Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Recovery Help


  • This topic is locked This topic is locked
13 replies to this topic

#1 Techforumnewb

Techforumnewb

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:41 AM

Posted 03 August 2010 - 12:21 AM

Will make story as short as possible:

Running Windows XP Media Center Edition on a Dell Dimension E520 with AVG 9.0 installed. I also update AVG religiously.

Problem began, when AVG notified me that I have several threats. Approx 6 threats with 3 of them with a description of GERENIC10.BLAV (I can't remember extactly) Ran AVG several times and was not able to remove threat because the it was on the white list. Threats where associated with the USERINIT.EXE file.

I got the bright idea to remove the USERINIT.exe file manually. I was only able to remove said file manual until I started in safe mode and removed it manually. After restarting, I would then run into a continuous loop at the log in screen of windows start up. i.e. It would "Load personal setting", then literally seconds later go to "saving setting" I was never able to reach the actual desktop.

To solve this new problem, I decided to go use the CD Recovery (Operating System) CD that came with my computer. I selected to "fix a previously installed version" during the setup. It seemed like it installed well, but when the installation was finished, however now things have gotten only worst. Now my computer is on a continuous start up loop. As soon as I get to the Windows Loading screen (with bars scrolling under Windows logo), the computer begins to restart itself.

I have gone in the the boot set up and selected the last known good configuration, but it has not solved my problem at all.

I am stuck now with nowhere to go. Much Thanks in advance for any help.

Edited by Pandy, 04 August 2010 - 01:08 AM.
Moved from Windows XP to the most appropriate forum ~Pandy


BC AdBot (Login to Remove)

 


#2 abauw

abauw

  • Members
  • 951 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kebun Kelapa
  • Local time:04:41 PM

Posted 03 August 2010 - 04:12 AM

have you know what userinit is???
and do you really delete it??? if yes...that was the problem...

:guitar: Take me to a place where time is frozen
You don't have to close your eyes to dream :busy:
You can find escape inside this moment :smash:
And I will follow  :whistle:


#3 hamluis

hamluis

    Moderator


  • Moderator
  • 56,261 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:04:41 AM

Posted 03 August 2010 - 06:51 AM

Can you boot into safe mode?

Louis

#4 Techforumnewb

Techforumnewb
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:41 AM

Posted 03 August 2010 - 09:54 AM

I am not able to boot in safe mode. Same thing happens...constant loop at start up.

#5 abauw

abauw

  • Members
  • 951 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kebun Kelapa
  • Local time:04:41 PM

Posted 03 August 2010 - 10:48 AM

while you turn on you computer...press F8 repeatly before windows splash scree appear...
choise Disable Automatic Restart On System Failure...and tell what happen...

:guitar: Take me to a place where time is frozen
You don't have to close your eyes to dream :busy:
You can find escape inside this moment :smash:
And I will follow  :whistle:


#6 Techforumnewb

Techforumnewb
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:41 AM

Posted 03 August 2010 - 10:54 AM

I get a blue screen notifying me that:

A problem has been detected and windows has been shut down to prevent any damage to the computer. It is also asking me to check my drive for any virus or corrupt files.

#7 abauw

abauw

  • Members
  • 951 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kebun Kelapa
  • Local time:04:41 PM

Posted 03 August 2010 - 11:14 AM

please read this article...
Extract troubleshooting info from Windows XP BSOD error messages

and please on red arrow on that article...
please paste information red arrow on your BSOD (blue screen of death) on your next reply...

:guitar: Take me to a place where time is frozen
You don't have to close your eyes to dream :busy:
You can find escape inside this moment :smash:
And I will follow  :whistle:


#8 hamluis

hamluis

    Moderator


  • Moderator
  • 56,261 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:04:41 AM

Posted 03 August 2010 - 11:15 AM

I've asked for some assistance from the BC Malware Team...please be patient smile.gif.

Louis

#9 Techforumnewb

Techforumnewb
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:41 AM

Posted 03 August 2010 - 11:43 AM

Of the two red arrows, I only get one receive the bottom information:

*** STOP: 0x0000007B (0xBA4CB524, 0xC0000034, 0x00000000, 0x00000000)


thanks in advance

#10 abauw

abauw

  • Members
  • 951 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kebun Kelapa
  • Local time:04:41 PM

Posted 03 August 2010 - 12:07 PM

on under stop...does any word appear??
poster_oops.gif I forget what Louis told...
lets wait BC Malware Team....

Edited by abauw, 03 August 2010 - 12:08 PM.

:guitar: Take me to a place where time is frozen
You don't have to close your eyes to dream :busy:
You can find escape inside this moment :smash:
And I will follow  :whistle:


#11 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,749 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:41 AM

Posted 03 August 2010 - 08:27 PM

Perhaps the userinit.exe was not replaced

Insert your Installation CD and boot to the Recovery Console. At the prompt type the following and press Enter:

MAP

That should list all drives in the computer. Take note of the drive letter assigned to the CD_ROM. Type the following and press Enter.

cd system32
dir userinit.exe


The results should let you know if the userinit.exe is present. If not, you can extract a copy from your Installation CD as follows:

Expand X:\I386\USERINIT.ex_ C:\Windows\System32\USERINIT.exe

Where X is the letter assigned to your CD_ROM and C the letter of your main hard drive. Note that the file name in the CD ends with an underscore.

Keep us posted.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#12 Techforumnewb

Techforumnewb
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:41 AM

Posted 03 August 2010 - 10:29 PM

I have followed your steps and come to find out that the userinit.exe file is present. That said, now I am still stuck on the restart loop. Like I mentioned earlier, as soon as i get to the windows logo with the scrolling bars below, the computer starts itself, and thus the loop begins. Also please note that I have also attempted to "fix a previously installed version of windows" using the recovery disc. I think that is that has brought me to the restart loop.

Again, I would like to thank everyone contributing to this forum. It is VERY much appreciated.

thanks in advance!!!!!

#13 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,749 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:41 AM

Posted 03 August 2010 - 11:38 PM

Lets give this a try throughout an External Environment, which simply means you will need to burn a boot CD with especial tools. You will also need a flash drive to move information from the troubled computer to a working computer. It is the only way we can see the progress of our actions. Save these instructions in your flash drive as a text file (use notepad) so you can have access to these while in an external environment (PE).

Here is what you need to do.

Please print this guide for future reference!

Step 1
  1. Download the PE Builder to your desktop
    • Double-Click on the PE Builder that you just downloaded to your desktop.
    • Follow all of the instructions/prompts that come up.
  2. Insert your XP CD with SP1/SP2/SP3 into a CD Rom drive
    • Double-Click on PE Builder.exe located on your desktop.
    • Click NO to Search for Windows Installation Files
    • Make the following selections from the Main Screen that pops up:
      • Builder
        • Source:(path to Windows installation files)
        • Enter the path to the drive where your XP CD is located.
        • You can click on the "..." button on the right to navigate to the path as well.
        • Custom: (include files and folders from this directory)
        • No information is necessary, leave blank.
        • Output:
        • Keep the default
        • Media output
          • Choose Create ISO image
          • Do not choose Burn to CD/DVD
            • Download the RunScanner plugin and save it to your desktop
            • Press the Plugin button on the PE Builder interface
            • Press the Add button and navigate to the location of the RunScanner plugin to install
            • Please note: You will be prompted for the folder that it shall be saved. By default it appears as runscanner10025. It should be modified to just runscanner. This is important!!!
          • Please note: If you are using a Windows XP disc with sp2 then highlight RpsSS needs to launch DComLaunch and then press Enable
          • When your done press Close and the PE Builder interface will re-appear
    • Click on the "Build" button
      • You will see the Windows EULA message. Click on I Agree
      • You will now see the Build Screen. Let it run it's course
      • When the Build is finished you can click close, then exit
    • Burn your ISO file to CD
      • Please Click Here for information on how to burn an ISO to CD.

    Step 2

    From your clean computer, please download OTLPE.zip from any of the following links:

    Link 1
    Link 2

    Save this file on your desktop, but extract its contents to the Flash Drive.

    Plug your flash drive into your sick computer now and do as instructed below..

    1. Restart Your sick Computer Using the PE Builder ISO CD That You Have Created
    • Insert the CD in the CD/DVD drive.
    • Restart your computer.
      • The computer should choose to boot from the CD automatically.
        Note : For information click here
    • Once the desktop appears, you will receive a message asking: Do you want to start Network support?
      • Click on No
    • After BART PE loads, you can chose your screen resolution that fits your monitor by following these steps:
    • Click on Go
    • Then on System
    • Then on Display
    • Then on Screen Resolution
    • Select the resolution that fits your monitor.
    Then follow these steps to run OTLPE.
    • Click on Go
    • Select Programs
    • then A43 File Management Utility
    In A43File Management you should be able to see your flash drive
    • Navigate to the OTLPE folder that you saved to your flash drive.
    • Open the OTLPE folder and double click Start.cmd.
    • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
    • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
    • OTL should now start. Change the following settings
      • Change Drivers to All
      • Change Standard Registry to All
      • Under the Custom Scan box paste this in

        /md5start
        UXTHEME.DLL
        eventlog.dll
        scecli.dll
        netlogon.dll
        cngaudit.dll
        sceclt.dll
        ntelogon.dll
        logevent.dll
        iaStor.sys
        nvstor.sys
        atapi.sys
        IdeChnDr.sys
        viasraid.sys
        AGP440.sys
        vaxscsi.sys
        nvatabus.sys
        viamraid.sys
        nvata.sys
        nvgts.sys
        iastorv.sys
        ViPrt.sys
        eNetHook.dll
        ahcix86.sys
        KR10N.sys
        nvstor32.sys
        ahcix86s.sys
        nvrd32.sys
        userinit.exe
        explorer.exe
        ntoskrnl.exe
        /md5stop
        %SYSTEMDRIVE%\*.*
        %systemroot%\*. /mp /s
        %systemroot%\System32\config\*.sav
    • Press Run Scan to start the scan.
    • When finished, the file will be saved in drive C:\OTL.txt
    • Copy this file to your USB drive.
    • Please post the contents of the C:\OTL.txt file in your reply.

    No request for help throughout private messaging will be attended.

    If I have helped you, consider making a donation to help me continue the fight against Malware!
    btn_donate_SM.gif


    #14 JSntgRvr

    JSntgRvr

      Master Surgeon General


    • Malware Response Team
    • 11,749 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Puerto Rico
    • Local time:05:41 AM

    Posted 12 August 2010 - 11:09 PM

    Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

    Other members who need assistance please start your own topic in a new thread. Thanks!

    No request for help throughout private messaging will be attended.

    If I have helped you, consider making a donation to help me continue the fight against Malware!
    btn_donate_SM.gif





    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users