1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Windows "logs off" after "open with" repair (userinit.exe)

Discussion in 'Windows XP' started by scottdavid88, Feb 22, 2008.

Thread Status:
Not open for further replies.
Advertisement
  1. scottdavid88

    scottdavid88 Thread Starter

    Joined:
    Feb 22, 2008
    Messages:
    31
    I have looked around for help on this issue and havn't been able to find a resolution that works. I think because I havn't been able to find any imformation on my specific issue.

    I am one of the most computer literate people I know, so when a co-worker mentioned to me that he was having problems with his computer, I agreed to look at it. His problem was simple, he had a lot of viruses. I have cleared most (however I assume not all) viruses and instinces of spyware. The computer worked fine for a little while while I did some final checks on his computer, then the problems started.


    He has a Dell Inspiron 710m Laptop, running Windows XP Pro. (Service tag 8sk8091)
    As far as I can tell, he has not added or upgraded it in any way. He only has some basic programs.

    I know that the issues might have something to do with his wireless.
    He is running the Intel® PRO/Wireless 2200BG.


    The computer is getting stop errors (BSOD)

    The first one was called DRIVER_IRQL_NOT_LESS_OR_EQUAL Stop: 0x000000D1 amd listed the file w29n51.sys (which upon further study, turned out to be a file related to his wireless.)

    I have already updated the drivers and reinstalled the program with the latest versions on the Intel website.

    I also noticed (though with not frequent) the stop error with the same name and stop code, but which listed the NDIS.sys file (which upon further study turned out to be a system utility).


    and now, I have gotten a stop error of 0x0000000A, (IRQL_NOT_LESS_OR_EQUAL) but without a listed file.


    I have tried, without success, to repair the problem, but I havn't been able to find something that could fix it. I am very computer literate, and know what I am doing, mostly, but when it comes to the more advanced items, I might need some guidance.


    Also, I suspect that this might be unrelated, but there is still an issue on his computer which I suspect might be a virus, but havn't been able to download a good virus software program because of these stop errors. For some reason, when I attempt to open the C: drive (his only drive) from My Computer, it opens up the "Open With" dialog box. On right click the "open" command has been replaced with some (seemingy random) characters. They dont spell anything that I can figure, but do still resemble english letters though with different symols (does that make sense? its not like "flklfahsf" its a number of characters that have no meaning to me)
    I can still "explore" the drive by right clicking and have been told that I should look for the autorun.ini, and the autorun.inf files and delete them, but they weren't present (hidden or visible). There was an autorun.(something, cant remember) file present, but I was reluctant to do anything with it. I assume that this is related to some virus, but like I said, I havn't been able to download norton without the computer stopping before the download finished.



    Any help would be great. I can get screenshots of some of these problems or post logs, whatever is needed for you to help. Any help would be much appreciated (both my coworker and I don't make a lot of money, so were trying to avoid shop costs).


    Thanks
     
  2. Claymore

    Claymore

    Joined:
    May 20, 2005
    Messages:
    2,548
    Hello,

    Sorry for your woes. I would stsrt by running the System File Checker:

    Start => Run ans type in:
    sfc /scannow {space after sfc/}

    For the drive problem:

    Copy the text below between the dotted lines, but not the dotted lines themselves. Open Notepad and paste it in. Save the result in a suitable location as drive.reg - making sure that the default .txt extension doesn't appear in the file name (Save as type = All Files).
    Double-click on the saved .reg file to merge the contents.
    Restart.

    Code:
    Windows Registry Editor Version 5.00
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shell]
    @="none"
     
  3. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    Does the BSOD ever occur when connected direct to the modem or router, bypassing the wireless config?

    For the "c:" drive issue, try this: Start > Run: cmd and at the prompt enter: regsvr32 shell32.dll


    I'm not sure I can find anything additional, but >>

    I can run a debugging utility on the dump files if you do this:

    1 > create a new folder on the desktop and call it "dumpcheck" or whatever you like
    2 > navigate to %systemroot%\minidump and copy the last few minidump files to that folder.%systemroot% is normally c:\windows. They are numbered by date. You can paste that address in address bar to get there.
    3 > close the folder and right click on it and select Send to Compressed (zipped) Folder.
    4 > use the "manage attachments" in the "advanced" reply window to upload that zip file here as an attachment.
     
  4. scottdavid88

    scottdavid88 Thread Starter

    Joined:
    Feb 22, 2008
    Messages:
    31
    I havn't had any more problems with stop errors... Nothing changed really for the errors to be stopping/slowing, but I have yet to receive another error... I have found out that I might have been receiving stop errors because of the network I was connected to and its compatibility with the older software and hardware, but I connected the laptop to my home network. I received one stop error (but a new one) but havn't received any since...

    So, yeah I wont worry about it much anymore until it happens again.

    However I am still in need of some help with the drive problem. Neither of the previous two posts helped. I however looked more into it, and I found out that it may have something to do with the registry, and indeed I did what I was told, and it fixed the problem, until I restarted the computer.

    I will explain in a minute what I found, but my question is: how can I figure out what is causing the change in the registry?

    I found that in the registry there is an entry called MountPoints2. Its located in HKCU\Software\Windows\CurrentVersion\Explorer
    This entry has something to do with the drives. I was told that if I deleted the various GUID keys in the MountPoints2 key, and then by adding an empty key "shell" to the C key (in Mountpoints2, then it would resolve the problem, and indeed it did. However on restart the problem returned and I looked at the registry, and it added two GUID keys, the first contains the keys that I believe are causing the problem, but after a few attempts at deleting them, I thought you guys could help me figure out what is causing these to be created?


    I have uploaded a screenshot of the registry... Is there a better way to get you the information? I originally exported the information as a txt file, but I thought this might be easier to see (expecially for those who are visual like myself)


    Thanks Again
     

    Attached Files:

  5. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    I'm puzzled as to why that key would be involved at all -- where did you get the tip from? For what it's worth, aside from screenshots, you can save and upload registry keys as text rather than .reg files for comparison.

    You might try this VBS fix although I think it does the same as the regsvr32 command I gave you >>

    http://www.dougknox.com/xp/scripts_desc/xp_folder_open.htm

    Does the problem occur if you restart in Safe Mode -- or try another User Account (such as the Guest Account)?

    If a 3rd party app is doing this, sometimes you can isolate it by clean booting >>

    Run msconfig and select the "Services" tab. Check "Hide Microsoft Services" and then disable the rest. Also uncheck "load startup group" on the general page.

    See this link for detailed information:

    http://support.microsoft.com/default.aspx?scid=kb;EN-US;310353
    http://support.microsoft.com/kb/929135 << for Vista, but applies equally to XP, and better written.

    Now restart and test the issue at hand

    If no problems, run msconfig and recheck half the disabled items on the Services tab. Test again. If the problem recurs, UNcheck half the items you just checked to narrow down the culprit.

    If the problem didn't occur, check the other half, so all the Services are enabled -- proceed to do this on the startup tab as well.

    Get the idea? You want to isolate the problem to a specific startup if possible.

    Note: if you already have items unchecked under msconfig > startups and are in &#8220;selective&#8221; startup mode &#8211; you should note what these are before beginning. They will need to be de-selected again.
     
  6. scottdavid88

    scottdavid88 Thread Starter

    Joined:
    Feb 22, 2008
    Messages:
    31
    I ran the VBS Script to no avail.

    I ran a clean boot, and the error still occured. Could it be something with a Windows service do you think?

    As for where I found that registry entry... I simply did a google search, and found someone with the same problems. There was a recomendation for a workaround that stated that we could put an empty autorun.ini file in the C drive, but I decided against doing that. There was also a mention about that entry in registry. I looked into it (im not stupid enough to just make changes without looking into it) and found that that was the only place in my registry that had the exact problem I was experiencing. I created a backup and deleted those keys and voila! it fixed the problem until I restarted. (The person that mentioned this also suggested that I should delete all autorun files in my computer by way of a search. I decided against it.)


    Even though I think that you have a pretty good idea as to what my problem is, I figure it wouldn't help to show you exactly what the issue is.


    When I double click to open my hard drive from "My Computer", it opens the "Open With" dialog box (the one that asks you to choose a program, in case there is another "Open With" dialog box that I am unaware of). When I right click on the drive, this is what I see:
    [​IMG]

    Clicking on those characters that are in place of the "Open" command will open the "Open With" dialog box. I can still, however open the hard drive by selecting "Explore".

    (and in case this might be related to the files in the drive, here is what I see:
    [​IMG]


    When I looked into the registry, I searched for those characters ("Îòêðûòü") and found that there are in only one place in the registry. I looked at the other keys in there and there is mention of a file "D45182AD.exe", but I couldn't find that file, and I have no idea what that file is or would do...

    I deleted those keys that contain this information, closed the editor, checked that it was fixed (it was) then reopened the editor. The keys then return, but without that information in them. However when I restart, that information is again in the keys (including when I did a clean boot). However when I rebooted in safe mode, the error was still there, but instead of being in those GUID keys, it was in the C key...

    I am including a .txt file with the registry key that is causing this problem for reference.



    I have stopped receving those Stop Errors, and other than some stupid Norton AV glitch, this is the only problem I notice on this computer...
    (It says that "Rollin' Rog" is Moderator here, is it possible to change the title of this thread to one thats more specific to the problem I am facing now?)


    Thanks again gentlemen (and I presume ladies).
     

    Attached Files:

  7. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    I wasn't quite sure what to change the title to, if you have a better description I can change it.

    First, I'm wondering if the same dialog and screen choices will appear if you change from the Tasks to the Classic view.

    To do this, Select Tools > Folder Options and then "classic view"

    In that contect menu I am not seeing "open", but what looks like Greek or Russian (literally) in its place. Does the drive open when you select that?
     
  8. scottdavid88

    scottdavid88 Thread Starter

    Joined:
    Feb 22, 2008
    Messages:
    31
    No, like I said, when I select that command, it opens the "Open With" dialog box. Its like that command totally took over the "Open" command. But like I said, when I delete those GUID keys in the registry, then it opens fine and those characters are replaced with the open command.

    Switching to the Classic View has no effect.

    The characters aren't greek, they might be russian, but I am fine assuming that they are just random english characters (a lot of english characters have the accent marks like these. you can view them in the character map)

    oh and what you changed the title to is fine...


    Any other suggestions? I cannot figure this out...
     
  9. scottdavid88

    scottdavid88 Thread Starter

    Joined:
    Feb 22, 2008
    Messages:
    31
    is it possible that this is a Rootkit? I was just reading about them, and I admit I have no idea what to do about these... I ran RootkitRevealer, but I am having a difficult time understanding the log... Do you guys know anything about it?
     
  10. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    Is there more than one device identified as a hard disk? It says "local disk", but is that the boot drive? What is the other drive?

    Run diskmgmt.msc and see what is there.


    It's been a long time since I've run rootkitrevealer -- and as I recall the log is a bit tricky to interpret. You have to be suspicious of files that are hidden from the normal Windows API -- usually you can determine whether these are legit or not by googling them.

    Another scanner you might try is "Blacklight"

    http://www.f-secure.com/blacklight/

    http://www.bleepingcomputer.com/tutorials/tutorial124.html

    If you like I will ask a security expert to look in on this.
     

    Attached Files:

  11. scottdavid88

    scottdavid88 Thread Starter

    Joined:
    Feb 22, 2008
    Messages:
    31
    The only drives on the computer is the one C hard drive... and a DVD+RW (?... a CD drive).

    I ran the disk management and attached the image of what I saw.

    As for the image you posted, I guess the menu is set up differently on this computer. It has Explore in a different place and "Open" should be the main command. (It is the same on my other computer.)

    As for the possibility of a rootkit, i highly doubt there is one on it now... I ran it a few times and it seems that the stuff is normal, even though im not sure about it, Im sure enough to put off running a scan until its apparant that its the cause... save the headaches....

    But yeah, any help that you can offer, if you can ask anyone you know that would be great. I ran it qucikly by our IT guy at work (who is really too busy to be able to give me more than one minute) and he had no ideas for me that I havn't already tried...


    But thanks for you help thus far.
     

    Attached Files:

  12. Tufenuf

    Tufenuf

    Joined:
    Jul 28, 2007
    Messages:
    2,461
  13. scottdavid88

    scottdavid88 Thread Starter

    Joined:
    Feb 22, 2008
    Messages:
    31
    The majority of the comments on that page stated that it did not work.... so I didn't perform that action.
    Instead in one of the comments there was a post that showed a different fix. I ran that fix and now when I start my computer it goes to log on, but then logs off. I click the user name and it starts to log on then logs off...

    I cannot log onto windows!

    How do I undo the registry change? How can I run regedit?
    This is what I did....
    http://www.techhunt.org/node/11
     
  14. Elvandil

    Elvandil

    Joined:
    Aug 1, 2003
    Messages:
    51,988
    Try Last Good on the boot menu.

    After you get back in, see if Computer was somehow added to the file types under HKCR in the registry. It may be listed as "{20D04FE0-3AEA-1069-A2D8-08002B30309D}".
     
  15. scottdavid88

    scottdavid88 Thread Starter

    Joined:
    Feb 22, 2008
    Messages:
    31
    I tried the "last good" config already. No luck.

    I need to know how to get into the registry editor without having to log onto windows... because I obviously cant logon....
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/686069

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice