Windows Loops at Login - Virus Related? Advice appreciated 2

[SkylessKnight]

I got a problem. was at an internet cafe with a laptop originally with windows 98 on it, copy of XP was installed... Computer shut down... and now when you try to start it up, you get all the way through BIOS, to the Windows XP Welcome screen... You click the user name, it'll say "Loading your personal settings..." and then the screen will go blank for a few seconds like a default background, and it'll come back up with the windows message saying "Logging off..." and you can hear the noise to log off... And you're back at the welcome screen. There is no time to open the Task Manager, Windows Key + R (to run) and try to do msconfig or something to edit the start up list... but no show. None of the options in the Advanced Startup menu work, before loading windows.

Any suggestions would be very appreciated... Thanks in advance.

 

[tdenitti]

Have you tried to boot the machine into safe mode? If you hit the F8 key during boot up it will give you the choice of booting into safe mode. Once in safe mode check the UPS service. Disable the UPS service and reboot the machine normally to see if the problem persists. Hope this helps!

 

[BIS]

This sounds much more like the issue with Adaware update from last year. Try to follow the steps in this link:

http://www.experts-exchange.com/Operating_Systems/WinXP/Q_21138228.html

 

[iamnotageek]

I've seen this happen a few times when xp system files got corrupted/damaged, from unknown causes. Sometimes, on machines with multiple accounts, some error messages will popup after clicking on one of the user account icons, saying something about script errors. Although I haven't had much luck with it, try booting from the xp cd and run a repair type reinstall.

No one in the MS XP General forum, including the MVPs seemed to have a definitive answer on how to fix it. I had to do a complete reinstall on several machines (I work in a PC repair shop). If you do a full reinstall, the cleanest way is to do a separate install (don't install into the same Windows directory). FWIW, you will have the option of booting on the old or the new install, after the reinstall has finished.

 

[SkylessKnight]

I've tried booting to safe mode, and it dosen't work... I can't get to where i can configure the services running...


BIS -
That is my problem but I cannot see the solution because it's 10 bucks. lol. But that's it, if you know what to do after that, hit me up. lol

THANKS

 

[SkylessKnight]

iamnotageek - i wonder if there is a way to do sfc. this is for an fbi agent, and he needs the data on the disk, all of it. like you said, reinstalling windows... into a different directory.. i wonder if there is a way to run sfc from the bad windows directory.. This problem is not caused from a virus?

 

[BIS]

SkylessKnight,

If that indeed is the problem, then this will solve it:

http://www.lavasofthelp.com/articles/v6/04/06/0901.html

 

[tyusbc]

Situation: PC will allow you to log in, but immediately logs you back out.

There is a spyware application entitled "wsaupdater.exe" that replaces "userinit.exe" and modifies the registry moving "userinit.exe" to "OldUserinit" and placing itself in the normal registry location. AdAware will remove the executable, but will not correct the registry. Failure to correct the registry before a reboot leaves you unable to log into the PC, even in Safe Mode.

The most obvious solution would be to check the registry after running AdAware, but before rebooting.

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon

Look for key:
UserInit = C:\Windows\system32\wsaupdater.exe

Change to:
UserInit = C:\Windows\system32\userinit.exe

If you fail to check the registry, all is not lost.

There is a Linux boot CD that will allow you to edit the registry.
Check the following site and download the latest version of "Austrumi" (or see if someone already has a CD sitting around):

http://sourceforge.net/projects/austrumi

At the time of this writing, the latest version was v0.8.8.
Download the ISO image and burn it to a CDROM.

Insert the CD into the computer and reboot, ensuring that the CDROM is the first boot item.
When the CD boots, at the boot prompt type in "nt_pass" without the quotes.
Don't wait too long or the CD will boot into some foreign language GUI.

The boot script will stop and ask to please select the partition by number that you wish to work on, just above that is a partition list for the hard drive. With the Dell GX260, #2 is the main partition, #1 is a maintenance partition. Usually you can just hit enter, as it will pick the most likely partition to work on.

Next it will ask you for the path to the registry directory, again it will usually find the correct path on it's own, so check to be sure and if it is correct, simply hit "Enter".

Next it will ask you to select which part of the registry to load. For our purposes, we want to select option #2 "software" and hit enter.

Next we wish to use the "Registry editor" so enter option #9 and hit enter.

Now you will see a prompt as such: [1020] >

At the prompt type in the following (case sensitive):
cd Microsoft\Windows NT\CurrentVersion\Winlogon <ENTER>
***NOTE the space between Windows and NT***

You may type in "ls" (without the quotes) to view all the registry entries under "Winlogon".

Now type in (case sensitive):
cat Userinit <ENTER>

This will list the current value assigned to that registry entry.
It should read: "C:\Windows\system32\userinit.exe"

If it does not, type in (case sensitive):
ed Userinit <ENTER>

And at the prompt type in:
C:\Windows\system32\userinit.exe <ENTER>

Now type in "q" to quit and hit <ENTER>.
Now type in "q" to quit again and hit <ENTER>.
You will be asked if there is something to save, answer yes.

Now it should state "Edit Complete" and you can "try again if something failed".
The default answer is "no" (indicated by the [n]), so hit enter to quit.
Now you should be back at the "#" prompt.

Press "CTRL" + "ALT" + "DELETE" (the Windows three finger salute) to reboot and eject the CDROM.

You should now be able to log into Windows normally.