Well, like I said, I'm not a MBAM user, but if it didn't delete it, why does the log say "Successfully quarantined and deleted"? I do know that my friend's virus grabber quarantined it/deleted it, as it was already gone by the time I got the drive to rescue it. His anti-crap utility of choice loads as a service before logon, and caught the fact that userinit.exe was infected when Windows tried to use it as usual. He took the recommended action, and the file was annihilated, at which point Windoze initiated shutdown, which is all it would do at logon attempts until I cleaned it off and replaced the file. It's really an easy fix, though. Just use a Linux boot CD with NTFS3G on it and put the file back where it belongs and you're back in business. Knoppix has a great LiveCD Distro that I've used to monkey around with things in cases where Windows wouldn't boot. Just use the context menu (right mouse button) to change the drive to full read-write. It even supports most USB flash drives, so you can get the file from a friend's computer with a thumb drive, then put it back with Knoppix, and reboot right into Windoze. In my case, I simply attached his hard drive to my computer and cleaned the viruses off that way, so copying that file back in was easy. If you have the ability to do so, that is the best way to remove viruses: put the infected drive in another computer and scan it without booting from it. That way, the viruses aren't being loaded into memory during bootup, so they can't hide or lock themselves. I have an adapter that will convert IDE, Mini-IDE, and SATA drives to USB 2.0, and it's my best friend. If you hadn't guessed, yes, I am a technician. 8^D Jason