Bad Bug

First off want to say sorry for not coming here first like always.

So my buddy wanted me to help him with his desktop, had redirecting issues and more. And I was going through the READ FIRST going through the steps, well win I ran Combo Fix, I noticed internet was not connecting, when I ran repair to fix issue, it said Error attempting to validate the Winsock base providers. So instead of typing a thread concerning this on here I did a google search, I just opened the first one which was a legit sight, and it told be to delete C:\WINDOWS\system32\userinit.exe, so I did now when I click on admin user or any user, it will show the background for about 1 minute then log off, no icons no boot to desktop nothing, not even in safe mode, Please help

 

You need to restore userinit.exe
That should not have been deleted.

Which operating system are you on and do you have your Windows installation CD?

 

It has windows xp and I do have a windows xp restore disc that I tried and didnt work.
I just tried the Repair itself technique, didnt go to the cmd part.

The cpu has SP3 my disc was for SP2, dont know if that makes a difference.

I have two old disc the one I used if for Operating System Which has XP home SP2. and I have another Dell Resource Disc for drivers and utilities, dont know if that one has that file on it.

 

Can you be more specific? How far along did you get in the Repair installation process?

If you are willing to do a Repair Installation, verify that you are following the steps from a guide like this one.

That's not it.

The Windows XP SP2 disc is the one you can use for a Repair installation

 

I went through that exact way of the repair just did it again and it stuck on the Windows page when it says please wait and just has hour glass as Icon. Been like that for 15 minutes, is it ok to hard boot.....?


Also I never ran anything else so if could, it might still be sitting in recycle bin...

 

Yes.

 

Yah just rebooted it gets to the welcome screen I click on one of the users and it acts like its loading, then says logging off and goes back to welcome screen, does that on every user and in safe mode.

Is there anything I can do to transfer the file I deleted from recycle bin to file/folder it needs to be?

 

If you did the repair correctly, it would have readded userinit.exe.

It is sounding like a registry problem now. Are you sure all you did was delete userinit.exe?

Do you have blank CD and a flash drive? We may need to create a bootable CD.

 

I do have either one flash or cd-r.

I also did a chkdsk /r, and it got to 33% and said it could not be repaired

 

So it gets stuck at 33% and does not progress? What is the exact error message you receive. Chkdsk /r would not say "could not be repaired".

Go ahead and verify that userinit.exe is in C:\WINDOWS\system32 by entering the Recovery Console.

Enter the recovery console and type in:

dir c:\windows\system32\userinit.exe

Note: there is only a space after dir

Then press ENTER and report the results.

 

No matching files found, I have also ran chkdsk /r again and it made it all the way through, Errors were found and fixed on volume but still no luck

 

Using your Windows XP CD, boot back into the Recovery Console and enter in the following commands, pressing ENTER after each one.

• expand d:\i386\userinit.ex_ c:\windows\system32
• expand d:\i386\winlogon.ex_ c:\windows\system32

If asked to overwrite, choose Yes.

Most likely your Windows XP CD will be marked as the d:\ drive.
To make sure, you can type:
d:
dir
e:
dir
f:
dir

Look for the I386 folder, if you see it then you have found the Windows XP CD drive letter.

 

Thank You very much, thisisu, Still will not connect to internet though, Im using DSL, tried a repair, tried unhooking wireless router and hooking straight to modem, alll it keeps saying is Acquiring network address but never does



Will that drivers/utilities Disc help here???

 

Most likely not. It sounds like you are infected with a Max++/Sirefef/ZeroAccess rootkit. Simply reinstalling the drivers will not do the trick as there are other factors that come into play.

Since you can boot into Windows now, you need to read and follow this guide: READ & RUN ME FIRST Malware Removal Guide

Most likely you will still have internet issues even after completing it but then I will have the information needed to start helping you restore internet access and removing the traces of malware from your PC.

 

I will run again, but this did start after I ran Combo Fix on the steps, the internet wouldnt connect anymore, it started giving me that Winsock error, it doesnt give me that anymore but still no connection.

 

Yes please do. Most likely you are infected with a rootkit. If you have any questions let me know.

The logs you need to attach are from the below programs (or as much as you were able to compelte):

• SUPERAntiSpyware
• MalwareBytes' Anti-Malware
• ComboFix
• RootRepeal
• MGtools