New issue with Windows XP SP2.

I've never seen this issue before, so I have no idea how to fix it. Last night while rebooting my system, it booted Windows XP normally and I was in the User Selection screen. When I would select my user (the only one there is) my desktop background image will appear for a few seconds and then it reverts back to the User Selection screen.

To me it seems like it cannot start any of Windows' services. I get no errors or warnings. I'm trying to avoid having to completely re-install windows and all my drivers. The problem is that I do not have a Windows XP SP2 recovery disk on hand.

I had a virus removed last night but the BitDefender scan found all the infected files in the Temp folder and not anywhere important like System/... or System32/...

Any suggestions?

EDIT: It would also be worth noting that booting up in safe mode gives me the same issue.

 

I think a virus may have infected the userinit.exe file which Windows uses to log in users and get them to the desktop. If a virus infected it, or replaced it, then a virus scanner may have removed it. Or a change may have been made to the login section in the registry, and that that the infected file is gone, the login routine craps out because the registry is pointing to a file that has been erased. So- I have attached a clean fully functional userinit.exe file below (it's zipped). Unzip it and copy it to the Windows\System32 folder if you suspect this is part of your problem. Accessing the registry on a system where Windows doesn't load can be tricky and usually involves booting to a PECD (like the UBCD4Win). Anyway- the key you're looking for is:
HKLM\Software\Microsoft\WindowsNT\Current Version\Winlogon
In the right pane you're looking for the 'Userinit' entry. It should read EXACTLY like this:
C:\WINDOWS\system32\userinit.exe,
Note the comma at the end. Many viruses attach extra things after comma, and if these extras were removed by a virus scan, you'll get the same login problem you're now experiencing. So you'd right click the Userinit entry, click Modify, and make the needed changes to make it read as the line above reads.

GOOD LUCK!

 

Thanks for the reply, I'll give your suggestions a try.

 

Okay, so I've gotten my primary partition to work. I was unable to create a boot CD based off my Windows Installation CD since it is not a standard (official) windows install, it is modified. My solution to this was simply to install a second copy of XP on another hard disk. I booted up on the second boot and followed your instructions.

It turns out that my userinit.exe was indeed infected and deleted by the virus scan. Upon rebooting I still noticed issues, although at least my system is functional. My computer is still infected with the aforementioned virus. I am currently running a Kaspersky Online Scan (I used BitDefender to scan my PC last night) and so far It has found several infections.

The scan has found several infected files (some of which I know are not Windows files and possibly just dummy DLLs posing as system critical services.

Many of these files are infected with a "Trojan-***-Win32.Agent.aooc."

Names like "Trojan-Spy..., Trojan-Downloader..., Trojan-Dropper..." and finally a "Trojan.Win32.Agent.ccwq"

Seems as though it detects the Trojan as a generic Trojan which means it hasn't actually identified a specific Trojan and has found infected files through generic signatures. Anyways that probably means I'll have to manually remove said Trojan unless of course another Anti-virus has an effective cure.

 

You may want to post in the Malware forum and include a link to this thread. But first follow the steps in the world famous Major Geeks READ ME FIRST Removal Guide available at this link. Good luck!
:-D

[dlb]