all about computer information and technology
RSS icon Email icon Home icon
  • Fix Windows XP Log On/Log Off Loop Page 5

    Posted on May 5th, 2009 admin No comments

    Part 4 - Burning some CDs/DVDs

    THIS PAGE REQUIRES YOU TO DOWNLOAD A DECENT AMOUNT OF DATA. (205MB) IF YOU DO NOT HAVE A HIGH SPEED INTERNET CONNECTION, THEN YOU MAY WANT TO GO TO A PLACE WHERE THERE IS ONE AVAILABLE, LIKE A FRIEND’S HOUSE OR A STARBUCKS.

    So now it’s time to start fixing your system. We’re going to need some tools though. We’ll need to burn 2 CDs. (or DVDs if you don’t have any blank CDs. DO NOT USE CD-RWs OR DVD-RWs.) You should get a marker to label the CDs/DVDs so you don’t get them confused.

    A file that ends with the extension .iso is a special kind of file. .iso files are like .zip files, but with special information that helps a CD/DVD burning program make CDs/DVDs you may burn bootable, etc. If you unzip an .iso file you download, you’ll ruin it. You can use CDBurnerXP, Free ISO Burner, ImgBurn, or Active ISO Burner to burn the .iso file (also known as a CD/DVD image) you downloaded. When downloading Active ISO Burner, you can just get the middle one on the left side of the page. If you’re not going to use Active ISO Burner, make sure to use something along the lines of CD/DVD image burning in your CD/DVD burning program and NOT data burning! Please make sure to burn it at a slow speed (4x) to get the best results with even the most picky drives. Again, please leave the file in .iso form. Do NOT unzip it or anything like that.

    If you’re having trouble burning or booting any of the CDs/DVDs I mention, please try booting them off of the machine you’re currently running first. (Make sure to set the BIOS accordingly.) If you’re still having issues, find a friend who can burn and test these CDs/DVDs for you. Either your batch of blank CDs/DVDs may be bad, or your CD/DVD burner is going.

    Now, onto the CD burning!

    1. Download this file. (Save it, do not open it.) (If you’re running XP, don’t worry about it being a Vista Recovery Disc.)
    2. Burn the .iso to a blank CD/DVD using one of the programs I recommended above.
    3. Put the CD/DVD into the open CD/DVD tray of the computer that is still off.
    4. Turn on the computer and pop in the CD/DVD tray if it doesn’t automatically do it (laptop’s won’t)
    5. The CD/DVD should spin up and boot.

    Were you brought to a screen that gives you a prompt to press any key?
    Yes
    : Good! This should mean that this CD/DVD is burnt correctly! Pop out the CD/DVD, leave the CD/DVD tray open, and hold down the power button on your computer for 5 seconds to shut it down. Get a marker and label this CD/DVD “Vista Recovery Disc“. If you’re running XP, don’t worry about it being a Vista Recovery Disc.
    No
    : You’re going to have to delete the .iso file you downloaded and redownload it and reburn a new CD/DVD.

    If you’re having trouble burning or booting any of the CDs/DVDs I mention, please try booting them off of the machine you’re currently running first. (Make sure to set the BIOS accordingly.) If you’re still having issues, find a friend who can burn and test these CDs/DVDs for you. Either your batch of blank CDs/DVDs may be bad, or your CD/DVD burner is going.

    1. Download this file. (Save it, do not open it.)
    2. Burn the .iso to a blank CD/DVD using one of the programs I recommended above.
    3. Put the CD/DVD into the CD/DVD tray of the computer that you just used to burn the CD/DVD.

    Do you see some files and folders in the CD/DVD?
    Yes
    : Good! This means that this CD/DVD is burnt correctly! Pop out the CD/DVD, get a marker and label this CD/DVD “Save Me v1.25.2“.
    No
    : You’re going to have to delete the .iso file you downloaded and redownload it and reburn a new CD/DVD.

    If you’re having trouble burning or booting any of the CDs/DVDs I mention, please try booting them off of the machine you’re currently running first. (Make sure to set the BIOS accordingly.) If you’re still having issues, find a friend who can burn and test these CDs/DVDs for you. Either your batch of blank CDs/DVDs may be bad, or your CD/DVD burner is going.

    Congrats! All your tools are ready! Please continue onto the next page.

  • Fix Windows XP Log On/Log Off Loop Page 6

    Posted on May 5th, 2009 admin No comments

    Part 5 - Run the Discs!

    1. Put the Vista Recovery Disc CD/DVD into the open CD/DVD tray of the computer that is still off.
    2. Turn on the computer and pop in the CD/DVD tray if it doesn’t automatically do it (laptop’s won’t)
    3. The CD/DVD should spin up and boot.
    4. Press any key at the prompt as it says.
    5. Some files will load. (some machines may take up to 25 minutes to load!)
    6. You’ll be brought to a colorful screen with a cursor.
      [If you get any strange errors at this point, please shut down your machine by holding down the power button for at least 5 seconds and try booting it up with the disc again.]
    7. Wait (at most 5-10 minutes on very old systems) until a window appears.
    8. After the window appears, click Next.
    9. Click Repair your computer on the bottom left.
    10. Click Next on the small window that appears. (Don’t worry about it not detecting XP.)
    11. Click Command Prompt on the window that appears.
    12. Take the Vista Recovery Disc CD/DVD out and put the Save Me v1.25.2 CD/DVD in your CD/DVD drive.
      [If you are having issues with this, try downloading and unzipping this .zip file, taking the files that were in it and putting them onto a USB flash drive. (making sure that you can see a file called "saveme" or "saveme.bat" in the root of the drive) Then, put the USB flash drive into the computer.]
    13. Try typing D:\saveme, E:\saveme or F:\saveme to start up the recovery process.
    14. Follow the directions in the Command Prompt window.

    So, NOW are you able to log in?
    Yes!: Please go on to the next page!
    Still No!
    :
    Please contact me. (see the first page)

  • Fix Windows XP Log On/Log Off Loop Page 7

    Posted on May 5th, 2009 admin No comments

    Part 6 - Cleanup time!

    You’re in! Congrats! I would STRONGLY recommend you scan for spyware and viruses. (keep reading)

    DO NOT BOOT INTO NORMAL MODE YET OR ELSE THE SPYWARE/VIRUSES (if present) COULD CAUSE MORE PROBLEMS!

    You may be able to go into Safe Mode with Networking to access the Internet and download files that can clean your machine that way, however, I would recommend downloading the utilities listed below from another computer and putting them on a CD. Do not use a USB flash drive as that may become infected. Try and keep the infected computer off the Internet or your home network as long as possible. Not rebooting will also keep the virus/spyware at bay because it may want to undo some things each time you reboot.

     

    PLEASE, IF YOU VALUE

    YOUR COMPUTER AND

    EVERYTHING ON IT,

    BACKUP YOUR DATA

    AND

    HAVE A BACKUP PLAN

    SO YOU DO NOT HAVE

    TO SCRAMBLE

    LIKE THIS AGAIN!

    First, do the following:

     

     

    1. Click Start
    2. Click My Computer
    3. Select the Tools menu
    4. Click Folder Options at the top
    5. Select the View tab
    6. Under the Hidden files and folders heading, select Show hidden files and folders
    7. Uncheck the Hide protected operating system files (recommended) option
    8. Click Yes on the warning dialog that pops up
    9. Uncheck the Hide file extensions for known file types option
    10. Click Apply
    11. Click OK

    Go download and install these utilities. All of them are free to use and provide free updates. When running these installers, RENAME THEM as some viruses and spyware block them based on the file name. Make sure to keep the same file extension though. (.exe, .msi, etc.) These are in no way configured once installed. If you need help configuring them, please give me a call.

    PLEASE REMEMBER TO UPDATE

    THESE SCANNERS BEFORE

    SCANNING!

    YOU NEED TO USE ALL THE

    PROGRAMS ON THIS PAGE!

    • AVast! Antivirus
      • Can be installed/run under Safe Mode
      • Choose to run a Boot time scan
      • Choose to Restart later
      • Update AVast!’s defintions
      • Reboot into Safe Mode to run the boot time scan
      • If you have an antivirus scanner already, don’t use it anymore. Use AVast!. You can uninstall your old antivirus program when you get back into Normal mode.
      • Once you run AVast! Antivirus’ boot time scan, if it says you’ve been infected by Win32:Vitro, THERE IS NOTHING YOU CAN DO TO RESTORE YOUR SYSTEM TO A USABLE STATE WITHOUT REFORMATTING AND REINSTALLING. Backup your data and reformat the drive pronto. PLEASE MAKE SURE TO SCAN YOUR BACKUP AS WELL ON A CLEAN SYSTEM TO PREVENT REINFECTION.
    • Mozilla Firefox
      • Can be installed/run under Safe Mode
      • Please use this to browse the Internet from now on!
    • Spybot - Search & Destroy
      • Can be installed/run under Safe Mode
      • Do not select TeaTimer during installation
      • Do not select “Download updates” during installation
      • Close Spybot - Search & Destroy
      • Update the detection rules
      • Before installing: (if you have a version on your machine already)
        • Open Spybot - Search & Destroy
        • Undo all Immunization
        • Close Spybot - Search & Destroy
        • Remove it via Add/Remove Programs in the Control Panel
        • Restart the computer as it says, but go back into Safe Mode
        • Delete the following folders: (it is OK if some do not exist)
          • C:\Program Files\Spybot - Search & Destroy
          • C:\Program Files\TeaTimer
          • C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
          • C:\Documents and Settings\All Users\Application Data\TeaTimer
      • Once your machine is clean enough to get back into Normal mode, you’ll need to take note of this special procedure again for updating Spybot. You’ll need to uninstall it and reinstall it, as installing it under Normal mode will provide extra protection.
        • After you’re back in Normal mode and have uninstalled, cleaned up (see above) and then reinstalled Spybot, remember to update it and do another scan with it to take out anything else.
    • Malwarebytes’ Anti-Malware
      • Can be installed/run under Safe Mode
      • Update the program
      • Do a Full Scan
    • Windows Malicious Software Removal Tool
      • Can be installed/run under Safe Mode
      • Do a Full Scan
    • SpywareBlaster
      • Can be installed/run under Safe Mode
      • Before installing: (if you have a version on your machine already)
        • Open SpywareBlaster
        • Disable all Protection
        • Close SpywareBlaster
        • Remove it via Add/Remove Programs in the Control Panel
    • Bazooka Adware and Spyware Scanner
      • Can be installed/run under Safe Mode
      • If you’re running Windows Vista, you’ll see two false positives. Ignore them.
      • Update the program
      • Do a scan
    • Windows Defender
      • This program needs to be installed in Normal mode. YOU CANNOT INSTALL THIS UNDER SAFE MODE.
      • Update the program
      • Do a Full Scan
    • COMODO Firewall
      • Can be installed/run under Safe Mode
      • Do not install the COMODO Antivirus, as the software program below will take care of viruses
      • You do not need COMODO SafeSurf
      • Do the Spyware Scan
    • SUPERAntiSpyware
      • This program needs to be installed in Normal mode. YOU CANNOT INSTALL THIS UNDER SAFE MODE.
      • Update the program
      • Do a Full Scan
    • Ad-Aware
      • This program needs to be installed in Normal mode. YOU CANNOT INSTALL THIS UNDER SAFE MODE.
      • Update the program
      • Do a Full Scan

    AFTER YOUR MACHINE IS

    CLEAN, REMEMBER TO

    UPDATE TO XP SP3 IF

    YOU DID NOT HAVE IT!

    Some of the main things I’ve found that causes this loop:

    • People don’t uninstall old version(s) of Spybot: Search & Destroy when installing a new version
    • People uninstall the old version, but they don’t get rid of the Spybot/TeaTimer folders in C:\Program Files
    • People uninstall the old version, but they don’t get rid of the Spybot folders in C:\Documents and Settings\All Users\Application Data (I don’t think you really need to get rid of this, but I do just to have a full uninstall)
    • People don’t know when a new version of Spybot: Search & Destroy is available (no notification in updater, no auto-updater, etc.) Always check before doing a scan!
    • People are still using Internet Explorer (IE) to browse the Internet without adequate protection.
    • People are heavily infected with spyware and viruses without knowing it.

     

  • How to use ComboFix

    Posted on May 5th, 2009 admin No comments

    If you have used removable usb storages with this system after the infection those have probably got infected as well. In order to clean them you have to have those plugged in during the whole cleaning process.

    Please visit this webpage for download links, and instructions for running ComboFix tool:

    http://www.bleepingcomputer.com/comb…o-use-combofix

    Please ensure you read this guide carefully and install the Recovery Console first.

    The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

    Once installed, you should see a blue screen prompt that says:

    The Recovery Console was successfully installed.

    Please continue as follows:

    1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
      Remember to re-enable them afterwards.
    2. Click Yes to allow ComboFix to continue scanning for malware.

    When the tool is finished, it will produce a report for you.

    Please include the following reports for further review, and so we may continue cleansing the system:

    C:\ComboFix.txt
    New HijackThis log.

    A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

  • Fix Windows XP Log On/Log Off Loop - Old method

    Posted on May 5th, 2009 admin No comments

    Archived Page - Messing with Files

     


    Remember, type slowly! Please note that capitalization, punctuation and spelling matter!

    1. Put the Offline Registry Editor CD/DVD into the open CD/DVD tray of the computer that is still off.
    2. Turn on the computer and pop in the CD/DVD tray if it doesn’t automatically do it (laptop’s won’t)
    3. The CD/DVD should spin up and boot.
    4. You’ll see boot: _ at the bottom of your screen. Press Enter to continue. (if you don’t push anything after a bit, it will push Enter for you, so don’t panic. )
    5. After some stuff scrolls by, a menu will appear. Press d then Enter.
    6. You’ll see a list of things displayed under the heading Candidate Windows partitions found. One of them says BOOT over on the right. Look ALL the way over to the left (under the word Candidate) of your screen. A number is there. Type that number in (the number on the line that says BOOT) and push Enter.
    7. If you get a prompt asking you to “force it”, push y and then Enter, otherwise skip this step.
    8. Push Enter at the prompt asking you about the path to the registry.
    9. Push 2 then Enter at the 1st menu.
    10. Push 9 then Enter at the 2nd menu.
    11. You should be dropped to a prompt that looks like this: > _.
    12. Remember, type slowly! Please note that capitalization, punctuation and spelling matter!
    13. Type cd Microsoft then push Enter.
    14. Type cd Windows NT then push Enter.
    15. Type cd CurrentVersion then push Enter.
    16. Type cd Winlogon then push Enter. (that’s a lowercase ell and not a capital eye)

    Does the prompt at the bottom of the screen say something EXACTLY like this?
    (…)Windows NTCurrentVersionWinlogon> _

    Yes
    : Good! Continue these directions.
    No
    : Go back and retype those commands starting with Step 11. If you’re having issues, just keep typing cd .. (cd, space, then two periods) and then Enter until the prompt says > _.

    Fixing userinit/Userinit

    Type dv userinit then push Enter.

    Don’t worry if you get an error message that says “del_value: value userinit not found!“. That’s a good thing! If you don’t get anything, then we just got rid of part of an infection on your system. Let’s keep on fixing things!

    Now, type cat Userinit then push Enter.

    Look near the bottom part of your screen. (about the third line up) That last command should have popped up something. Do you see a line that says something EXACTLY like this?
    c:windowssystem32userinit.exe, (THAT COMMA IS NOT A TYPO)

    Yes
    : Good! Go to Fixing Shell below.
    No, I get an error message that says cat_vk: No such value <Userinit>
    :
    This means that the Userinit key has been fully deleted from the registry. We can remake it by typing:
    nv 1 Userinit
    (that’s the number one, not a lowercase ell or a capital eye) and pushing Enter.
    After that, continue these directions.

    No, something different appears
    :
    Continue these directions.

    1. Type ed Userinit then push Enter.
    2. Type c:windowssystem32userinit.exe, then push Enter. (THAT COMMA IS NOT A TYPO)
    3. Type cat Userinit then push Enter.

    Look near the bottom part of your screen. (about the third line up) That last command should have popped up something. Do you see a line that says something EXACTLY like this?
    c:windowssystem32userinit.exe, (THAT COMMA IS NOT A TYPO)
    Yes
    : Great! Continue these directions.
    No
    : Go back and retype it using the two steps above.

    Fixing shell/Shell

    Type dv shell then push Enter.

    Don’t worry if you get an error message that says “del_value: value shell not found!“. That’s a good thing! If you don’t get anything, then we just got rid of part of an infection on your system. Let’s keep on fixing things!

    Now, type cat Shell then push Enter.

    Look near the bottom part of your screen. (about the third line up) That last command should have popped up something. Do you see a line that says something EXACTLY like this?
    Explorer.exe
    Yes
    : Good! Go to Quick Tests below.
    No, I get an error message that says cat_vk: No such value <Shell>
    :
    This means that the Shell key has been fully deleted from the registry. We can remake it by typing:
    nv 1 Shell
    (that’s the number one, not a lowercase ell or a capital eye) and pushing Enter.
    After that, continue these directions.

    No, something different appears
    :
    Continue these directions.

    1. Type ed Shell then push Enter.
    2. Type Explorer.exe then push Enter.
    3. Type cat Shell then push Enter.

    Look near the bottom part of your screen. (about the third line up) That last command should have popped up something. Do you see a line that says something EXACTLY like this?
    Explorer.exe
    Yes
    : Great! Continue these directions.
    No
    : Go back and retype it using the two steps above.

    Quick Tests

    Now, we’re going to do some quick tests to see if you have another infection that could start the loop or prevent you from accessing your normal Desktop:

    1. Type cd .. (cd, space, then two periods) then push Enter.
    2. Type cd Image File Execution Options then push Enter.
    3. Type cd userinit.exe then push Enter.
    4. [Skip this step if you get the message "Key userinit.exe not found!"] Type delallv then push Enter.
    5. [Skip this step if you get the message "Key userinit.exe not found!"] Type cd .. (cd, space, then two periods) then push Enter.
    6. Type cd explorer.exe then push Enter.
    7. [Skip this step if you get the message "Key explorer.exe not found!"] Type delallv then push Enter.
    8. [Skip this step if you get the message "Key explorer.exe not found!"] Type cd .. (cd, space, then two periods) then push Enter.
    9. Type cd iexplore.exe then push Enter.
    10. [Skip this step if you get the message "Key iexplore.exe not found!"] Type delallv then push Enter.
    11. [Skip this step if you get the message "Key iexplore.exe not found!"] Type cd .. (cd, space, then two periods) then push Enter.
    12. Type cd logonui.exe then push Enter.
    13. [Skip this step if you get the message "Key logonui.exe not found!"] Type delallv then push Enter.
    14. [Skip this step if you get the message "Key logonui.exe not found!"] Type cd .. (cd, space, then two periods) then push Enter.
    15. Type cd logoff.exe then push Enter.
    16. [Skip this step if you get the message "Key logoff.exe not found!"] Type delallv then push Enter.
    17. [Skip this step if you get the message "Key logoff.exe not found!"] Type cd .. (cd, space, then two periods) then push Enter.
    18. Type cd winlogon.exe then push Enter.
    19. [Skip this step if you get the message "Key winlogon.exe not found!"] Type delallv then push Enter.
    20. [Skip this step if you get the message "Key winlogon.exe not found!"] Type cd .. (cd, space, then two periods) then push Enter.
    21. Push q then Enter to exit the registry editor.
    22. Wait about 1 second.
    23. Push q then Enter to quit the program.
    24. Wait about 1 second.
    25. Push y then Enter to save the registry changes you made. If you did not make changes, skip this step as the option won’t appear. (ignore any errors that appear)
    26. Wait about 1 second.
    27. Push n then Enter at the “new run” prompt. (ignore any errors that appear)
    28. Wait about 3 seconds.
    29. Take the Offline Registry Editor CD/DVD out and leave the CD tray open.
    30. Hold down the power button on your machine for about 5 seconds to power it off.
    31. Turn on your computer, and try going into Safe Mode.

    So, NOW are you able to log in?
    Yes!: Please go on to the next page!

    Still No!
    :
    Please do the guide over, MAKING SURE you did all the steps correctly. If, after you’ve done the guide again and you are STILL having issues logging in, search local websites for any sort of USB-to-IDE or USB-to-SATA device. These devices will allow you to hook up your hard drive to a working computer via USB and get the data off of it. The device that I like is this one. You can go ahead and throw away the driver disc it comes with, as that’s only for systems that are older than XP or Vista.

     

    Well, you made it this far, huh? “Why isn’t it fixed yet?!” you say? Well, whether you knew it or not, you just edited the registry. Remember I was talking about that before? Remember how I also talked about checking a file? We’re now going to check if a file exists. Even if it exists, it may be corrupted in some way so we’re going to replace it. If you’re interested in what file it is, it’s userinit.exe. Sound familiar?

    Get some coffee if you drink the stuff. (Me: No.)

    Now, the reason why I call this section “Madness methods” is because this section contains a reference to what is known as the Bart PE Method of fixing this problem. This was the original solution to this problem. The downside to this was that it required an original Windows XP CD to make the Bart PE CD. Unfortunately, most people don’t have one of these because people do not receive one from their computer manufacturer. Computer manufacturers only give you Restore or Recovery CDs. It’s a pain or impossible to get them working with Bart PE depending on your computer manufacturer.

    Lucky for you, I’ve included another option for those of you that don’t have access to an XP CD. I call it the Ubuntu Method. Personally, I also think this method is MUCH easier to do, and easier to do means less confusion. Less confusion means less questions towards me. Less questions towards me means I have more time to concentrate on other things in my life like school - and soon to be - work. That doesn’t mean to say I won’t be available for answering your questions.

    If you’re not sure if you have an original XP CD or not, please check it out on Microsoft’s official website. (scroll down a little bit) If you don’t have one of these, you can’t use the Bart PE Method.

    You probably could, but it’s a pain.

    It’s harder anyway.

    You wouldn’t want to.

    Believe me.

    The only good thing is that it contains the registry fix in there too.

    But you just did that.

    Anyways, onto the methods!

    Even if you do have an XP CD, I would strongly recommend the Ubuntu Method as it’s much faster.

    Ubuntu Method

    PLEASE TRY THIS METHOD FIRST!

    I came up with this method fairly recently. Pretty simple stuff. You’re going to be downloading an Operating System that you can run off of a CD. Pretty cool, huh? Here’s the skinny:

    What you’ll need:
    • Possibly a USB flash drive. (or if you don’t have one, a floppy disk)
    1. Go to the Download Ubuntu page.
    2. Make sure the Desktop Edition tab is currently selected.
    3. Choose the latest version. (it should be selected by default)
    4. Choose a download location near you. If one near you is slow, try the United States MIT Media Lab. That should be pretty fast.
    5. You’re now downloading a .iso file. (Save it, do not open it.)
    6. Burn the .iso to a blank CD/DVD using one of the programs I recommended above.
    7. Put the CD/DVD into the open CD/DVD tray of the computer that is still off.
    8. Turn on the computer and pop in the CD/DVD tray if it doesn’t automatically do it (laptop’s won’t)
    9. The CD/DVD should spin up and boot.

    Were you brought to a screen asking for your language?

    Yes: Good! Use the arrow keys to select your language and press Enter. Again, use the arrow keys and Enter to select the option Check CD for defects. Let it run. (it may take a bit) If it finds no errors, this means that this CD/DVD was burnt correctly! Pop out the CD/DVD, leave the CD/DVD tray open, and hold down the power button on your computer for 5 seconds to shut it down. Get a marker and label this CD/DVD “Ubuntu“.

    No: You’re going to have to delete the .iso file you downloaded and redownload it and reburn a new CD/DVD.

    1. Put the Ubuntu CD/DVD into the open CD/DVD tray of the computer that is still off.
    2. Turn on the computer and pop in the CD/DVD tray if it doesn’t automatically do it (laptop’s won’t)
    3. The CD/DVD should spin up and boot.
    4. Select your language at the boot screen using the arrow keys and push Enter.
    5. Select the first option, which should be Try Ubuntu without any change to your computer by pushing Enter.
    6. After a bit, the Ubuntu desktop should load. If you get out of range or sync errors, please reboot the machine and boot the CD again. After selecting your language, press F4 and then select Safe Graphics Mode.
    7. Let’s check and see if you have Internet access. Try clicking on the Firefox icon at the top of the screen. (if you don’t know what that looks like, check it out here) After the search page loads, try searching for something.
      • If the results show up, you have access to the Internet and can download either of the userinit.exe files directly from this site to the desktop.
      • If you get an “Address Not Found” error, then you don’t have Internet access. You can download both files (see above) onto a CD, DVD, USB flash drive or a floppy disk using another computer. Be sure to put them in separate folders on the CD/DVD/USB flash drive/floppy disk, such as sp2 and sp3, or else you’ll overwrite one file with the other!
    8. Click on the Places menu at the top.
    9. If you’re lucky, you should see a hard drive icon or two in there after all those folders. It should be the title of your drive, the size of it in GB, or a serial number. Click on it!

    Did the drive open? (wait at maximum one minute)

    Yes: Nice. You’re in the file system! Continue these directions.

    No, I get an error about mounting: Try rebooting the Ubuntu CD. To do this:

    1. Click the red and white Power icon on the upper right part of the screen.
    2. Do Restart.
    3. Push Enter as it says at the prompt, but don’t pop the CD out just yet as you would have to pop it back in anyways.
    4. Restart from Step 1 above.

    You’ll know you’re in the right drive if you see a folder called “Documents and Settings“. (You don’t need to open this folder! )

    Now that you’re in the file system….

    1. Please be aware that browsing the files and folders on the drive will be slower than normal as it’s running off of a CD. Please wait at least one minute between opening folders and such if they do not open immediately.
    2. Go to the WINDOWS folder.
    3. Go to the system32 folder.
    4. [Not needed if you know your Service Pack] Now, this folder is filled with stuff. You want to look for eula.txt. Open it up. (click on Display)
    5. [Not needed if you know your Service Pack] Scroll down to the bottom of the file. You should see something like “EULAID:XPSPand then a number. That number is which Service Pack you have.
      1. If your EULAID looks like this: EULAID:XPSP1: then try the SP3 file first if you believe you’ve been installing Windows Updates when Microsoft tells you to. Worst comes to worst, you’ll need to try the SP2 file.
      2. If your EULAID looks like this: EULAID:MCE05E: then try the SP3 file first if you believe you’ve been installing Windows Updates when Microsoft tells you to. Worst comes to worst, you’ll need to try the SP2 file.
    6. [Not needed if you know your Service Pack] Close the file.
    7. Now that you know this, you know what file to copy or download. (see the links above if you haven’t downloaded them yet)
    8. Copy the correct file for your system from wherever you have it stored (downloaded onto the Ubuntu desktop directly from this website/USB flash drive/CD/DVD/floppy) into the directory you have open. (WINDOWS/system32)
    9. Scroll all the way back up to where the folders are. Look for a folder called “dllcache“. Open it up.
    10. Copy the correct file for your system from wherever you have it stored (downloaded onto the Ubuntu desktop directly from this website/USB flash drive/CD/DVD/floppy) into the directory you have open. (WINDOWS/system32/dllcache)
    11. If you used a USB flash drive, be sure to right click your USB flash drive on the desktop after you’re done with it and do Unmount Volume.
    12. Close all the folders left on the desktop.
    13. Click the red and white Power icon on the upper right part of the screen.
    14. Do Restart.
    15. Follow the prompt to take out the CD and push Enter as it says.
    16. As the computer reboots, try going into Safe Mode.

    So, NOW are you able to log in?

    Yes!: You’re in! Congrats! I would STRONGLY recommend you scan for spyware (Recommendations/steps coming soon, I promise!) DO NOT BOOT INTO NORMAL MODE OR ELSE THE SPYWARE (if present) COULD DELETE userinit.exe AGAIN! You may be able to go into Safe Mode with Networking to access the Internet and download files that can clean your machine that way. I would recommend installing Malwarebytes’ Anti-Malware as it can run in Safe Mode and it is a free download. Please remember to update it before scanning. Also, please consider donating!

    Still No!: Now, here’s the cool part: since you have access to all the files on the drive via the Ubuntu CD, you can just plug in a USB flash drive or a USB hard drive and back everything up this way and just reinstall Windows!…that is, if you don’t care about your Windows installation and you’ve made sure (triple check) that everything you want backed up is NOT on that computer at all. If you want to try and keep your existing Windows installation, (or you can’t/won’t reinstall it for some reason) you’re going to need the Bart PE Method. (see the next page of this guide)

    Bart PE Method

    What you’ll need:
    • A working computer that’s running XP or higher (I am not sure about server OSes):
      • Your Windows XP CD (Restore/Recovery CDs from your computer maker/manufacturer may not work without some special Bart PE plugins)
        • This CD must have Service Pack 1 or higher on it. If your CD does not have this, please see here for info on slipstreaming your original XP CD with the latest Service Pack. You do not need to burn the new slipstreamed version of XP to fix your computer if you don’t want to. Simply point Bart PE to the directory in which the XP CD is on your hard drive to burn the Bart PE CD.
      • An Internet connection (!)
      • A blank CD
      • A CD burner/writer
    • The non-working computer in question:
      • Drive that accepts CDs must be bootable (if it’s not, you shouldn’t be running Windows XP in the first place!)
      • Access to the computer’s Basic Input Output System (BIOS)

    Got everything? Let’s get started!

    1.) Prepare the Bart PE Recovery CD

    First, you’ll need to download the installer for Bart PE. I have archived Bart PE v3.1.10a right here.

    Now that you have Bart PE, install it. After it’s installed, you should get a screen similar to this:

    Now, download this plugin, known as RunScanner. Since Bart PE is basically a mini version of Windows XP, it has it’s own registry, but you don’t care about editing that, you want to edit the registry of the unbootable machine! RunScanner will load just that upon the startup of Bart PE so it can be done. I have archived RunScanner v10015a right here. Now that you’ve downloaded the plugin, please leave it in .CAB form.

    Lastly, right-click and save this file: FixLogOnOffLoop.reg. Yep, that little file right over there will save your computer! Please leave the name and file extension alone. Please save this file in its OWN folder on your Desktop.

    Now, in that custom folder you just made, you’ll need to put the userinit.exe file. I’ll provide both files for you so you can put them onto the Bart PE CD. Be sure to put them in separate folders in the custom Bart PE folder, such as sp2 and sp3 or else you’ll overwrite one file with the other!

    Download Userinit.exe for XP SP2

    Download Userinit.exe for XP SP3

    Be sure to put them in separate folders in the custom Bart PE folder, such as sp2 and sp3 or else you’ll overwrite one file with the other!

    Now that all of that is done, let’s get back to Bart PE.

    Pop in your Windows XP CD, close the autorun screen if it pops up, and set the first option to the drive letter that contains your Windows XP CD. Mine in this case, is U:. Next, point the second option to that directory you saved FixLogOnOffLoop.reg and the userinit.exe files to. Mine in this case is C:Documents and SettingsWolfDesktopPE.

    Next, hit F4, or go to Builder -> Plugins. A screen like the one below should come up:

    Select Add, then find RunScanner10015a.cab and select it. Scroll down the list and see if it’s there. Also, make sure it’s enabled. After it’s all been checked out, click Close.

    • If your computer only has one CD/DVD drive in it then you need to do a bit of extra work in a bit. You need to set Bart PE to Create ISO image. Use the button on the right side to choose a place to save the .ISO file. A good place would be your Desktop. Click the Build button to make the ISO image. See the first pageof this guide if you do not know how to burn .iso files.
    • If your computer has more than one CD/DVD drive in it then set Bart PE to Burn to CD/DVD using CD-Record using your CD burner/writer by clicking Build. Depending on how fast your burner — and your computer in general — is, it should be done in a matter of minutes.

    Now that the CD is burnt, it’s time to go over to the computer that is not booting and fix it up!

    2.) Using Bart PE

    Now, boot your computer to Bart PE. When it’s done loading, you’ll see a dialog box asking for network support. Answer No. (use the arrow keys and Tab to select No if you don’t have mouse support for some odd reason) You’ll also see a minimized DOS box sitting next to the GO button. This is RunScanner. Let it load, and then when it disappears, you can start.

    Go to GO -> Programs -> A43 File Management Utility.

    Can you see your C: drive in the left window pane?

    Yes: Continue.

    No: You’ll need to rebuild and reburn the Bart PE CD with custom chipset drivers for your motherboard. Go here and here for more info about that.

    1. Navigate to C:WINDOWSsystem32.
    2. [Not needed if you know your Service Pack] Now, this folder is filled with stuff. You want to look for eula.txt. Open it up.
    3. [Not needed if you know your Service Pack] Scroll down to the bottom of the file. You should see something like “EULAID:XPSPand then a number. That number is which Service Pack you have.
      1. If your EULAID looks like this: EULAID:MCE05E… then try the SP3 file first if you believe you’ve been installing Windows Updates when Microsoft tells you to. Worst comes to worst, you’ll need to try the SP2 file.
    4. [Not needed if you know your Service Pack] Close the file.
    5. Now that you know this, you know what file to copy from the Bart PE CD. (see the links above if you haven’t downloaded them yet)
    6. Copy the correct userinit.exe file for your system from the custom folder made while building the Bart PE CD (Look in the root of the Bart PE CD) into C:WINDOWSsystem32.
    7. Scroll all the way back up to where the folders are. Look for a folder called “dllcache“. Open it up.
    8. Copy the correct userinit.exe file for your system from the custom folder made while building the Bart PE CD (Look in the root of the Bart PE CD) into C:WINDOWSsystem32dllcache.

    Go to GO -> Programs -> System Tools -> Remote RegEdit.

    Once Regedit opens, go to File -> Import….

    Bart PE should drop you in the root of the CD, which would be labeled X:. Select FixLogOnOffLoop.reg, and let it merge.

    You should be good to go! Exit Regedit, and restart your computer through the GO button. Remember to eject the CD.

    So, NOW are you able to log in?

    Yes!: You’re in! Congrats! I would STRONGLY recommend you scan for spyware (Recommendations/steps coming soon, I promise!) Also, please consider donating!

    No!: Since you have access to all the files on the drive via the Bart PE CD, you can just plug in a USB flash drive or a USB hard drive (plug in these things and reboot to the CD again for them to be detected) and back everything up this way and just reinstall Windows!…that is, if you don’t care about your Windows installation and you’ve made sure (triple check) that everything you want backed up is NOT on that computer at all. If you want to try and keep your existing Windows installation, (or you can’t/won’t reinstall it for some reason) you’re going to need to contact me for assistance (see the first page)

     

  • Virus Cleaning - olhrwef.exe

    Posted on May 5th, 2009 admin No comments

    Run this script with kaspersky AVZ, instructions linked in pinned topics at top of this forum page, PC will reboot:

    CODE

    ===================

    begin
    SetAVZGuardStatus(True);
    SearchRootkit(true, true);
    QuarantineFile(’C:\WINDOWS\system32\olhrwef.exe’,”);
    QuarantineFile(’C:\WINDOWS\system32\nmdfgds0.dll’,”);
    QuarantineFile(’C:\autorun.inf’,”);
    QuarantineFile(’C:\j60osk9.cmd’,”);
    QuarantineFile(’D:\autorun.inf’,”);
    QuarantineFile(’D:\j60osk9.cmd’,”);
    DeleteFile(’D:\j60osk9.cmd’);
    DeleteFile(’D:\autorun.inf’);
    DeleteFile(’C:\j60osk9.cmd’);
    DeleteFile(’C:\autorun.inf’);
    DeleteFile(’C:\WINDOWS\system32\nmdfgds0.dll’);
    DeleteFile(’C:\WINDOWS\system32\olhrwef.exe’);
    BC_ImportDeletedList;
    ExecuteSysClean;
    BC_Activate;
    RebootWindows(true);
    end.

    =====================================
    After run script, attach a Combofix log, please review and follow these instructions carefully.

    Download it here -> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    Before saving it to Desktop, please rename it to something like 123.exe to stop malware from disabling it.

    Now, please make sure no other programs are running, close all other windows until after the scanning and removal process has taken place.

    Please double click on the file you downloaded. Follow the onscreen prompts to start the scan.
    Once the scanning process has started please DO NOT click on the Combofix window or attempt to use your computer as this can cause the scanning process to stall. It may take a while to complete
    scanning and this is normal.

    You will be disconnected from the internet and your desktop icons/toolbars will disappear during scanning, do not worry, this is normal and it will be restored after scanning has completed.

    Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt , please attach it to your next post, along with any older Combofix log that you may have.

  • Create a boot floppy disk without a Windows XP-based computer

    Posted on May 5th, 2009 admin No comments

    Create a boot floppy disk without a Windows XP-based computer

    1. To download and to create the Windows XP Setup boot disks from a computer that is running Microsoft Windows 95, Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), or Microsoft Windows Millennium Edition (Me), refer to Microsoft Knowledge Base article 310994. For more information, click the following article number to view the article in the Microsoft Knowledge Base:

    310994  (http://support.microsoft.com/kb/310994/ ) How to obtain Windows XP Setup boot disks

    1. Delete all the files from the newly created Setup disk 1.
    2. Copy the Ntldr and the Ntdetect.com files from the I386 folder on the Windows XP installation CD-ROM, on the Windows XP installation floppy disk, or from a computer that is running the same version of Windows XP as the computer that you want to access by using the boot floppy disk. To do this, follow these steps:

    a.      Insert the Windows XP installation media into the disk drive of the computer.

    b.      Click Start, click Run, type <DriveLetter>:\I386, and then click OK.

    Note<DriveLetter> represents the root location of the installation media.

    c.      Right-click the Ntldr file, and then click Copy.

    d.      Click Start, click Run, type a:, and then click OK.

    e.      Click the Edit menu, and then click Paste.

    f.      Repeat steps 2b through 2e for the Ntdetect.com file.

    1. Rename the Ntldr file to Setupldr.bin. To do this, follow these steps:

     .      Right-click the Ntldr file, and then click Rename.

    a.      Type Setupldr.bin, and then press ENTER.

    1. Create a Boot.ini file or copy one from a computer that is running Windows XP, and then modify the Boot.ini file to match the computer that you are trying to access. The following example lists how to create a Boot.ini file for a single-partition Integrated Device Electronics drive with Windows XP installed in the \Windows folder:

     .      Click Start, click Run, type notepad, and then click OK.

    a.      Type the following text :

    b.                       [boot loader]

    c.                       timeout=30

    d.                       Default= multi(0)disk(0)rdisk(0)partition(1)\windows

    e.                       [operating systems]

    f.                       multi(0)disk(0)rdisk(0)partition(1)\windows=”<OperatingSystem>

    Note The value represented by the <OperatingSystem> placeholder depends on the configuration of the Windows XP computer that you are trying to access. For example, if you are try to start a Windows XP Professional computer, this value is as follows:

    Microsoft Windows XP Professional

    g.      Click the File menu, and then click Save As.

    h.      Select 3 ½ Floppy (A:) from the Save in drop-down list, type Boot.ini in the File name text box, and then click Save.

    Note If your computer starts from a SCSI hard disk drive, you may have to replace the multi(0) entry with scsi(0). If you are using scsi(x) in the Boot.ini file, copy the correct device driver for the SCSI controller that is used on the computer to the root of the boot disk, and then rename the device driver to Ntbootdd.sys. Change the disk(0) number to represent the SCSI-ID of the hard disk drive you want to start. If you are using multi(x) in the Boot.ini file, you do not have to change the code in the Boot.ini file.

    1. Insert the floppy disk into the floppy disk drive of your computer, and then restart Windows XP.

     

  • How to create a bootable floppy disk for an NTFS or FAT partition in Windows XP

    Posted on May 5th, 2009 admin 1 comment

    Create a boot floppy disk by using a Windows XP-based computer

    1. Format a floppy disk by using the Windows XP format utility. To do this follow these steps:

    a.      Insert the floppy disk that you want to use into the floppy disk drive.

    b.      Click Start, click Run, type format a:, and then click OK.

    1. Copy the Ntldr and the Ntdetect.com files from the I386 folder on the Windows XP installation CD-ROM, from the Windows XP installation floppy disk, or from a computer that is running the same version of Windows XP as the computer that you want to access by using the boot floppy disk. To do this, follow these steps:

     .      Insert the Windows XP installation media into the disk drive of the computer.

    a.      Click Start, click Run, type <DriveLetter>:\I386, and then click OK.

    Note<DriveLetter> represents the root location of the installation media.

    b.      Right-click the Ntldr file, and then click Copy.

    c.      Click Start, click Run, type a:, and then click OK.

    d.      Click the Edit menu, and then click Paste.

    e.      Repeat steps 2b through 2e for the Ntdetect.com file.

    1. Create a Boot.ini file, or copy one from a computer that is running Windows XP, and then modify the Boot.ini file to match the computer that you are trying to access. The following example lists how to create a Boot.ini file for a single-partition Integrated Device Electronics drive that has Windows XP installed in the \Windows folder:

     .      Click Start, click Run, type notepad, and then click OK.

    a.      Type the following text:

    b.                       [boot loader]

    c.                       timeout=30

    d.                       Default= multi(0)disk(0)rdisk(0)partition(1)\windows

    e.                       [operating systems]

    f.                       multi(0)disk(0)rdisk(0)partition(1)\windows=”<OperatingSystem>

    Note The value that is represented by the <OperatingSystem> placeholder depends on the configuration of the Windows XP computer that you are trying to access. For example, if you are trying to start a Windows XP Professional computer, this value is as follows:

    Microsoft Windows XP Professional

    g.      Click the File menu, and then click Save As.

    h.      Select 3 ½ Floppy (A:) from the Save in drop-down list, type Boot.ini in the File name text box, and then click Save.

    Note If your computer starts from a SCSI hard disk drive, you may have to replace the multi(0) entry with scsi(0). If you are using scsi(x) in the Boot.ini file, copy the correct device driver for the SCSI controller that is used on the computer to the root of the boot disk, and then rename the device driver to Ntbootdd.sys. Change the disk(0) number to represent the SCSI-ID of the hard disk drive you want to start. If you are using multi(x) in the Boot.ini file, you do not have to change the code in the Boot.ini file.

    1. Insert the floppy disk into the floppy disk drive of your computer, and then restart Windows XP.

     

  • Hello world!

    Posted on May 5th, 2009 admin No comments

    Welcome to WordPress. This is your first post. Edit or delete it, then start blogging!