Im not really sure how to burn this file on a cd. I have a feeling that the fact that Im using a MAC to try and burn this CD is a problem. I use the disk utility application to try and burn it but the file user32.dll is grayed out

[Cusigchbotamino]

I think I can burn it if I save the file as a .iso but Im worried that would make it so the windows wouldn't be able to read it

[Angelfire777]

Hmm.. windows won't be able to read an ISO from Recovery Console.

See if this makes any sense to you: http://docs.info.apple.com/article.h.../en/mh854.html

I don't know anything about MACs so let me know if you're still having problems and I'll ask help from our MAC pros here