Windows Xp logs out immediately after login

okacs
okacs used Ask the Experts™
on
I have fresh a Windows XP install on an HP desktop.  (recovery from prior virus infection).  The install was working just fine, but suddenly I cant login anymore.  The user select screen appears, I can enter the password and it says "applying your settings" and briefly displays the wallpaper, but then goes immediately to "saving your settings" and logs out and goes back to the user login screen.  This happens for all 3 user accounts - including the administrator account.

The same thing happens when trying to boot into safe mode, safe mode with networking, and last known good configuration.  Booting into Safe Mode with Command line just hangs the system.  I tried using the Windows XP install disk to recover, and it copied all the files over my installation, but when i try and login, the problem persists.  I booted up with a copy of BartPE and can browse the file system.  There is nothing in the startup folder for any of the user accounts, nor in the "all users".

I just restored the data to this drive and I don't have a backup (I had to re-use the USB drive that the data was on to recover another PC).  While I probably COULD back the data up from BartPE and wipe the drive AGAIN, I really don't want to have to do that.

Is there a way to fix this?  Is the problem in the windows subsystem or in the profiles?  Anyone have a quick fix for this?

Thanks.


Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Commented:
Sounds like a corrupt OS. Have you tried running the Windows repair from the installation disk? That is the second repair option that comes up along with the full install option. I say try that it may save you from having to do a full install.
retired
Top Expert 2009
Commented:
The following page describes how this problem occurs after you have attempted to clean up adware/spyware with a certain version of the data, and also what to do about it:

http://www.winxptutor.com/wsaremove.htm
Unable to logon to Windows after removing BlazeFind using a spyware removal utility?

[begin quote from the above page:]

Logon - Logoff loop, also caused by BlazeFind

Another critical symptom caused by this malware: This malware modifies the Userinit area in the registry (replacing the userinit.exe with wsaupdater.exe) and Ad-Aware (with a particular definition update) removes the wsaupdater.exe file from the system, thus causing the Logon - Logoff loop. That is, when you login to Windows, the 'loading personal settings" verbose will appear, but suddenly it will logoff. This issue was documented clearly by Lavasoftusa in it's Lavahelp Knowledgebase.

Here is the solution to the logon - logoff issue in Windows XP.

Enter the Recovery Console

Boot the system using the Windows XP CD-ROM. In the first screen when the Setup begins, read the instructions press "R" (in the first screen) enter the Recovery Console. Type-in the built-in Administrator password to enter the Console. You'll see the prompt reading C:\Windows (Or any other drive-letter where you've installed XP)

Type the following command and press Enter.

CD SYSTEM32
(If that does not work, try CHDIR SYSTEM32)

COPY USERINIT.EXE WSAUPDATER.EXE

Quit Recovery Console by typing EXIT and restart Windows.

You'll be able to login successfully as you've created the wsaupdater.exe file (now, a copy of userinit.exe)

Now, change the USERINIT value in the registry (see Phase II in this page) and change it accordingly.


NOTE    If you don't have a Windows XP CD-ROM, you need to use Windows XP Setup floppy disks to enter the Recovery Console.

 Phase II  -  Fixing a registry entry which causes the Quick Launch issue (not retaining the settings)

Click Start, Run and type REGEDIT. Navigate to:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon]

In the right-pane, change the value of Userinit to "C:\WINDOWS\system32\userinit.exe,"

Type the above value exactly as given, including the comma - exclude the quotes. Also, change the path to userinit.exe appropriately, if Windows is installed in a different drive.

Close Registry Editor and restart Windows.

[end quote.]


Sometimes, you will find that there is no file Userinit.exe or Wsaupdater.exe in the \Windows\System32\ folder.  In this case, all you need to do is, while in the Recovery Console, use the following command to decompress the file userinit.ex_ into the \Windows\System32\ folder as userinit.exe (where X: is replaced by whatever drive letter your CD-ROM uses):

EXPAND X:\I386\USERINIT.EX_  C:\WINDOWS\SYSTEM32

Author

Commented:
OrionsX - Yes, I already tried the Windows install Cd recovery.

LeeTutor - Wouldn't running "recovery" from the install CD replace the files that you are talking about?

Thanks.
How to Generate Services Revenue the Easiest Way

This Tuesday! Learn key insights about modern cyber protection services & gain practical strategies to skyrocket business:

- What it takes to build a cloud service portfolio
- How to determine which services will help your unique business grow
- Various use-cases and examples

LeeTutorretired
Top Expert 2009

Commented:
Quite possibly, but there are also the registry entries to be concerned with.  This particular solution has worked many, many times in the E-E database of Previously Answered Questions.

Author

Commented:
LT - that worked.  Thanks!

Unfortunately, now I cant install anything on the system.  Example:  My Wireless NIC driver says it must be uninstalled before reinstalling, but I cant uninstall it because the files are gone.  Catch 22.  Sheesh....

LeeTutorretired
Top Expert 2009

Commented:
What happened to the driver files?  Were they destroyed by the malware that caused this whole problem?

Author

Commented:
Yup.  pretty much EVERY .EXE file was infected and incurable and thus removed.  :)
LeeTutorretired
Top Expert 2009

Commented:
Sounds like the only option is a clean install...   ;0(

At least the logon-logoff loop was solved.

Author

Commented:
Well, there's at least one EXE that survived.... The Virus!  Lol.  Damned fake Anti-Virus app is reinfecting everything again.  Prolly gonna have to wipe and reinstall anyway.  :(

Author

Commented:
Accepting solution to original problem.  Thanks!
I experienced a similar issue as originally described, that required a different fix, I'll document it here for others, in case the above doesn't work for you.  I didn't have the same malware, and didn't lose all the programs.

At first it was just white cursor on black screen.  I discovered some files in the windows folder were inaccessible due to security settings. I added everyone-full access.

Then it was logging in and immediately logging out, so I just opened security across the whole drive, then I could log in.  

It was probably a result of malware, though a failed Norton install, a botched Acronis OSS access via USB, and an ancient copy of Roxio GoBack 3 all happened too.

I used an old copy of ERD Commander 2005 to reset all the permissions in one swell foop,
(it cried about non-existent tokens, probably from the domain the system had been removed from years ago ).

I've not yet repaired the file permissions, but I expect Microsoft's KB 313222 will do well enough since it's now a solo home system.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial