<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:x="urn:schemas-microsoft-com:office:excel" xmlns:p="urn:schemas-microsoft-com:office:powerpoint" xmlns:a="urn:schemas-microsoft-com:office:access" xmlns:dt="uuid:C2F41010-65B3-11d1-A29F-00AA00C14882" xmlns:s="uuid:BDC6E3F0-6DA3-11d1-A2A3-00AA00C14882" xmlns:rs="urn:schemas-microsoft-com:rowset" xmlns:z="#RowsetSchema" xmlns:b="urn:schemas-microsoft-com:office:publisher" xmlns:ss="urn:schemas-microsoft-com:office:spreadsheet" xmlns:c="urn:schemas-microsoft-com:office:component:spreadsheet" xmlns:odc="urn:schemas-microsoft-com:office:odc" xmlns:oa="urn:schemas-microsoft-com:office:activation" xmlns:html="http://www.w3.org/TR/REC-html40" xmlns:q="http://schemas.xmlsoap.org/soap/envelope/" xmlns:rtc="http://microsoft.com/officenet/conferencing" xmlns:D="DAV:" xmlns:Repl="http://schemas.microsoft.com/repl/" xmlns:mt="http://schemas.microsoft.com/sharepoint/soap/meetings/" xmlns:x2="http://schemas.microsoft.com/office/excel/2003/xml" xmlns:ppda="http://www.passport.com/NameSpace.xsd" xmlns:ois="http://schemas.microsoft.com/sharepoint/soap/ois/" xmlns:dir="http://schemas.microsoft.com/sharepoint/soap/directory/" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:dsp="http://schemas.microsoft.com/sharepoint/dsp" xmlns:udc="http://schemas.microsoft.com/data/udc" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:sub="http://schemas.microsoft.com/sharepoint/soap/2002/1/alerts/" xmlns:ec="http://www.w3.org/2001/04/xmlenc#" xmlns:sp="http://schemas.microsoft.com/sharepoint/" xmlns:sps="http://schemas.microsoft.com/sharepoint/soap/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:udcs="http://schemas.microsoft.com/data/udc/soap" xmlns:udcxf="http://schemas.microsoft.com/data/udc/xmlfile" xmlns:udcp2p="http://schemas.microsoft.com/data/udc/parttopart" xmlns:wf="http://schemas.microsoft.com/sharepoint/soap/workflow/" xmlns:dsss="http://schemas.microsoft.com/office/2006/digsig-setup" xmlns:dssi="http://schemas.microsoft.com/office/2006/digsig" xmlns:mdssi="http://schemas.openxmlformats.org/package/2006/digital-signature" xmlns:mver="http://schemas.openxmlformats.org/markup-compatibility/2006" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns:mrels="http://schemas.openxmlformats.org/package/2006/relationships" xmlns:spwp="http://microsoft.com/sharepoint/webpartpages" xmlns:ex12t="http://schemas.microsoft.com/exchange/services/2006/types" xmlns:ex12m="http://schemas.microsoft.com/exchange/services/2006/messages" xmlns:pptsl="http://schemas.microsoft.com/sharepoint/soap/SlideLibrary/" xmlns:spsl="http://microsoft.com/webservices/SharePointPortalServer/PublishedLinksService" xmlns:Z="urn:schemas-microsoft-com:" xmlns:st="" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<!--[if !mso]>
<style>
v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style>
<![endif]-->
<style>
<!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";}
span.EmailStyle18
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.EmailStyle19
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle20
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle21
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle22
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle23
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle25
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="2050" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=EN-US link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal><span style='color:#1F497D'>I just finished fixing this same
problem. In my situation the c:\windows\system32\userinit.exe file was no
longer being used. It had been switched in the registry to a bad copy of
winlogon32.exe.<o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'>You will need to use something
like BartPE to boot up and edit the registry (<a
href="http://www.nu2.nu/pebuilder/">http://www.nu2.nu/pebuilder/</a>) then
change the key back over so that it uses userinit.exe. In some cases the
userinit.exe file actually gets overwritten but you should be able to pull it
off the bartpe disk.<o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'>Once you boot in bartpe, use the
command prompt to open regedit. You’ll want to click on HKEY_USERS
then load the hive C:\Windows\System32\Config\software and save it as something
like myHive. Open it up and find HKEY_USERS \ MyHive \ Microsoft \
Windows NT \ CurrentVersion \ Winlogon and changethe value back to
c:\windows\system32\userinit.exe. When you’re done, you want to makes
sure and unload the hive then reboot.<o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'>That should get you up and
operational. Hopefully that’s the same problem. I’m
telling you this by memory so if you don’t see something that I mentioned,
let me know and I’ll try and remember better </span><span
style='font-family:Wingdings;color:#1F497D'>J</span><span style='color:#1F497D'>.<o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p>
<div>
<p class=MsoNormal><span style='color:#1F497D'><img border=0 width=306
height=99 id="Picture_x0020_1" src="cid:image002.jpg@01CA984C.1635C700"
alt=dustin-sig><o:p></o:p></span></p>
</div>
<p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p>
<div>
<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'>
<p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span
style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>
discuss-bounces@itdiscuss.org [mailto:discuss-bounces@itdiscuss.org] <b>On
Behalf Of </b>Roger Wright<br>
<b>Sent:</b> Monday, January 18, 2010 2:18 PM<br>
<b>To:</b> 'IT Discussion Forum'<br>
<b>Subject:</b> Re: [itdiscuss] Virus Cleaning Problems<o:p></o:p></span></p>
</div>
</div>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal><span style='color:#1F497D'>I had a similar issue lately
where malware had corrupted the MS Networking Client. I had to remove it
and reinstall it and all was fine.<o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'>Roger Wright<o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p>
<div>
<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'>
<p class=MsoNormal style='margin-left:.5in'><b><span style='font-size:10.0pt;
font-family:"Tahoma","sans-serif"'>From:</span></b><span style='font-size:10.0pt;
font-family:"Tahoma","sans-serif"'> discuss-bounces@itdiscuss.org
[mailto:discuss-bounces@itdiscuss.org] <b>On Behalf Of </b>blloyd@buskercom.com<br>
<b>Sent:</b> Monday, January 18, 2010 3:13 PM<br>
<b>To:</b> discuss@itdiscuss.org<br>
<b>Subject:</b> Re: [itdiscuss] Virus Cleaning Problems<o:p></o:p></span></p>
</div>
</div>
<p class=MsoNormal style='margin-left:.5in'><o:p> </o:p></p>
<p class=MsoNormal style='margin-left:.5in'><span style='color:#1F497D'>I
don’t know if you can boot into safe mode as I forgot to try that.
Lord willing, I will have to check that out tonight or tomorrow.<o:p></o:p></span></p>
<p class=MsoNormal style='margin-left:.5in'><span style='color:#1F497D'><o:p> </o:p></span></p>
<div>
<p class=MsoNormal style='mso-margin-top-alt:0in;margin-right:0in;margin-bottom:
12.0pt;margin-left:.5in'><span style='font-size:12.0pt;font-family:"Times New Roman","serif"'><o:p> </o:p></span></p>
<p style='mso-margin-top-alt:5.0pt;margin-right:0in;margin-bottom:12.0pt;
margin-left:.5in'><b><span style='font-size:14.0pt;color:navy'>Bill Lloyd</span></b><span
style='color:navy'> </span><span style='font-size:11.0pt;color:navy'><br>
IT Manager</span><o:p></o:p></p>
<p class=MsoNormal style='margin-left:.5in'><span style='font-size:12.0pt;
font-family:"Times New Roman","serif"'><img border=0 width=149 height=46
id="_x0000_i1025" src="cid:image003.jpg@01CA984C.1635C700"><o:p></o:p></span></p>
<p style='margin-left:.5in'><span style='font-size:11.0pt;color:black'>2567
Athens Hwy.<br>
Gainesville, GA 30507<br>
Phone: 770-417-1604 Ext.: 250<br>
Fax: 770-417-1747<br>
Cell: 404-379-6963</span><o:p></o:p></p>
<p style='margin-left:.5in'><em><span style='font-size:11.0pt;color:navy'>blloyd@buskercom.com</span></em><o:p></o:p></p>
<p class=MsoNormal style='margin-left:.5in'><span style='font-size:7.0pt;
font-family:"Arial","sans-serif";color:navy'>This email and any accompanying
attachments may contain confidential and proprietary information. If you are
not the intended recipient, you are requested to delete this entire
communication immediately. Emails cannot be guaranteed to be secure or free of
errors or viruses. The sender does not accept any liability or responsibility
for any problems that may result from emails you receive.</span><o:p></o:p></p>
<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'>
<p class=MsoNormal style='margin-left:.5in'><b><span style='font-size:10.0pt;
font-family:"Tahoma","sans-serif"'>From:</span></b><span style='font-size:10.0pt;
font-family:"Tahoma","sans-serif"'> discuss-bounces@itdiscuss.org
[mailto:discuss-bounces@itdiscuss.org] <b>On Behalf Of </b>Roger Wright<br>
<b>Sent:</b> Monday, January 18, 2010 3:09 PM<br>
<b>To:</b> 'IT Discussion Forum'<br>
<b>Subject:</b> Re: [itdiscuss] Virus Cleaning Problems<o:p></o:p></span></p>
</div>
</div>
<p class=MsoNormal style='margin-left:.5in'><o:p> </o:p></p>
<p class=MsoNormal style='margin-left:.5in'><span style='color:#1F497D'>And
Safe Mode works or not?<o:p></o:p></span></p>
<p class=MsoNormal style='margin-left:.5in'><span style='color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal style='margin-left:.5in'><span style='color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal style='margin-left:.5in'><span style='color:#1F497D'><o:p> </o:p></span></p>
<div>
<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'>
<p class=MsoNormal style='margin-left:1.0in'><b><span style='font-size:10.0pt;
font-family:"Tahoma","sans-serif"'>From:</span></b><span style='font-size:10.0pt;
font-family:"Tahoma","sans-serif"'> discuss-bounces@itdiscuss.org
[mailto:discuss-bounces@itdiscuss.org] <b>On Behalf Of </b>blloyd@buskercom.com<br>
<b>Sent:</b> Monday, January 18, 2010 3:00 PM<br>
<b>To:</b> discuss@itdiscuss.org<br>
<b>Subject:</b> Re: [itdiscuss] Virus Cleaning Problems<o:p></o:p></span></p>
</div>
</div>
<p class=MsoNormal style='margin-left:1.0in'><o:p> </o:p></p>
<p class=MsoNormal style='margin-left:1.0in'><span style='color:#1F497D'>I
didn’t because Bitdefender boots via CD using a Linux OS.<o:p></o:p></span></p>
<p class=MsoNormal style='margin-left:1.0in'><span style='color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal style='margin-left:1.0in'><span style='color:#1F497D'>This same
problem occurs regardless of the user who logs on.<o:p></o:p></span></p>
<p class=MsoNormal style='margin-left:1.0in'><span style='color:#1F497D'><o:p> </o:p></span></p>
<div>
<p class=MsoNormal style='mso-margin-top-alt:0in;margin-right:0in;margin-bottom:
12.0pt;margin-left:1.0in'><span style='font-size:12.0pt;font-family:"Times New Roman","serif"'><o:p> </o:p></span></p>
<p style='mso-margin-top-alt:5.0pt;margin-right:0in;margin-bottom:12.0pt;
margin-left:1.0in'><b><span style='font-size:14.0pt;color:navy'>Bill Lloyd</span></b><span
style='color:navy'> </span><span style='font-size:11.0pt;color:navy'><br>
IT Manager</span><o:p></o:p></p>
<p class=MsoNormal style='margin-left:1.0in'><span style='font-size:12.0pt;
font-family:"Times New Roman","serif"'><o:p> </o:p></span></p>
<p style='margin-left:1.0in'><span style='font-size:11.0pt;color:black'>2567
Athens Hwy.<br>
Gainesville, GA 30507<br>
Phone: 770-417-1604 Ext.: 250<br>
Fax: 770-417-1747<br>
Cell: 404-379-6963</span><o:p></o:p></p>
<p style='margin-left:1.0in'><em><span style='font-size:11.0pt;color:navy'>blloyd@buskercom.com</span></em><o:p></o:p></p>
<p class=MsoNormal style='margin-left:1.0in'><span style='font-size:7.0pt;
font-family:"Arial","sans-serif";color:navy'>This email and any accompanying
attachments may contain confidential and proprietary information. If you are
not the intended recipient, you are requested to delete this entire
communication immediately. Emails cannot be guaranteed to be secure or free of
errors or viruses. The sender does not accept any liability or responsibility
for any problems that may result from emails you receive.</span><o:p></o:p></p>
<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'>
<p class=MsoNormal style='margin-left:1.0in'><b><span style='font-size:10.0pt;
font-family:"Tahoma","sans-serif"'>From:</span></b><span style='font-size:10.0pt;
font-family:"Tahoma","sans-serif"'> discuss-bounces@itdiscuss.org
[mailto:discuss-bounces@itdiscuss.org] <b>On Behalf Of </b>Roger Wright<br>
<b>Sent:</b> Monday, January 18, 2010 2:57 PM<br>
<b>To:</b> 'IT Discussion Forum'<br>
<b>Subject:</b> Re: [itdiscuss] Virus Cleaning Problems<o:p></o:p></span></p>
</div>
</div>
<p class=MsoNormal style='margin-left:1.0in'><o:p> </o:p></p>
<p class=MsoNormal style='margin-left:1.0in'><span style='color:#1F497D'>Have
you booted into safe mode to do your cleaning?<o:p></o:p></span></p>
<p class=MsoNormal style='margin-left:1.0in'><span style='color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal style='margin-left:1.0in'><span style='color:#1F497D'>I’ve
found a dual scan with MalwareBytes and VIPREPCRescue to be best for cleaning. <o:p></o:p></span></p>
<p class=MsoNormal style='margin-left:1.0in'><span style='color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal style='margin-left:1.0in'><span style='color:#1F497D'>Perhaps
the user’s profile is corrupt. What happens when you log on as a
different user.<o:p></o:p></span></p>
<p class=MsoNormal style='margin-left:1.0in'><span style='color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal style='margin-left:1.0in'><span style='color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal style='margin-left:1.0in'><span style='color:#1F497D'>Roger
Wright<o:p></o:p></span></p>
<p class=MsoNormal style='margin-left:1.0in'><span style='color:#1F497D'><o:p> </o:p></span></p>
<div>
<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'>
<p class=MsoNormal style='margin-left:1.5in'><b><span style='font-size:10.0pt;
font-family:"Tahoma","sans-serif"'>From:</span></b><span style='font-size:10.0pt;
font-family:"Tahoma","sans-serif"'> discuss-bounces@itdiscuss.org
[mailto:discuss-bounces@itdiscuss.org] <b>On Behalf Of </b>blloyd@buskercom.com<br>
<b>Sent:</b> Monday, January 18, 2010 2:22 PM<br>
<b>To:</b> discuss@itdiscuss.org<br>
<b>Subject:</b> [itdiscuss] Virus Cleaning Problems<o:p></o:p></span></p>
</div>
</div>
<p class=MsoNormal style='margin-left:1.5in'><o:p> </o:p></p>
<p class=MsoNormal style='margin-left:1.5in'>Recently I cleaned off a PC at our
church that had 5 different viruses/Trojans on it. I use Bitdefender to
scan and clean the system. Once I got the system cleared I rebooted the
system and attempted to log in. However, the only thing the system does
now is log on and immediately log the user out. Any ideas of what might
be wrong or what I can do to fix the problem?<o:p></o:p></p>
<p class=MsoNormal style='margin-left:1.5in'><o:p> </o:p></p>
<p class=MsoNormal style='margin-left:1.5in'>Thanks,<o:p></o:p></p>
<p class=MsoNormal style='margin-left:1.5in'><o:p> </o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:0in;margin-right:0in;margin-bottom:
12.0pt;margin-left:1.5in'><span style='font-size:12.0pt;font-family:"Times New Roman","serif"'><o:p> </o:p></span></p>
<p style='mso-margin-top-alt:5.0pt;margin-right:0in;margin-bottom:12.0pt;
margin-left:1.5in'><b><span style='font-size:14.0pt;color:navy'>Bill Lloyd</span></b><span
style='color:navy'> </span><span style='font-size:11.0pt;color:navy'><br>
IT Manager</span><o:p></o:p></p>
<p class=MsoNormal style='margin-left:1.5in'><span style='font-size:12.0pt;
font-family:"Times New Roman","serif"'><img border=0 width=149 height=46
id="_x0000_i1026" src="cid:image003.jpg@01CA984C.1635C700"><o:p></o:p></span></p>
<p style='margin-left:1.5in'><span style='font-size:11.0pt;color:black'>2567
Athens Hwy.<br>
Gainesville, GA 30507<br>
Phone: 770-417-1604 Ext.: 250<br>
Fax: 770-417-1747<br>
Cell: 404-379-6963</span><o:p></o:p></p>
<p style='margin-left:1.5in'><em><span style='font-size:11.0pt;color:navy'>blloyd@buskercom.com</span></em><o:p></o:p></p>
<p class=MsoNormal style='margin-left:1.5in'><span style='font-size:7.0pt;
font-family:"Arial","sans-serif";color:navy'>This email and any accompanying
attachments may contain confidential and proprietary information. If you are
not the intended recipient, you are requested to delete this entire
communication immediately. Emails cannot be guaranteed to be secure or free of
errors or viruses. The sender does not accept any liability or responsibility
for any problems that may result from emails you receive.</span><o:p></o:p></p>
</div>
</body>
</html>