USERINIT.EXE

ASKER

thanks....can i do this from the console? if so, how do i go back to c: from c:windows\ ?

Brum07

No, you need to create a boot disk, I would go for BARTPE as it is very useful for all kinds of things.

BARTPE creates a Windows XP that runs from a CD, once you have created this and it is running oen up a command prompt and follow the instructions on the link in the previous post.

Regards

LAPOTES - check out the folder C:\WINDOWS\system32\dllcache it must be a copy of userinit.exe there.
In console enter the command:
dir C:\WINDOWS\system32\dllcache\userinit.exe

If files exists, then just copy it:
COPY C:\WINDOWS\system32\dllcache\userinit.exe C:\WINDOWS\system32\userinit.exe

In case if file does not exist, follow the instructions posted by Brum07 - the article clearly states you will be able do it from Windows install CD 2K/XP console recovery.

To navigate between the folders use these commands:
"cd \" or "cd .." or "cd <folder name>"

Brum07 - thanks for the link!

ASKER

what is bartpe? how do i do that?

ASKER

ok. im on the c:\>
but when i type cd\system volume information it says the command is not recognized.
i use the command dir and i can see the name of the directory but as d--hs---
thank youuuu

BartPE is the greates toll to build up the recovery CDs: http://www.nu2.nu/pebuilder/

Altrnetively, you might try Microsoft Diagnostics and Recovery Toolset (former ERD): http://www.microsoft.com/downloads/details.aspx?familyid=5D600369-0554-4595-8AB4-C34B2860E087&displaylang=en

But in your case it might be sufficient if you use Windows install CD 2K/XP console recovery.

Try this: dir c:\windows\system32\dllcache\userinit.exe

If file exists: COPY C:\WINDOWS\system32\dllcache\userinit.exe C:\WINDOWS\system32\userinit.exe

ASKER

I tried that. THe file doesnt exist in dllcache...:(

OK, thanks for the clarification.
So let's back to the instructions posted by Brum07.
Try this:

cd\
cd "System Volume Information"

ASKER

got it. but when i type dir in "system volume information", there are only 4 files.and none of them is restore. and if i type cd _restore*, it says that the name is incorrect.

Could you post the outcome of the command DIR when you run it in "system volume information"?

You said you can boot in safe mode, can you run Hijackthis and show us the log please?
Download Hijackthis:
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

Open Hijackthis, click "Do a system scan and save a logfile" don't fix anything yet.
Paste the log in the "Code Snippet" or "Attach File" window.

ASKER

sorry...i just fell asleep.

the outcome is this:
10/11/05 12:31a d--hs--- 0 .
10/11/05 12:31a d--hs--- 0 ..
10/24/04 10:46a -a-hs--- 0 MountPointManagerRemotDatabase
16/11/04 01/58p -a-ks--- 20480 tracking.log
4 file (s) 20480 bytes
91171393536 bytes free

rpqgamergirl: I cant use the internet on the "ill" computer....

thanks :D

>>> I cant use the internet on the "ill" computer....<<<
You would use another pc with online access(like the one you use to post here) to download the tool you need and put it in a flash drive and transfer it to the infected pc.

You can also try downloading and running Winsockfix and see if that helps with the connection problem.

ASKER

hey,
sorry it takes me so long, but I have a 5 months old baby that does his best to keep me busy :D

ok. here is the log file

thanks for your help and patience
hijackthis.log

ASKER CERTIFIED SOLUTION

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

ASKER

Thanks alot for your help!!!!. Finally it worked. Now I guess Ill have to tell my husband to buy an update the antivirus.... thanks again :D