Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows XP Home Edition won't Log In


  • This topic is locked This topic is locked
26 replies to this topic

#1 Lilium

Lilium

  • Members
  • 114 posts
  • OFFLINE
  •  
  • Local time:03:31 AM

Posted 14 October 2011 - 04:55 PM

Firstly, thanks for reading my plea for help.

I have a custom built computer, given to me from a friend. I added my C: drive into it and began dual booting between the two drives. The drive I added operates on Windows Vista, the original drive operates on Windows XP. Everything was fine for the first few months until the Windows XP wouldn't allow me to log in anymore. Whenever I attempt to log in, the system immediately logs me out and takes me back to the log in screen. This applies to Safe Mode as well, even when logging in as Administrator. I am the only user. I performed a Disk Cleanup from the Vista drive, a check disk in Command Prompt, and scanned the drive with the following Anti-Virus software:

- avast! Free Antivirus
- SUPERAntiSpyware Free Edition
- Malwarebytes' Anti-Malware
- Windows Defender

I've run out of ideas and would like to know if anyone has a solution to this problem. Thank you.

Tempus Fugit


BC AdBot (Login to Remove)

 


#2 AustrAlien

AustrAlien

    Inquisitor


  • BC Advisor
  • 6,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cowra NSW Australia
  • Local time:06:31 PM

Posted 15 October 2011 - 12:57 AM

LogOn/LogOff Loop ... Windows XP ... used to be a very common problem, but is not so common to come across one these days.

Please sit tight and be patient.

I have requested that an experienced helper who specialises in malware-related un-bootable computers respond to your topic.

Thank you.
AustrAlien
Google is my friend. Make Google your friend too.

Posted Image

#3 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:31 AM

Posted 15 October 2011 - 05:47 AM

Hello Lilium,

Welcome to Bleeping computer. I will assist you with the issue.

  • Please tell me when you boot to Vista, what is the drive letter assigned to the partition/drive on which Windows XP is installed. You can see it by booting to Vista, going to Start -> Computer or right-click Start and select Explore.
  • Please download MiniToolBox and save it to your desktop and run it.

    Checkmark following checkbox:

  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt) that pops up. A copy of result.txt will be saved in the same directory the tool is run.

#4 Lilium

Lilium
  • Topic Starter

  • Members
  • 114 posts
  • OFFLINE
  •  
  • Local time:03:31 AM

Posted 15 October 2011 - 07:41 AM

@AustrAlien: Okay, thank you

@farbar: Hi, the letter assigned to the Windows XP drive is D:

Tempus Fugit


#5 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:31 AM

Posted 16 October 2011 - 06:22 AM

:thumbup2:

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:31 AM

Posted 17 October 2011 - 03:54 AM

Are you still there?

#7 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:31 AM

Posted 19 October 2011 - 01:18 PM

This thread will now be closed due to lack of activity.

If you need this topic reopened, please send me a Private Message and I will reopen it for you.

If you should have a new issue, please start a new topic.

#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:31 AM

Posted 20 October 2011 - 01:33 AM

Topic reopened per request.

from PM:

because whenever I checked for new replies from the directory, I saw none were made

No worries, but you missed the second part of my first post too.:)

So please provide the log requested in the first post.

#9 Lilium

Lilium
  • Topic Starter

  • Members
  • 114 posts
  • OFFLINE
  •  
  • Local time:03:31 AM

Posted 20 October 2011 - 03:00 PM

I did attach the .txt, I guess it didn't go through. As I'm away from home at the moment, I'll re-upload it tonight; just repling to show I'm active. Thanks reopening the thread.

Tempus Fugit


#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:31 AM

Posted 20 October 2011 - 03:16 PM

:thumbup2:

Just copy and paste it please.

#11 Lilium

Lilium
  • Topic Starter

  • Members
  • 114 posts
  • OFFLINE
  •  
  • Local time:03:31 AM

Posted 20 October 2011 - 06:54 PM

MiniToolBox by Farbar
Ran by Lilium (administrator) on 20-10-2011 at 19:53:39
Windows Vista ™ Home Premium Service Pack 2 (X86)

***************************************************************************

========================= Memory info: ===================================

Percentage of memory in use: 44%
Total physical RAM: 2045.75 MB
Available physical RAM: 1129.83 MB
Total Pagefile: 8973.02 MB
Available Pagefile: 8093.31 MB
Total Virtual: 2047.88 MB
Available Virtual: 1963.98 MB

========================= Partitions: =====================================

2 Drive c: (ACER) (Fixed) (Total:74.56 GB) (Free:38.14 GB) NTFS
3 Drive d: () (Fixed) (Total:37.26 GB) (Free:30.59 GB) NTFS
4 Drive e: (AOM_D1) (CDROM) (Total:0.48 GB) (Free:0 GB) CDFS
9 Drive j: (Huawei Ascend M860) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
11 Drive l: (A.Aspire) (Fixed) (Total:55.95 GB) (Free:31.57 GB) NTFS
12 Drive m: (LILIUM) (Fixed) (Total:931.51 GB) (Free:482.18 GB) NTFS
13 Drive s: (CCP) (Removable) (Total:3.73 GB) (Free:0.69 GB) FAT32

========================= Users: ========================================

User accounts for \\LILIUM-PC

Administrator Guest Lilium


**** End of log ****

Tempus Fugit


#12 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:31 AM

Posted 21 October 2011 - 12:47 AM

In this post we are going to check the registry and also userinit.exe file on D drive.

  • Please download[attachment=109718:look.bat]
    Right-click and select "Run as administrator".
    It will make a log.txt file that will open up.
    Please post the log.
  • Click on this link--> virustotal

    Click the browse button. Copy and paste the line in bold in the open box, then click Send File.

    D:\windows\system32\userinit.exe

    If the file is analyzed before, click Reanalyse File Now button.
    If the file is clean by all the antivirus vendors tell me about that, otherwise please post results of the scan in your next post.


#13 Lilium

Lilium
  • Topic Starter

  • Members
  • 114 posts
  • OFFLINE
  •  
  • Local time:03:31 AM

Posted 21 October 2011 - 08:24 AM

The operation completed successfully.


HKEY_LOCAL_MACHINE\lil\Microsoft\Windows NT\CurrentVersion
systemroot REG_SZ C:\WINDOWS


HKEY_LOCAL_MACHINE\lil\Microsoft\Windows NT\CurrentVersion\Winlogon
AutoRestartShell REG_DWORD 0x1
DefaultDomainName REG_SZ XP-11F899BCB941
DefaultUserName REG_SZ Owner
LegalNoticeCaption REG_SZ
LegalNoticeText REG_SZ
PowerdownAfterShutdown REG_SZ 0
ReportBootOk REG_SZ 1
Shell REG_SZ Explorer.exe
ShutdownWithoutLogon REG_SZ 0
System REG_SZ
Userinit REG_SZ \userinit.exe,\Spenser.exe
VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
SfcQuota REG_DWORD 0xffffffff
allocatecdroms REG_SZ 0
allocatedasd REG_SZ 0
allocatefloppies REG_SZ 0
cachedlogonscount REG_SZ 10
forceunlocklogon REG_DWORD 0x0
passwordexpirywarning REG_DWORD 0xe
scremoveoption REG_SZ 0
AllowMultipleTSSessions REG_DWORD 0x1
UIHost REG_EXPAND_SZ logonui.exe
LogonType REG_DWORD 0x1
Background REG_SZ 0 0 0
DebugServerCommand REG_SZ no
SFCDisable REG_DWORD 0x0
WinStationsDisabled REG_SZ 0
HibernationPreviouslyEnabled REG_DWORD 0x1
ShowLogonOptions REG_DWORD 0x0
AltDefaultUserName REG_SZ Administrator
AltDefaultDomainName REG_SZ XP-11F899BCB941

HKEY_LOCAL_MACHINE\lil\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions
HKEY_LOCAL_MACHINE\lil\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\lil\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts
The operation completed successfully.

Volume in drive D has no label.
Volume Serial Number is 78F9-FD48

Directory of d:\windows\system32

04/14/2008 08:00 AM 26,112 userinit.exe
1 File(s) 26,112 bytes
0 Dir(s) 32,839,786,496 bytes free

-----------------------------------------

The userinit.exe for the D: drive had been previously scanned in 09' and '10 it said, and it checked out clean by all vendors when I reanalyzed it.

Tempus Fugit


#14 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:31 AM

Posted 21 October 2011 - 12:40 PM

The other OS is most probably infected. We need to clean it after you could boot.

Please download [attachment=109744:FixUserinit.bat]
Double-click to run it. Please post the log it makes.

Then reboot and try to boot to other OS and tell me how it went.

Edited by farbar, 21 October 2011 - 01:58 PM.
Added something to the batch


#15 Lilium

Lilium
  • Topic Starter

  • Members
  • 114 posts
  • OFFLINE
  •  
  • Local time:03:31 AM

Posted 21 October 2011 - 10:48 PM

FixUserinit.bat generated no log after being executed. And the D: refused to log me in as before.

Tempus Fugit





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users