[Rootkit]

That I don't know.

[Rootkit]

First of all, I have to find a way to replace userinit.exe, the missing part which is causing this problem apparently. Can I get some help replacing this file with instructions? Thanks.

[Rootkit]

I've been tasked with fixing a sibling's computer which contracted Rootkit, and so far it has been an annoying ordeal. When it logs on, it flashes the desktop, then logs off automatically, and leads me to the user selection screen. I was able to determine the problem was Rootkit before, but during my absence a past weekend, my father tried to fix it and did something which he can't remember and I've been left unable to access safe mode. Thanks in advance for the help.

Running Windows XP on her computer, btw.

[Csrss.exe issue]

Thanks, I'll get to it- but how would I stop all SQL services? I tried reading some instructions but it didn't get me anywhere.

Edit: IT WORKS! Thank you so much for your help. This was the first really serious situation where I relied on professional help to actually pull through. Before I never had to actually rely so whole heartedly on aid. This whole ordeal has showed me how much more I have to learn. Thanks Again.

[Csrss.exe issue]

So is it vital or anything? Should/how would I just remove it or replace it if it is important.

[Csrss.exe issue]

http://www.megaupload.com/?d=6HHMOHCV

I uploaded the kernel version, will this work?

ADDITIONAL_DEBUG_TEXT:  
Use '!findthebuild' command to search for the target build information.
If the build information is available, run '!findthebuild -s; .reload' to set symbol path and load symbols.

MODULE_NAME: csrss

FAULTING_MODULE: 00000000 

DEBUG_FLR_IMAGE_TIMESTAMP:  0

PROCESS_OBJECT: 8a6ccb48

IMAGE_NAME:  csrss.exe

DEFAULT_BUCKET_ID:  DRIVER_FAULT

BUGCHECK_STR:  0xF4

STACK_TEXT:  
WARNING: Stack unwind information not available. Following frames may be wrong.
b620dcd0 805d03ab 000000f4 00000003 8a6ccb48 nt!KeBugCheckEx+0x1b
b620dcf4 805d12af 805d1204 8a6ccb48 8a6cccbc nt!PsSetLegoNotifyRoutine+0x105
b620dd24 b5f77451 8a6ccd90 c0000005 b620dd64 nt!PsGetProcessExitTime+0xa87
b620dd54 8054088c 00000000 c0000005 033febcc avipbb+0x5451
b620dd64 7c90eb94 badb0d00 033feb94 00200061 nt!KeReleaseInStackQueuedSpinLockFromDpcLevel+0xb74
b620dd68 badb0d00 033feb94 00200061 00540028 0x7c90eb94
b620dd6c 033feb94 00200061 00540028 00000000 0xbadb0d00
b620dd70 00200061 00540028 00000000 00000000 0x33feb94
b620dd74 00540028 00000000 00000000 00000000 0x200061
b620dd78 00000000 00000000 00000000 00000000 0x540028


STACK_COMMAND:  kb

FOLLOWUP_NAME:  MachineOwner

BUCKET_ID:  WRONG_SYMBOLS

Followup: MachineOwner

Is all the information I can get on my behalf using your instructions.

[Csrss.exe issue]

I copy paste

.sympath SRV*C:\symbols*http://msdl.microsoft.com/download/symbols; .reload

http://img15.imageshack.us/my.php?image=step1o.png

Is the result. What should I do? Thank you for your help.

Update: After a day of effort, I've done more work.

Chkdsk from the Command Line shows no problem, neither does CCleaner, save a few-

http://img3.imageshack.us/my.php?image=step2e.png

Honestly, I'm lost on what to do. I'm tired of this issue but I refuse to take the most drastic line of action. Is there anything I can do with the Windows XP disc?

Tried to do a Repair Install- Session 3 Initialization Failed 0x0000006F

Should I try again?

[Csrss.exe issue]

How should I analyze the full dump file? I have it, but the tool I was told to use says there's missing symbols which I've installed.

[Csrss.exe issue]

The full size is 2GB which led me to read it myself by barely installing it in regular before BSOD. The results stayed the same-

Probably caused by : csrss.exe

There is a question though. When it was creating the full dump, the BSOD hit a tick of 50 and then rebooted. Should it have normally hit 100? I also suffered from a lack of ability to connect to the internet afterwards so I had to remove Full Dump.

[Csrss.exe issue]

I recently did a system restore to fix a microphone problem but that led to a chronic BSOD 5 minutes into login and I'm working in safe mode now.

http://www.megaupload.com/?d=S7BREYV3

Is my dump, if anyone would please read and help me with my predicament, it'd be appreciated.