need help

You are potentially in the wrong forum. This sounds typical of what happens when the userinit.exe file is either deleted or the registry key used for loading it has been deleted or incorrectly edited. Does the same thing happen in safe boot mode? Can any other user accounts be logged into?

You should continue working this in the Software Forum. You will more than like need your friends Windows XP boot CD. If you don't have a boot CD, you are in trouble.

Often a procedure as documented in the below link is required:

http://support.microsoft.com/default.aspx?scid=kb;en-us;307545&sd=tech

 

If you can get it to boot up again, do the below.

Download GetRunKey.Zip and ShowNew.Zip from the below links and extract all files from both ZIP files into a folder of their own. You can extract both ZIP files into the same folder. Like C:\MGTools While these tools will run from your Desktop, we strongly recommend that you DO NOT extract them to your Desktop. Please install them where recommended.

• Using GetRunKey
• Using ShowNew

• Locate the getrunkey.bat file and double click on it to run it. It will create a file named runkeys.txt in the root of drive C: (C:\runkeys.txt) DO NOT attach any other file. The log is named runkeys.txt. We do not need any of the other 20 or so temp files that are created. They will all be deleted when you terminate GetRunKey by closing the notepad window. This log will also popup in a notepad window which your can just close. Upload the runkeys.txt file here as an attachment when you come back to post your results.
• Please make sure you close the popup notepad window with the runkeys.txt log in it before running ShowNew in the below step.
• Locate the shownew.bat file and double click on it to run it. It will create a file named newfiles.txt in the root of drive C: (C:\newfiles.txt) . This log will also popup in a notepad window which your can just close. Upload the newfiles.txt file here as an attachment when you come back to post your results.

Then see step 7 in this READ & RUN ME FIRST Before Asking for Support and attach a HijackThis log.


Note: This means I expect to see three logs attached. See: HOW TO: Attach Items To Your Post

• GetRunKey
• ShowNew
• HJT

 

Well based on those logs I do not see any malware. You will have to run the real antivirus and antispyware scanners requested in the READ ME to know for sure if you are clean. GetRunKey, ShowNew and HJT are not malware scanners so there could be things detected by the other tools. However, I do suspect that your problems (whatever they are) are not due to malware. Consider running the other tools but if they do not detect anything, you should post in the Software Forum.

 

Okay that's great and you're welcome.

If you are not having any other malware problems, it is time to do our final steps:

1. You can delete the ShowNew.Zip and GetRunkey.Zip files and the files that you extracted from the ZIP files. You can also delete the C:\newfiles.txt and C:\runkeys.txt logs that were created
2. If you are running Windows XP or Windows ME, do the below:
   • go back to step 8 of the READ & RUN ME to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
3. After doing the above, you should work thru the below link:
   • How to Protect yourself from malware!

 

You're welcome. Surf safely!