all about computer information and technology
RSS icon Email icon Home icon
  • Fix Windows XP Log On/Log Off Loop - Old method

    Posted on May 5th, 2009 admin No comments

    Archived Page - Messing with Files

     


    Remember, type slowly! Please note that capitalization, punctuation and spelling matter!

    1. Put the Offline Registry Editor CD/DVD into the open CD/DVD tray of the computer that is still off.
    2. Turn on the computer and pop in the CD/DVD tray if it doesn’t automatically do it (laptop’s won’t)
    3. The CD/DVD should spin up and boot.
    4. You’ll see boot: _ at the bottom of your screen. Press Enter to continue. (if you don’t push anything after a bit, it will push Enter for you, so don’t panic. )
    5. After some stuff scrolls by, a menu will appear. Press d then Enter.
    6. You’ll see a list of things displayed under the heading Candidate Windows partitions found. One of them says BOOT over on the right. Look ALL the way over to the left (under the word Candidate) of your screen. A number is there. Type that number in (the number on the line that says BOOT) and push Enter.
    7. If you get a prompt asking you to “force it”, push y and then Enter, otherwise skip this step.
    8. Push Enter at the prompt asking you about the path to the registry.
    9. Push 2 then Enter at the 1st menu.
    10. Push 9 then Enter at the 2nd menu.
    11. You should be dropped to a prompt that looks like this: > _.
    12. Remember, type slowly! Please note that capitalization, punctuation and spelling matter!
    13. Type cd Microsoft then push Enter.
    14. Type cd Windows NT then push Enter.
    15. Type cd CurrentVersion then push Enter.
    16. Type cd Winlogon then push Enter. (that’s a lowercase ell and not a capital eye)

    Does the prompt at the bottom of the screen say something EXACTLY like this?
    (…)Windows NTCurrentVersionWinlogon> _

    Yes
    : Good! Continue these directions.
    No
    : Go back and retype those commands starting with Step 11. If you’re having issues, just keep typing cd .. (cd, space, then two periods) and then Enter until the prompt says > _.

    Fixing userinit/Userinit

    Type dv userinit then push Enter.

    Don’t worry if you get an error message that says “del_value: value userinit not found!“. That’s a good thing! If you don’t get anything, then we just got rid of part of an infection on your system. Let’s keep on fixing things!

    Now, type cat Userinit then push Enter.

    Look near the bottom part of your screen. (about the third line up) That last command should have popped up something. Do you see a line that says something EXACTLY like this?
    c:windowssystem32userinit.exe, (THAT COMMA IS NOT A TYPO)

    Yes
    : Good! Go to Fixing Shell below.
    No, I get an error message that says cat_vk: No such value <Userinit>
    :
    This means that the Userinit key has been fully deleted from the registry. We can remake it by typing:
    nv 1 Userinit
    (that’s the number one, not a lowercase ell or a capital eye) and pushing Enter.
    After that, continue these directions.

    No, something different appears
    :
    Continue these directions.

    1. Type ed Userinit then push Enter.
    2. Type c:windowssystem32userinit.exe, then push Enter. (THAT COMMA IS NOT A TYPO)
    3. Type cat Userinit then push Enter.

    Look near the bottom part of your screen. (about the third line up) That last command should have popped up something. Do you see a line that says something EXACTLY like this?
    c:windowssystem32userinit.exe, (THAT COMMA IS NOT A TYPO)
    Yes
    : Great! Continue these directions.
    No
    : Go back and retype it using the two steps above.

    Fixing shell/Shell

    Type dv shell then push Enter.

    Don’t worry if you get an error message that says “del_value: value shell not found!“. That’s a good thing! If you don’t get anything, then we just got rid of part of an infection on your system. Let’s keep on fixing things!

    Now, type cat Shell then push Enter.

    Look near the bottom part of your screen. (about the third line up) That last command should have popped up something. Do you see a line that says something EXACTLY like this?
    Explorer.exe
    Yes
    : Good! Go to Quick Tests below.
    No, I get an error message that says cat_vk: No such value <Shell>
    :
    This means that the Shell key has been fully deleted from the registry. We can remake it by typing:
    nv 1 Shell
    (that’s the number one, not a lowercase ell or a capital eye) and pushing Enter.
    After that, continue these directions.

    No, something different appears
    :
    Continue these directions.

    1. Type ed Shell then push Enter.
    2. Type Explorer.exe then push Enter.
    3. Type cat Shell then push Enter.

    Look near the bottom part of your screen. (about the third line up) That last command should have popped up something. Do you see a line that says something EXACTLY like this?
    Explorer.exe
    Yes
    : Great! Continue these directions.
    No
    : Go back and retype it using the two steps above.

    Quick Tests

    Now, we’re going to do some quick tests to see if you have another infection that could start the loop or prevent you from accessing your normal Desktop:

    1. Type cd .. (cd, space, then two periods) then push Enter.
    2. Type cd Image File Execution Options then push Enter.
    3. Type cd userinit.exe then push Enter.
    4. [Skip this step if you get the message "Key userinit.exe not found!"] Type delallv then push Enter.
    5. [Skip this step if you get the message "Key userinit.exe not found!"] Type cd .. (cd, space, then two periods) then push Enter.
    6. Type cd explorer.exe then push Enter.
    7. [Skip this step if you get the message "Key explorer.exe not found!"] Type delallv then push Enter.
    8. [Skip this step if you get the message "Key explorer.exe not found!"] Type cd .. (cd, space, then two periods) then push Enter.
    9. Type cd iexplore.exe then push Enter.
    10. [Skip this step if you get the message "Key iexplore.exe not found!"] Type delallv then push Enter.
    11. [Skip this step if you get the message "Key iexplore.exe not found!"] Type cd .. (cd, space, then two periods) then push Enter.
    12. Type cd logonui.exe then push Enter.
    13. [Skip this step if you get the message "Key logonui.exe not found!"] Type delallv then push Enter.
    14. [Skip this step if you get the message "Key logonui.exe not found!"] Type cd .. (cd, space, then two periods) then push Enter.
    15. Type cd logoff.exe then push Enter.
    16. [Skip this step if you get the message "Key logoff.exe not found!"] Type delallv then push Enter.
    17. [Skip this step if you get the message "Key logoff.exe not found!"] Type cd .. (cd, space, then two periods) then push Enter.
    18. Type cd winlogon.exe then push Enter.
    19. [Skip this step if you get the message "Key winlogon.exe not found!"] Type delallv then push Enter.
    20. [Skip this step if you get the message "Key winlogon.exe not found!"] Type cd .. (cd, space, then two periods) then push Enter.
    21. Push q then Enter to exit the registry editor.
    22. Wait about 1 second.
    23. Push q then Enter to quit the program.
    24. Wait about 1 second.
    25. Push y then Enter to save the registry changes you made. If you did not make changes, skip this step as the option won’t appear. (ignore any errors that appear)
    26. Wait about 1 second.
    27. Push n then Enter at the “new run” prompt. (ignore any errors that appear)
    28. Wait about 3 seconds.
    29. Take the Offline Registry Editor CD/DVD out and leave the CD tray open.
    30. Hold down the power button on your machine for about 5 seconds to power it off.
    31. Turn on your computer, and try going into Safe Mode.

    So, NOW are you able to log in?
    Yes!: Please go on to the next page!

    Still No!
    :
    Please do the guide over, MAKING SURE you did all the steps correctly. If, after you’ve done the guide again and you are STILL having issues logging in, search local websites for any sort of USB-to-IDE or USB-to-SATA device. These devices will allow you to hook up your hard drive to a working computer via USB and get the data off of it. The device that I like is this one. You can go ahead and throw away the driver disc it comes with, as that’s only for systems that are older than XP or Vista.

     

    Well, you made it this far, huh? “Why isn’t it fixed yet?!” you say? Well, whether you knew it or not, you just edited the registry. Remember I was talking about that before? Remember how I also talked about checking a file? We’re now going to check if a file exists. Even if it exists, it may be corrupted in some way so we’re going to replace it. If you’re interested in what file it is, it’s userinit.exe. Sound familiar?

    Get some coffee if you drink the stuff. (Me: No.)

    Now, the reason why I call this section “Madness methods” is because this section contains a reference to what is known as the Bart PE Method of fixing this problem. This was the original solution to this problem. The downside to this was that it required an original Windows XP CD to make the Bart PE CD. Unfortunately, most people don’t have one of these because people do not receive one from their computer manufacturer. Computer manufacturers only give you Restore or Recovery CDs. It’s a pain or impossible to get them working with Bart PE depending on your computer manufacturer.

    Lucky for you, I’ve included another option for those of you that don’t have access to an XP CD. I call it the Ubuntu Method. Personally, I also think this method is MUCH easier to do, and easier to do means less confusion. Less confusion means less questions towards me. Less questions towards me means I have more time to concentrate on other things in my life like school - and soon to be - work. That doesn’t mean to say I won’t be available for answering your questions.

    If you’re not sure if you have an original XP CD or not, please check it out on Microsoft’s official website. (scroll down a little bit) If you don’t have one of these, you can’t use the Bart PE Method.

    You probably could, but it’s a pain.

    It’s harder anyway.

    You wouldn’t want to.

    Believe me.

    The only good thing is that it contains the registry fix in there too.

    But you just did that.

    Anyways, onto the methods!

    Even if you do have an XP CD, I would strongly recommend the Ubuntu Method as it’s much faster.

    Ubuntu Method

    PLEASE TRY THIS METHOD FIRST!

    I came up with this method fairly recently. Pretty simple stuff. You’re going to be downloading an Operating System that you can run off of a CD. Pretty cool, huh? Here’s the skinny:

    What you’ll need:
    • Possibly a USB flash drive. (or if you don’t have one, a floppy disk)
    1. Go to the Download Ubuntu page.
    2. Make sure the Desktop Edition tab is currently selected.
    3. Choose the latest version. (it should be selected by default)
    4. Choose a download location near you. If one near you is slow, try the United States MIT Media Lab. That should be pretty fast.
    5. You’re now downloading a .iso file. (Save it, do not open it.)
    6. Burn the .iso to a blank CD/DVD using one of the programs I recommended above.
    7. Put the CD/DVD into the open CD/DVD tray of the computer that is still off.
    8. Turn on the computer and pop in the CD/DVD tray if it doesn’t automatically do it (laptop’s won’t)
    9. The CD/DVD should spin up and boot.

    Were you brought to a screen asking for your language?

    Yes: Good! Use the arrow keys to select your language and press Enter. Again, use the arrow keys and Enter to select the option Check CD for defects. Let it run. (it may take a bit) If it finds no errors, this means that this CD/DVD was burnt correctly! Pop out the CD/DVD, leave the CD/DVD tray open, and hold down the power button on your computer for 5 seconds to shut it down. Get a marker and label this CD/DVD “Ubuntu“.

    No: You’re going to have to delete the .iso file you downloaded and redownload it and reburn a new CD/DVD.

    1. Put the Ubuntu CD/DVD into the open CD/DVD tray of the computer that is still off.
    2. Turn on the computer and pop in the CD/DVD tray if it doesn’t automatically do it (laptop’s won’t)
    3. The CD/DVD should spin up and boot.
    4. Select your language at the boot screen using the arrow keys and push Enter.
    5. Select the first option, which should be Try Ubuntu without any change to your computer by pushing Enter.
    6. After a bit, the Ubuntu desktop should load. If you get out of range or sync errors, please reboot the machine and boot the CD again. After selecting your language, press F4 and then select Safe Graphics Mode.
    7. Let’s check and see if you have Internet access. Try clicking on the Firefox icon at the top of the screen. (if you don’t know what that looks like, check it out here) After the search page loads, try searching for something.
      • If the results show up, you have access to the Internet and can download either of the userinit.exe files directly from this site to the desktop.
      • If you get an “Address Not Found” error, then you don’t have Internet access. You can download both files (see above) onto a CD, DVD, USB flash drive or a floppy disk using another computer. Be sure to put them in separate folders on the CD/DVD/USB flash drive/floppy disk, such as sp2 and sp3, or else you’ll overwrite one file with the other!
    8. Click on the Places menu at the top.
    9. If you’re lucky, you should see a hard drive icon or two in there after all those folders. It should be the title of your drive, the size of it in GB, or a serial number. Click on it!

    Did the drive open? (wait at maximum one minute)

    Yes: Nice. You’re in the file system! Continue these directions.

    No, I get an error about mounting: Try rebooting the Ubuntu CD. To do this:

    1. Click the red and white Power icon on the upper right part of the screen.
    2. Do Restart.
    3. Push Enter as it says at the prompt, but don’t pop the CD out just yet as you would have to pop it back in anyways.
    4. Restart from Step 1 above.

    You’ll know you’re in the right drive if you see a folder called “Documents and Settings“. (You don’t need to open this folder! )

    Now that you’re in the file system….

    1. Please be aware that browsing the files and folders on the drive will be slower than normal as it’s running off of a CD. Please wait at least one minute between opening folders and such if they do not open immediately.
    2. Go to the WINDOWS folder.
    3. Go to the system32 folder.
    4. [Not needed if you know your Service Pack] Now, this folder is filled with stuff. You want to look for eula.txt. Open it up. (click on Display)
    5. [Not needed if you know your Service Pack] Scroll down to the bottom of the file. You should see something like “EULAID:XPSPand then a number. That number is which Service Pack you have.
      1. If your EULAID looks like this: EULAID:XPSP1: then try the SP3 file first if you believe you’ve been installing Windows Updates when Microsoft tells you to. Worst comes to worst, you’ll need to try the SP2 file.
      2. If your EULAID looks like this: EULAID:MCE05E: then try the SP3 file first if you believe you’ve been installing Windows Updates when Microsoft tells you to. Worst comes to worst, you’ll need to try the SP2 file.
    6. [Not needed if you know your Service Pack] Close the file.
    7. Now that you know this, you know what file to copy or download. (see the links above if you haven’t downloaded them yet)
    8. Copy the correct file for your system from wherever you have it stored (downloaded onto the Ubuntu desktop directly from this website/USB flash drive/CD/DVD/floppy) into the directory you have open. (WINDOWS/system32)
    9. Scroll all the way back up to where the folders are. Look for a folder called “dllcache“. Open it up.
    10. Copy the correct file for your system from wherever you have it stored (downloaded onto the Ubuntu desktop directly from this website/USB flash drive/CD/DVD/floppy) into the directory you have open. (WINDOWS/system32/dllcache)
    11. If you used a USB flash drive, be sure to right click your USB flash drive on the desktop after you’re done with it and do Unmount Volume.
    12. Close all the folders left on the desktop.
    13. Click the red and white Power icon on the upper right part of the screen.
    14. Do Restart.
    15. Follow the prompt to take out the CD and push Enter as it says.
    16. As the computer reboots, try going into Safe Mode.

    So, NOW are you able to log in?

    Yes!: You’re in! Congrats! I would STRONGLY recommend you scan for spyware (Recommendations/steps coming soon, I promise!) DO NOT BOOT INTO NORMAL MODE OR ELSE THE SPYWARE (if present) COULD DELETE userinit.exe AGAIN! You may be able to go into Safe Mode with Networking to access the Internet and download files that can clean your machine that way. I would recommend installing Malwarebytes’ Anti-Malware as it can run in Safe Mode and it is a free download. Please remember to update it before scanning. Also, please consider donating!

    Still No!: Now, here’s the cool part: since you have access to all the files on the drive via the Ubuntu CD, you can just plug in a USB flash drive or a USB hard drive and back everything up this way and just reinstall Windows!…that is, if you don’t care about your Windows installation and you’ve made sure (triple check) that everything you want backed up is NOT on that computer at all. If you want to try and keep your existing Windows installation, (or you can’t/won’t reinstall it for some reason) you’re going to need the Bart PE Method. (see the next page of this guide)

    Bart PE Method

    What you’ll need:
    • A working computer that’s running XP or higher (I am not sure about server OSes):
      • Your Windows XP CD (Restore/Recovery CDs from your computer maker/manufacturer may not work without some special Bart PE plugins)
        • This CD must have Service Pack 1 or higher on it. If your CD does not have this, please see here for info on slipstreaming your original XP CD with the latest Service Pack. You do not need to burn the new slipstreamed version of XP to fix your computer if you don’t want to. Simply point Bart PE to the directory in which the XP CD is on your hard drive to burn the Bart PE CD.
      • An Internet connection (!)
      • A blank CD
      • A CD burner/writer
    • The non-working computer in question:
      • Drive that accepts CDs must be bootable (if it’s not, you shouldn’t be running Windows XP in the first place!)
      • Access to the computer’s Basic Input Output System (BIOS)

    Got everything? Let’s get started!

    1.) Prepare the Bart PE Recovery CD

    First, you’ll need to download the installer for Bart PE. I have archived Bart PE v3.1.10a right here.

    Now that you have Bart PE, install it. After it’s installed, you should get a screen similar to this:

    Now, download this plugin, known as RunScanner. Since Bart PE is basically a mini version of Windows XP, it has it’s own registry, but you don’t care about editing that, you want to edit the registry of the unbootable machine! RunScanner will load just that upon the startup of Bart PE so it can be done. I have archived RunScanner v10015a right here. Now that you’ve downloaded the plugin, please leave it in .CAB form.

    Lastly, right-click and save this file: FixLogOnOffLoop.reg. Yep, that little file right over there will save your computer! Please leave the name and file extension alone. Please save this file in its OWN folder on your Desktop.

    Now, in that custom folder you just made, you’ll need to put the userinit.exe file. I’ll provide both files for you so you can put them onto the Bart PE CD. Be sure to put them in separate folders in the custom Bart PE folder, such as sp2 and sp3 or else you’ll overwrite one file with the other!

    Download Userinit.exe for XP SP2

    Download Userinit.exe for XP SP3

    Be sure to put them in separate folders in the custom Bart PE folder, such as sp2 and sp3 or else you’ll overwrite one file with the other!

    Now that all of that is done, let’s get back to Bart PE.

    Pop in your Windows XP CD, close the autorun screen if it pops up, and set the first option to the drive letter that contains your Windows XP CD. Mine in this case, is U:. Next, point the second option to that directory you saved FixLogOnOffLoop.reg and the userinit.exe files to. Mine in this case is C:Documents and SettingsWolfDesktopPE.

    Next, hit F4, or go to Builder -> Plugins. A screen like the one below should come up:

    Select Add, then find RunScanner10015a.cab and select it. Scroll down the list and see if it’s there. Also, make sure it’s enabled. After it’s all been checked out, click Close.

    • If your computer only has one CD/DVD drive in it then you need to do a bit of extra work in a bit. You need to set Bart PE to Create ISO image. Use the button on the right side to choose a place to save the .ISO file. A good place would be your Desktop. Click the Build button to make the ISO image. See the first pageof this guide if you do not know how to burn .iso files.
    • If your computer has more than one CD/DVD drive in it then set Bart PE to Burn to CD/DVD using CD-Record using your CD burner/writer by clicking Build. Depending on how fast your burner — and your computer in general — is, it should be done in a matter of minutes.

    Now that the CD is burnt, it’s time to go over to the computer that is not booting and fix it up!

    2.) Using Bart PE

    Now, boot your computer to Bart PE. When it’s done loading, you’ll see a dialog box asking for network support. Answer No. (use the arrow keys and Tab to select No if you don’t have mouse support for some odd reason) You’ll also see a minimized DOS box sitting next to the GO button. This is RunScanner. Let it load, and then when it disappears, you can start.

    Go to GO -> Programs -> A43 File Management Utility.

    Can you see your C: drive in the left window pane?

    Yes: Continue.

    No: You’ll need to rebuild and reburn the Bart PE CD with custom chipset drivers for your motherboard. Go here and here for more info about that.

    1. Navigate to C:WINDOWSsystem32.
    2. [Not needed if you know your Service Pack] Now, this folder is filled with stuff. You want to look for eula.txt. Open it up.
    3. [Not needed if you know your Service Pack] Scroll down to the bottom of the file. You should see something like “EULAID:XPSPand then a number. That number is which Service Pack you have.
      1. If your EULAID looks like this: EULAID:MCE05E… then try the SP3 file first if you believe you’ve been installing Windows Updates when Microsoft tells you to. Worst comes to worst, you’ll need to try the SP2 file.
    4. [Not needed if you know your Service Pack] Close the file.
    5. Now that you know this, you know what file to copy from the Bart PE CD. (see the links above if you haven’t downloaded them yet)
    6. Copy the correct userinit.exe file for your system from the custom folder made while building the Bart PE CD (Look in the root of the Bart PE CD) into C:WINDOWSsystem32.
    7. Scroll all the way back up to where the folders are. Look for a folder called “dllcache“. Open it up.
    8. Copy the correct userinit.exe file for your system from the custom folder made while building the Bart PE CD (Look in the root of the Bart PE CD) into C:WINDOWSsystem32dllcache.

    Go to GO -> Programs -> System Tools -> Remote RegEdit.

    Once Regedit opens, go to File -> Import….

    Bart PE should drop you in the root of the CD, which would be labeled X:. Select FixLogOnOffLoop.reg, and let it merge.

    You should be good to go! Exit Regedit, and restart your computer through the GO button. Remember to eject the CD.

    So, NOW are you able to log in?

    Yes!: You’re in! Congrats! I would STRONGLY recommend you scan for spyware (Recommendations/steps coming soon, I promise!) Also, please consider donating!

    No!: Since you have access to all the files on the drive via the Bart PE CD, you can just plug in a USB flash drive or a USB hard drive (plug in these things and reboot to the CD again for them to be detected) and back everything up this way and just reinstall Windows!…that is, if you don’t care about your Windows installation and you’ve made sure (triple check) that everything you want backed up is NOT on that computer at all. If you want to try and keep your existing Windows installation, (or you can’t/won’t reinstall it for some reason) you’re going to need to contact me for assistance (see the first page)

     

    Comments are closed.