[lucky_me_noodle]

Please help me,
I'm not sure what made the error to my lap tops Dell E1505 registry key because I had a problem with internet connection before
and I ran the antiviruses, and my problem was COMODO internet security that blocked my internet connection.

Well, I ran spybot and then suddenly I keep getting during start up of my profile window system 33 cannot find svchov.exe something like that.

i tried to look for a solution and someone recommended to go to registry and delete something and i did and i am wondering maybe that was the reason why when I try to log on to any of the profile even in safe mood tried all of those I log on to window but no icons or task bar shows up
just my wallpaper then i get automatically logged off!

ok, I could use this other laptop but my problem is that my Final Paper is on that lap top and I thought I had saved it on my usb flash drive but when I check it isn't on there!!!!

My paper is due this week. I feel so stupid, even though I could not sleep for days without having a paper I absolutely am proud of yet I make a stupid mistake of trusting my problematic laptop and worked on it there without saving it to my flash drive everytime i shut that damn thing off.

or i am thinking that perhaps when i put my usb on this lap top and scanned it to fix the problem it deleted that file, because i was so sure i had saved it last night.


BTW: I don't have the window Xp install cd,



Greatly appriciate if there must be a way, I can transfer my file well word doc to this pc which is a window vista my other one is just window xp withought having to log on to that lap top which i can't anyways?

[NPB-XK]

Uhhh... I think I'm familiar with that spyware... I've never got infected by it but I studied its code... Such a tricky code.
Blazefind (stuck in your IE BHO) which contains Wsaupdater.exe...
That thing changes the important "Userinit.exe" (its sub-keys) which is inside your registry. By then, it renames that file into Wsaupdater.exe and gets detected by your ad-aware (I bet that's what you were using to scan?) or whatever other software you were using... Or maybe it was your friend who told you to delete it. Well, it sadly got eliminated/deleted, when the truth is that it's an important .exe being renamed into something suspicious. That's why you can't log in properly as it kicks you out. Tricky huh...
Unfortunately, you would need to borrow a Windows XP CD to boot and go to the recovery console and use some DOS commands. Like:
cd system32 & copy userinit.exe wsaupdater.exe
And press enter.
Or just do chkdsk /r if you're not good with commands. And... delete wsaupdater.exe if userinit.exe is finally there.

Another way without CD is to make a bootable Floppy disk (if not, use USB) to run into DOS mode but it gets a bit too complicated. ---> For experts and advanced users. That would be to obtain stuff inside your hard drive without starting Windows. To restore it, gotta burn the userinit.exe (found on google) on a CD or Floppy disk and boot DOS from USB or Floppy disk and use commands (what a waste of space if you burn one file on a CD haha)... Argh must be too hard for you...

Best way is the 1st option. With Windows XP CD.
If you can burn CDs on your other computer, well, you can... Oh wait I can't say it here... Illegal.
By then, you must ALWAYS keep that CD. It should always come handy. Every computer technician walks around with Windows CDs when they know they have to fix something like that in a PC. ( Mostly copied CDs ) but yeah you don't need product keys whenever you only wanna fix Windows (in case you're wondering).

[lucky_me_noodle]

The good news is, I got all my important Documents by using UBUNTU!!! kyaa
The bad news is, I am still not playing mmorpg

I am not a pc expert but I will just put the changes as far as I can remember I made on that day!
= My system restore was working again but I turned it off because it was suggested.
= My task manager was working before but it pops up as administrator disabled it. hah
= I set the windows automatic update to 7p.m everyday. hah
= On the start of my profile I keep getting a message saying Windows cannot find scvhost.exe
therefore I tried to find a solution and I don't know but I followed this guys step

hi
follow this setps to fix the error
---------------------------------------
1. open registry
goto start
click on run
type regedit and press ok
2. In the registry traverse the key like
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

double click on Userinit on right side and delete
C:\windows\system32\boot.vbs and C:\windows\system32\wscript

100% it will work if u have any doubts

ping me on krishnakumar.tmr@gmail.com

I'm not sure if I deleted that exact thing or I just deleted whatever that said wscript or winlogon

I don't remember

= then I ran spybot
= I ran Ad aware
= then CCcleaner

annnd hmm yeah...

I tried doing what thinkinginpixels.com have by puting the userinit.exe but men I still cannot log on!

I have nothing important on my files so I don't care if I have to reinstal or whatever but I don't have Windows XP install CD.

I don't even know what virus that damn thing have. All I know is I got the DESTRUKTO virus from my friends usb and I had that for like 3 years lol
damn, it seems my lap top got worse when I try to fix this damn thing lol

Do you think, if I run the UBUNTU and I look at my umm whatchumacallit something with llcache something like that if I look for the wsaupdater.exe maybe it is there? And I delete it from there? Because I already added the userinit.exe but my lap top still won't log me in.

Uhhh... I think I'm familiar with that spyware... I've never got infected by it but I studied its code... Such a tricky code.
Blazefind (stuck in your IE BHO) which contains Wsaupdater.exe...
That thing changes the important "Userinit.exe" (its sub-keys) which is inside your registry. By then, it renames that file into Wsaupdater.exe and gets detected by your ad-aware (I bet that's what you were using to scan?) or whatever other software you were using... Or maybe it was your friend who told you to delete it. Well, it sadly got eliminated/deleted, when the truth is that it's an important .exe being renamed into something suspicious. That's why you can't log in properly as it kicks you out. Tricky huh...
Unfortunately, you would need to borrow a Windows XP CD to boot and go to the recovery console and use some DOS commands. Like:
cd system32 & copy userinit.exe wsaupdater.exe
And press enter.
Or just do chkdsk /r if you're not good with commands. And... delete wsaupdater.exe if userinit.exe is finally there.

Another way without CD is to make a bootable Floppy disk (if not, use USB) to run into DOS mode but it gets a bit too complicated. ---> For experts and advanced users. That would be to obtain stuff inside your hard drive without starting Windows. To restore it, gotta burn the userinit.exe (found on google) on a CD or Floppy disk and boot DOS from USB or Floppy disk and use commands (what a waste of space if you burn one file on a CD haha)... Argh must be too hard for you...

Best way is the 1st option. With Windows XP CD.
If you can burn CDs on your other computer, well, you can... Oh wait I can't say it here... Illegal.
By then, you must ALWAYS keep that CD. It should always come handy. Every computer technician walks around with Windows CDs when they know they have to fix something like that in a PC. ( Mostly copied CDs ) but yeah you don't need product keys whenever you only wanna fix Windows (in case you're wondering).

[NPB-XK]

Wow, I should have known you had a Linux with you... Impressive. Good job recovering your files!

Hmm at the moment, let's set in priority. Forget about DESTRUKTO at the moment. We'll fight that virus later. What's more important here is to log in your Windows.
And all I can say to your good friend is... WHAAAAAAAAAAAT?!

Ok, I understand that many malwares/virus/etc could create and rename a malicious file to "userinit.exe" and change the registry value but... Even there, even if it's a malicious file in disguise, it is NOT the right way to eliminate it! And as I said, that's what makes people and anti-virus/spywares think it's a virus that should get eliminated immediately. They're all wrong! *Tears in eyes* Hahaha.

There should be a real userinit.exe somewhere... If I can think quickly, a strategy I'd choose would be... Get a real userinit.exe and rename it to, let's say "userinit2.exe". Put it in C:\WINDOWS\system32\. By then, in:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
I'd change the Userinit value to C:\WINDOWS\system32\userinit2.exe,
(comma included)
I'd restart the computer and then I'd go and delete the fake and malicious userinit which is taking the real name [userinit.exe] (located somewhere in C:\WINDOWS\system32\).

Deleting such registry value in regedit is already bad in the first place. I'd turn mad against your friend if he gave me that instruction. No idea what he was thinking.

With your ubuntu, try to access regedt32.exe in your C:\WINDOWS\system32.
Go to:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Put the value of the userinit back to C:\WINDOWS\system32\userinit.exe,
(Yes the comma is part of it).
Oh wait, since you have deleted Userinit, then it's not there, right? When you're in \...\...\Winlogon, at the right where you see all the other values, right-click there in an empty space and "New" and "String Value", name it Userinit
Double-click it and put the value C:\WINDOWS\system32\userinit.exe,
(Comma included)
Make sure userinit.exe is in C:\WINDOWS\system32\ too, of course.
Close the regedit and try to log in your Windows now.

If you succeed what I told you, try doing the "userinit2.exe" trick I gave you up there. That's the way I'd do to remove the bad userinit.exe safely while it's not in use.

*Yeah you may have to look for wsaupdater.exe if it's there, and delete it, but before deleting it, you gotta make sure userinit.exe is there and the userinit value in regedit is alright.
The Userinit value is very important!!! So about the deletion. Even if your userinit.exe is there (in C:\WINDOWS\system32\), you still need its value in regedit! The registry is like the brain of your Windows (some would say "heart" but I say "brain" haha). Deleting the Userinit is like cutting the nerves related between the brain and "userinit.exe". You need userinit.exe to be able to log in. But you need the brain with its nerves to do it right.

As for the "delete C:\windows\system32\boot.vbs and C:\windows\system32\wscript " instruction he gave you, it shouldn't be a big deal at the moment. Destroying wscript (not a harmful thing) will make vbs virus unable to run in the process. Most virus are vbs type of virus and vbs files need wscript to run... so at that point, I'm not saying that it's a bad thing that he told you to delete wscript. It's just that you won't be able to run other unharmful .vbs files.
But it still won't fix the damages that are already done by the vbs virus.
As I said, let's try to fix your "logon" at the moment first, then we'll work on the damage caused by your virus.

I'm a virus creator and virus analysis myself so I know what I'm talking about...
Tell me if you can follow my steps.

[lucky_me_noodle]

Thanks~! If only my prof didn't skip class today it would have made all my efforts even more worthwile!!! lol

He is not my good friend, he is some dumb ass who made desperate dumb asses like me follow his dumb ass instructions on a forum. ; send him a virus on his e-mail? lol jk anyways

I'm not worrying about that DESTRUKTO virus I think I got it removed iono maybe that method I used gave me other virus lol anyways I just can't believe my lap top betrayed me ; moving on.

I followed the instructions from thinkinginpixel to putting the userinit.exe on the folder but there was no instruction on putting one or making sure the regedit has one. Maybe that's why it isn't working properly. hmm
I don't remember but like I said, I removed something from the instructions I mentioned above.

I think, my userinit got deleted but then I put a new one on the folder as the instructions given, I'll go see to make sure there is no duplicate. So I would rename that to userinit2.exe and put it in system32 folder?
So not inside any folder in system32? Because the userinit.exe I followed was in the folder of
anyways this is the instuctions I followed.
http://thinkinginpixels.com/quick-fixes/fi...log-off-loop/2/


What do you mean by changing the userinit value? How do I go about doing that? And I don't know if there is a run command on the UBUNTU?
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
I'd change the Userinit value to C:\WINDOWS\system32\userinit2.exe,
so I have to search all the folders and what not on the system32 folder for the fake userinit2 which is the wsupdater.exe?


If I can get to run command and i go to the hkey-blah-winlogon or wherever it stops,
I will jot down all the things listed on there, and let me know if something is missing?

ok question: above all else. hah
Where does userinit in the system32 belong in??? in a folder withing system 32 or just inside system 32
I read that the reason why I got a pop up saying the svhost.exe is missing because my anti0virus deleted it but not the pop up or something that the wsaupdater or userinit is located somewhere that's not supposed to be like in start up window? ok confusedddd.

I don't think I deleted exactly what he had on the insturction I'm not sure but I probably deleted something that ended with wscript lolol. anyways I am becoming redundant now.

i'll try the method you are asking, but is there anything about the log in issue I should make a note of to see if there is something missing? I cannot run hijack this or any other antivirus on it.

I'm going to try if there is a way I can access the internet using the UBUNTU. ;

[NPB-XK]

Hahaha no no wait... Ok let's start slowly... I went a little too fast with you like as if you were also pro in computer... Sorry haha... I overreacted because of what you deleted...

Ok erm!
You deleted wscript, right? Don't worry about that. It's not the cause of your "Log in" problem. Skip it for the moment. Ignore it.

Now forget about what I told you in my previous post at the moment. And forget about the website you sent me. Just follow my steps here in orders:

1 - First of all, userinit.exe should be located inside C:\WINDOWS\system32\.
Are you able to find it?
Yes?

2 - Inside your C:\WINDOWS\system32\ , can you find "regedt32.exe"?
Open it.
It should be the regedit.

3 - Inside of it, follow exactly:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
and at the right, can you see Userinit ?
I'm guessing you don't see it because you told me that you deleted it. That's why you can't log in your Windows XP.
To bring it back, just right click in the empty space to add it. "New" and "String Value". Name it Userinit and double-click it. Set its value to:
C:\WINDOWS\system32\userinit.exe,
(Comma included)
Like so:


Try to log in your Windows XP now.
It's supposed to work.
If you're not lost from here and you succeed, tell me... I'll go on with the 2nd part (removing suspicious files).

[lucky_me_noodle]

If I was a pro I would be helping myself.

haha wth, that was easy. I was in school awhile ago, just making sure it wasn't some weird typing to get to the next level, lol I have to do like in that tut.

Ok, I am on Ubuntu, and I found userinit.exe on my system32 but also I put one in dllcache is there any difference or it's ok?
also, on system 32 I did not find wsaupdater.exe

ok, I clicked on the regedt32.exe and a pop up says An error occurred while loading the archive.

[/media/disk/WINDOWS/system32/regedt32.exe]
End-of-central-directory signature not found. Either this file is not
a zipfile, or it constitutes one disk of a multi-part archive. In the
latter case the central directory and zipfile comment will be found on
the last disk(s) of this archive.
note: /media/disk/WINDOWS/system32/regedt32.exe may be a plain executable, not an archive
zipinfo: cannot find zipfile directory in one of /media/disk/WINDOWS/system32/regedt32.exe or
/media/disk/WINDOWS/system32/regedt32.exe.zip, and cannot find /media/disk/WINDOWS/system32/regedt32.exe.ZIP, period.

[NPB-XK]

D'oh! ...
Ok go to your [/media/disk/WINDOWS/] and find regedit.exe
Try to open it... Does it say the same thing?

*Yes I guess it's alright if you put your userinit.exe in the dllcache folder since I have no idea what the heck that folder is... But I recognize the folders that are wrong to put userinit.exe in them. dllcache just gives me no clue... I should re-read my notes about that one.

[lucky_me_noodle]

You lost me here, how do I get there?

[NPB-XK]

You lost me here, how do I get there?

Hahaha...
C:\WINDOWS\regedit.exe

That's the original regedit... Can you find it? Inside C:\WINDOWS\...

[lucky_me_noodle]

It says that same thing





;~;

[NPB-XK]

Mmmaaaaaasshshshshs!
I forgot how ubuntu works... I only have "backtrack" linux on most of my laptops at the moment, I should have kept ubuntu for a test.

Hmmm can you find a way to send me your regedit.exe (from C:\WINDOWS\) and regedt32.exe (from C:\WINDOWS\system32\)? Gotta put them in .rar or .zip file if you can, before sending them to me, because nowadays, it's almost impossible to send executable files unless they are compressed in zip/rar/etc...

I'll fix them for you and send them back. All you will need to do is replace them.

[lucky_me_noodle]

Never mind, I send them each in folders zipped and all in one folder zipped.~

[NPB-XK]

Nevermind, I totally forgot regedit is just "regedit"... How stupid of me...
Regedit is just an editor of registry... If you give me yours, it would be the same thing, I'd be editing my registry HAHAHA.
What I would really need is your .reg file but you didn't create it... to create it, you'd need to open regedit... and you can't... HAHA oops...

Wait... I'll go to my little computer lab to test something out since I can't give out solutions straight from my head... I'll come back with some updates later (not tomorrow but later tonight haha)... Thanks for your patience.

[lucky_me_noodle]

lol like I have any choice. jk


Thank you very much for trying to save my life, looking at my mmorpg folders. ;~;

btw that link is more confusing to me then my transpersonal psy class lol

I'll reread it again. *_*

[NPB-XK]

I don't know what's your ubuntu's version but let's do this!

Can you go to "Applications"? (On your task bar).
Then "Add/Remove..."
And "All"... "All available applications".
There should be a window saying "Enable the installation of community blah blah...?"
You click "Enable".
"Apply the following changes?" <--- Gotta make sure it's "Wine Microsoft Windows Compatibility Layer" and click "Apply"...
It should be installing, until it's done, close it. And try to open the regedit.exe (from C:\WINDOWS\) by doing a right-click and choose "Open with Wine Windows Program Loader".
Does it work?

I try to be as simple as possible... Linux is usually for advanced users...
I'm worried if you would attempt some harder ways... Like http://www.winehq.org/download/deb
Gotta know your version of Ubuntu in this case.
That would be if you are in desperation mode.

In my opinion, it's the only way to be able to open Windows XP stuff. Most importantly, the regedit.exe...

[lucky_me_noodle]

I have the latest one.

But, I am in All tab under the "All available applications" That enable pop up you are talking about only happens if I click on one of them, so what is it do I enable? ;

[NPB-XK]

I have the latest one.

But, I am in All tab under the "All available applications" That enable pop up you are talking about only happens if I click on one of them, so what is it do I enable? ;

Hehe... can you find Wine Microsoft Windows Compatibility Layer? That's the one you have to enable...

[lucky_me_noodle]

Good news, youre arre a genius!

And then I go to current version and winlogon folder is no where? oh snap

[NPB-XK]

Woooh hoooh!

Hmm... Are you really really really in:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
??
If you can't find Winlogon, then x10
If you really can't find Winlogon, then I'll have to give you something long to do... Well, a bit long...