Solved

USERINIT.EXE

Posted on 2008-10-17
19
1,230 Views
Last Modified: 2011-10-19
HI. I TRIED TO START MY PC (WINDOWS XP PACK2) BUT I GET THE USERINIT.EXE APPLICATION ERROR. I'VE TRIED TO FIX IT USING THE CONSOLE, USING THE SOLUTIONS THAT EVERYBODY HAS POSTED ABOUT EXPAND THE USERINIT.EXE FILE FROM THE XP CD....THE POINT IS THAT IN THE WINDOWS\SYSTEM32 DIRECTORY, THE FILE USERINIT.EXE DOES EXIST. AND THAT FILE WSAUPDATER.EXE DOES NOT...SO, WHAT ELSE CAN I DO? I CAN ACCESS THE DESKTOP IN SAFE MODE...AND THE REGISTRY...BUT IT DOESNT SOLVE ANYTHING....

I FORGOT TO SAY THANKS :)
0
Comment
Question by:LAPOTES
  • 8
  • 5
  • 4
  • +1
19 Comments
 
LVL 13

Expert Comment

by:Brum07
ID: 22739281
0
 

Author Comment

by:LAPOTES
ID: 22739349
thanks....can i do this from the console? if so, how do i go back to c: from c:windows\ ?
0
 
LVL 13

Expert Comment

by:Brum07
ID: 22739403
No, you need to create a boot disk, I would go for BARTPE as it is very useful for all kinds of things.

BARTPE creates a Windows XP that runs from a CD, once you have created this and it is running oen up a command prompt and follow the instructions on the link in the previous post.

Regards
0
The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

 
LVL 14

Expert Comment

by:igor-1965
ID: 22739554
LAPOTES - check out the folder C:\WINDOWS\system32\dllcache it must be a copy of userinit.exe there.
In console enter the command:
dir C:\WINDOWS\system32\dllcache\userinit.exe

If files exists, then just copy it:
COPY C:\WINDOWS\system32\dllcache\userinit.exe C:\WINDOWS\system32\userinit.exe

In case if file does not exist, follow the instructions posted by Brum07 - the article clearly states you will be able do it from Windows install CD 2K/XP console recovery.

To navigate between the folders use these commands:
"cd \" or "cd .." or "cd <folder name>"

Brum07 - thanks for the link!
0
 

Author Comment

by:LAPOTES
ID: 22739600
what is bartpe? how do i do that?
0
 

Author Comment

by:LAPOTES
ID: 22739750
ok. im on the c:\>
but when i type cd\system volume information it says the command is not recognized.
i use the command dir and i can see the name of the directory but as d--hs---
thank youuuu
0
 
LVL 14

Expert Comment

by:igor-1965
ID: 22739753
BartPE is the greates toll to build up the recovery CDs: http://www.nu2.nu/pebuilder/

Altrnetively, you might try Microsoft Diagnostics and Recovery Toolset (former ERD): http://www.microsoft.com/downloads/details.aspx?familyid=5D600369-0554-4595-8AB4-C34B2860E087&displaylang=en

But in your case it might be sufficient if you use Windows install CD 2K/XP console recovery.
0
 
LVL 14

Expert Comment

by:igor-1965
ID: 22739821
Try this: dir c:\windows\system32\dllcache\userinit.exe

If file exists: COPY C:\WINDOWS\system32\dllcache\userinit.exe C:\WINDOWS\system32\userinit.exe
0
 

Author Comment

by:LAPOTES
ID: 22739852
I tried that. THe file doesnt exist in dllcache...:(
0
 
LVL 14

Expert Comment

by:igor-1965
ID: 22739909
OK, thanks for the clarification.
So let's back to the instructions posted by Brum07.
Try this:

cd\
cd "System Volume Information"

0
 

Author Comment

by:LAPOTES
ID: 22739996
got it. but when i type dir in "system volume information", there are only 4 files.and none of them is restore. and if i type cd _restore*, it says that the name is incorrect.
0
 
LVL 14

Expert Comment

by:igor-1965
ID: 22740078
Could you post the outcome of the command DIR when you run it in "system volume information"?
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 22740418
You said you can boot in safe mode, can you run Hijackthis and show us the log please?
Download Hijackthis:
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

Open Hijackthis, click "Do a system scan and save a logfile" don't fix anything yet.
Paste the log in the "Code Snippet" or "Attach File" window.
 
0
 

Author Comment

by:LAPOTES
ID: 22744550
sorry...i just fell asleep.

the outcome is this:
10/11/05     12:31a     d--hs---     0  .
10/11/05     12:31a     d--hs---     0 ..
10/24/04     10:46a     -a-hs---     0 MountPointManagerRemotDatabase
16/11/04     01/58p     -a-ks---  20480 tracking.log
4 file (s) 20480 bytes
91171393536 bytes free

rpqgamergirl: I cant use the internet on the "ill" computer....

thanks :D

0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 22745897
>>> I cant use the internet on the "ill" computer....<<<
You would use another pc with online access(like the one you use to post here) to download the tool you need and put it in a flash drive and transfer it to the infected pc.

You can also try downloading and running Winsockfix and see if that helps with the connection problem.


0
 

Author Comment

by:LAPOTES
ID: 22746206
hey,
sorry it takes me so long, but I have a 5 months old baby that does his best to keep me busy :D

ok. here is the log file

thanks for your help and patience
hijackthis.log
0
 
LVL 47

Accepted Solution

by:
rpggamergirl earned 500 total points
ID: 22746756
Congrats on your 5 month old baby (they're such a cutie at that age) a bundle of joy, :)

Thanks for the log.
A vundo infection plus others are showing in your Hijackthis log, please run MalwareBytes(it also removes vundo, and Combofix afterwards if problem persists.
Download Malwarebytes' Anti-Malware to your desktop. check for Updates before scanning.
http://www.malwarebytes.org/mbam.php
 
Please download ComboFix by sUBs:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log and attach it in your next reply by pasting it in the "Code Snippet" or "Attach File" window.
Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
 
0
 

Author Closing Comment

by:LAPOTES
ID: 31507082
Thanks alot for your help!!!!. Finally it worked. Now I guess Ill have to tell my husband to buy an update the antivirus.... thanks again :D
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 22747546
You're welcome.
Glad to know it's now fixed.
The system was infected most likely due to your version of java (2re1.4.2_03) that's very vulnerable to vundo infection.
I suggest, updating to a later or latest version.

Updating Java:
Go to Start > Control Panel > Add/Remove programs.
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )
Select and click Remove.

Then Download and install the newest version from here:
http://www.java.com/en/download/manual.jsp

Thanks!
0

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is an article about Leadership and accepting and adapting to new challenges. It focuses mostly on upgrading to Windows 10.
If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…

832 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question