Jump to content
Sign in to follow this  
falco

Windows XP problem ?

Recommended Posts

I went to use my computer and the graphics were all funny. I re-booted and it shows the blue screen with the profiles showing. I click on a profile and it says logging on and the theres a flicker and I just briefly see my desktop, then it says"logging off, saving your settings.. and then I'm back to the profile screen again. I can get in using safe mode and did spy and virus scans with no problem. I tried system restore but that didn't help. Anyone have any other ideas?

Share this post


Link to post
Share on other sites

When you've rebooted your machine, pressed F8, and are at the "Safe Mode" selection screen, you should also see a choice titled "Last Known Good Configuration (your most recent settings that worked)". Select that option to boot.

Post back and let me know if you were able to log in successfully.

Share this post


Link to post
Share on other sites

If the above doesn't work, try the following steps:


[b]Logon - Logoff loop, also caused by BlazeFind[/b]

Another [b]critical[/b] symptom caused by this malware: This malware modifies the Userinit area in the registry (replacing the userinit.exe with wsaupdater.exe) and Ad-Aware (with a particular definition update) removes the wsaupdater.exe file from the system, thus causing the Logon - Logoff loop. [i]That is, when you login to Windows, the 'loading personal settings" verbose will appear, but suddenly it will logoff.[/i] This issue was documented clearly by Lavasoftusa in it's Lavahelp Knowledgebase. 

[b]Here is the solution to the logon - logoff issue in Windows XP.[/b]

[b]Enter the Recovery Console[/b]

Boot the system using the Windows XP CD-ROM. In the first screen when the Setup begins, read the instructions press "R" (in the first screen) enter the Recovery Console. Type-in the built-in Administrator password to enter the Console. You'll see the prompt reading [b]C:Windows[/b] (Or any other drive-letter where you've installed XP) 

Type the following command and press Enter.

[b]CD SYSTEM32[/b]
(If that does not work, try [b]CHDIR SYSTEM32[/b])

[b]COPY USERINIT.EXE WSAUPDATER.EXE[/b]

Quit Recovery Console by typing [b]EXIT [/b]and restart Windows.

You'll be able to login successfully as you've created the wsaupdater.exe file (now, a copy of userinit.exe)

Now, change the [b]USERINIT[/b] value in the registry (see Phase II in this page) and change it accordingly.

[/html]

[hr]

[html]

[b]
Phase II  -  Fixing a registry entry which causes the Quick Launch issue (not retaining the settings)[/b]

Click Start, Run and type REGEDIT. Navigate to:

[b]HKEY_LOCAL_MACHINE  SOFTWARE  Microsoft  WindowsNT  CurrentVersion  Winlogon[/b]

In the right-pane, change the value of Userinit to "[b]C:WINDOWSsystem32userinit.exe,[/b]"

Type the above value exactly as given, including the comma  - exclude the quotes. [b] Also, change the path to userinit.exe appropriately if Windows is installed in a different drive[/b].

Close Registry Editor and restart Windows. The Quick Launch settings should be retained now.


Read the full page here: WinXPTutor.com

Share this post


Link to post
Share on other sites

If the above doesn't work, try the following steps:

<p align="left"><b><font face="Verdana" size="2" color="#008000">Logon - Logoff

loop, also caused by BlazeFind</font></b></p>

<p align="left"><font face="Verdana" size="2">Another <b><font color="#FF0000">critical</font></b>

symptom caused by this malware: This malware modifies the Userinit area in the

registry (replacing the userinit.exe with wsaupdater.exe) and Ad-Aware (with a

particular definition update) removes the wsaupdater.exe file from the system,

thus causing the Logon - Logoff loop. <i>That is, when you login to Windows,

the 'loading personal settings" verbose will appear, but suddenly it will

logoff.</i> This issue was documented clearly by Lavasoftusa in it's

Lavahelp Knowledgebase. </font></p>

<p align="center"><font face="Verdana" size="2" color="#0000FF"><b>Here is the

solution to the logon - logoff issue in Windows XP.</b></font></p>

<p align="left"><font face="Verdana" size="2"><b>Enter the Recovery Console</b></font></p>

<p style="text-align: left"><font face="Verdana" size="2">Boot the system using the Windows XP CD-ROM. In

the first screen when the Setup begins, read the instructions press

"R" (in the first screen) enter the Recovery Console. Type-in the

built-in Administrator password to enter the Console. You'll see the prompt

reading <b>C:Windows</b> (Or any other drive-letter where you've installed

XP) </font></p>

<p style="text-align: left"><font face="Verdana" size="2">Type the following command and press Enter.</font></p>

<p style="text-align: left"><font face="Verdana" size="2"><b>CD SYSTEM32</b>

(If that does not work, try <b>CHDIR SYSTEM32</b>)</font></p>

<p style="text-align: left"><b><font face="Verdana" size="2">COPY USERINIT.EXE WSAUPDATER.EXE</font></b></p>

<p style="text-align: left"><font face="Verdana" size="2">Quit Recovery Console by typing <b>EXIT </b>and

restart Windows.</font></p>

<p style="text-align: left"><font face="Verdana" size="2">You'll be able to login successfully as you've

created the wsaupdater.exe file (now, a copy of userinit.exe)</font></p>

<p style="text-align: left"><font face="Verdana" size="2">Now, change the <b>USERINIT</b> value in the

registry (see Phase II in this page) and change it accordingly.</font></p>


<p align="left"><b><font face="Verdana" size="2" color="#2932D6">

</font><font face="Verdana" size="2" color="#008000">Phase II  - 

Fixing a registry entry which causes the Quick Launch issue (not retaining the

settings)</font></b></p>

<p align="left"><font face="Verdana" size="2">Click Start, Run and type REGEDIT.

Navigate to:</font></p>

<p><b><font face="Verdana" size="2">HKEY_LOCAL_MACHINE  SOFTWARE  Microsoft  WindowsNT  CurrentVersion  Winlogon</font></b></p>

<p align="left"><font face="Verdana" size="2">In the right-pane, change the value of Userinit to

"<b><font color="#2932D6">C:WINDOWSsystem32userinit.exe,</font></b>"

Type the above value exactly as given, including the comma  - exclude the quotes.

<font color="#2932D6"><b> Also, change the path to userinit.exe appropriately if Windows is installed in a different

drive</b>.</font>

Close Registry Editor and restart Windows. The Quick Launch settings should be retained now.</font></p>


Read the full page here: WinXPTutor.com

Thanks for the reply. I tried everything you listed, but to no avail. I forgot to mention before that I tried using"the last known good configuration" and that didn't work either.

Share this post


Link to post
Share on other sites

Thanks for the reply. I tried everything you listed, but to no avail. I forgot to mention before that I tried using"the last known good configuration" and that didn't work either.

Sorry I couldn't be of more help falco.

I thought for sure that your system might be suffering from what's known as the "Logon - Logoff loop". I guess not. Maybe someone else can offer a better solution. :)

Share this post


Link to post
Share on other sites

Bad graphics card? Also while I am not real crazy about recomending this. Type in start, run, msconfig. See what programs are starting with your computer. I assume you can still get on the net? IF you can that instead of msconfig use this free program, http://www.windowsstartup.com/download.php. Its called startup inspector, Run it, click on consult button at the top and disable anything not necessary, If unsure google it see what it is.

Share this post


Link to post
Share on other sites

I can't access the net because I can only run in safe mode(I'm using my old athlon comp. I had networked). The interesting thing is I did both anti-virus and spyware scans in safe mode and my AVG reports that both my shell32.dll and ntoskrnl.exe files have been changed. Anyone know about these two files? I'm thinking my next course of action may be to rebuild my boot.ini file. Anyone have any other suggestions?

Share this post


Link to post
Share on other sites

Bad graphics card? Also while I am not real crazy about recomending this. Type in start, run, msconfig. See what programs are starting with your computer. I assume you can still get on the net? IF you can that instead of msconfig use this free program, http://www.windowsstartup.com/download.php. Its called startup inspector, Run it, click on consult button at the top and disable anything not necessary, If unsure google it see what it is.

I was hoping it was the graphics card also but I swapped it out but that wasn't my problem.

Share this post


Link to post
Share on other sites

I can't access the net because I can only run in safe mode(I'm using my old athlon comp. I had networked). The interesting thing is I did both anti-virus and spyware scans in safe mode and my AVG reports that both my shell32.dll and ntoskrnl.exe files have been changed. Anyone know about these two files? I'm thinking my next course of action may be to rebuild my boot.ini file. Anyone have any other suggestions?

Choosing "Safe Mode w/Networking Support" will allow you to access the internet from your main system.

shell32.dll and ntoskrnl.exe are very important system files (especially ntoskrnl.exe). Irreplaceable damage can occur if these two files are compromised.

Another thing is that AVG may miss quite a few Trojans/Viruses. If you read here, you can see that AVG ranks 23rd & 24th when it comes to defending against known infections. I recommend disabling AVG from protecting/starting up with your system and uninstalling it. It isn't doing it's job anyway. This will also give you a chance to scan with another antivirus software.

Active Virus Shield is very thorough and can give you a second opinion. As you can see from the list, it ranks 2nd and is built on Kaspersky's technology (ranked 1st). You may actually have other malicious files on your system.

Before scanning, disable System Restore (Trojans/Viruses are known to hide there and flourish) and reboot.

Rebuilding your boot.ini file through the Recovery Console doesn't seem to be the problem. If you were not able to make it pass the Windows XP loading bar, then it would be worth a shot. However, your boot.ini file seems to be functioning properly. Once you actually get to your Welcome screen/login prompt, your system is considered to have been booted properly. At that point, anything that happens can be credited to Windows as the operating system is in full control (viruses and all).

This is definitely an infection.

Share this post


Link to post
Share on other sites

Yea I forsure agree with organ shifter. Sounds like a big time nasty. Of late I have been really impressed with avg antispyware.  That has found nastys that other programs have missed.

If your unable to get on the net even though you tried the safe mode with networking then I would suggest trying msconfig,...start.....run..msconfig......click on the startup tab and disable just about everything. Someone hollar if I am wrong but I think he can disable EVERYTHING in STARTUP Tab and still be safe. I belive xp hides the important stuff from being disabled.

Also in the same msconfig you can go to your boot tab and select normal startup load all drivers. Make sure that one is checked.

Share this post


Link to post
Share on other sites

Hmm.. I've never had a problem with AVG. I rarely come across viruses, and when I do, AVG would pick em up everytime. I use avast now, since avg appears to have some issues with vista. If nothing seems to work falco, backing up all your files and reformatting your drive will without a doubt get rid of that little beast thats causing you these problems... :knuppel2:

Share this post


Link to post
Share on other sites

They didn't find any virus but their was some corrupted windows files. Ended up wiping/re-formatting and installing windows again. :cry2:

Glad to see that you got it sorted falco. In most cases, starting over is the best solution.

Once your system goes through changes like that, it never feels the same anymore. You end up getting lots of random problems that were not happening before. Ultimately, it results in you being more upset than you initially were. :shocked::angry:


I've been through three fresh installs just this past week. First, I performed a clean install of Vista Ultimate. In addition to not being seasoned enough, it ended up being too resource hungry for my taste. I decided to format the drive. :sad:

The second and only alternative for me is Windows XP Professional. Upon installation and updates, I had a problem with Office 2007 which prevented any of its applications from opening. Uninstalling/reinstalling didn't fix the problem. Not good. I need Office for daily tasks and can't have it functioning incorrectly. Yep, you guessed it, another format.

Finally, this install of XP Pro is as perfect as it can get. Once everything was fully updated, and all necessary programs were installed, I used Acronis True Image Home 10 to make a complete image backup of operating system (3.88GB Maximum Compression). If I do run into any issues at any time, I can just restore the image and not worry about anything. :grin:

Up to this point, I have not had one installation failure, crash, or error. Everything is good. :wink:

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

×
×
  • Create New...