Printed from:
http://saveme.danfischbach.com/altd2
I've spent a great deal of time and effort on this FREE guide and programs. If you wish to give your thanks, (and your income allows) please consider pushing this button to via PayPal! I also accept checks/money orders if you email me. Thank You! :-D
Notice: This fix is for Windows XP and not for Windows Vista or Windows 7. Please make sure you always start at the the beginning of the guide.

Alternate Disc - Step 2

Now, we're going to fix certain parts of the registry using the Offline Registry Editor CD/DVD you just made.

Remember, type slowly! Please note that capitalization, punctuation and spelling matter!

  1. Put the Offline Registry Editor CD/DVD into the infected computer and boot to it.
  2. You'll see boot: _ at the bottom of your screen. Press Enter/Return to continue. (if you don't push anything after a bit, it will push Enter for you, so don't panic. :-) )
  3. After some stuff scrolls by, a menu will appear. Press d then Enter/Return.
  4. You'll see a list of things displayed under the heading Candidate Windows partitions found. One of them says BOOT over on the right. Look ALL the way over to the left (under the word Candidate) of your screen. A number is there. Type that number in (the number on the line that says BOOT) and push Enter/Return.
  5. If you get a prompt asking you to "force it", push y and then Enter, otherwise skip this step.
  6. Push Enter/Return at the prompt asking you about the path to the registry.
  7. Push 2 then Enter/Return at the 1st menu.
  8. Push 9 then Enter/Return at the 2nd menu.
  9. You should be dropped to a prompt that looks like this: > _.
  10. Remember, type slowly! Please note that capitalization, punctuation and spelling matter!
  11. Type cd Microsoft then push Enter/Return.
  12. Type cd Windows NT then push Enter/Return.
  13. Type cd CurrentVersion then push Enter/Return.
  14. Type cd Winlogon then push Enter/Return. (that's a lowercase ell and not a capital eye)
Does the prompt at the bottom of the screen say something EXACTLY like this?
(...)\Windows NT\CurrentVersion\Winlogon> _

Yes: Good! Continue these directions.

No: Go back and retype those commands starting with Step 11. If you're having issues, just keep typing cd .. (cd, space, then two periods) and then Enter/Return until the prompt says > _.

Fixing userinit/Userinit

Type dv userinit then push Enter/Return.

Don't worry if you get an error message that says "del_value: value userinit not found!". That's a good thing! :-)

Now, type cat Userinit then push Enter/Return.

Look near the bottom part of your screen. (about the third line up) That last command should have popped up something. Do you see a line that says something EXACTLY like this?
c:\windows\system32\userinit.exe, (THAT COMMA IS NOT A TYPO)

Yes: Good! Go to Fixing Shell below.

No, I get an error message that says cat_vk: No such value <Userinit>: This means that the Userinit key has been fully deleted from the registry. We can remake it by typing:

nv 1 Userinit (that's the number one, not a lowercase ell or a capital eye) and pushing Enter/Return.

After that, continue these directions.

No, something different appears: Continue these directions.

  1. Type ed Userinit then push Enter/Return.
  2. Type c:\windows\system32\userinit.exe, then push Enter/Return. (THAT COMMA IS NOT A TYPO)
  3. Type cat Userinit then push Enter/Return.
Look near the bottom part of your screen. (about the third line up) That last command should have popped up something. Do you see a line that says something EXACTLY like this?
c:\windows\system32\userinit.exe, (THAT COMMA IS NOT A TYPO)

Yes: Great! Continue these directions.

No: Go back and retype it using the two steps above.

Fixing shell/Shell

Type dv shell then push Enter/Return.

Don't worry if you get an error message that says "del_value: value shell not found!". That's a good thing! :-)

Now, type cat Shell then push Enter/Return.

Look near the bottom part of your screen. (about the third line up) That last command should have popped up something. Do you see a line that says something EXACTLY like this?
Explorer.exe

Yes: Good! Go to Quick Tests below.

No, I get an error message that says cat_vk: No such value <Shell>: This means that the Userinit key has been fully deleted from the registry. We can remake it by typing:

nv 1 Shell (that's the number one, not a lowercase ell or a capital eye) and pushing Enter/Return.

After that, continue these directions.

No, something different appears: Continue these directions.

  1. Type ed Shell then push Enter/Return.
  2. Type Explorer.exe then push Enter/Return.
  3. Type cat Shell then push Enter/Return.
Look near the bottom part of your screen. (about the third line up) That last command should have popped up something. Do you see a line that says something EXACTLY like this?
Explorer.exe

Yes: Great! Continue these directions.

No: Go back and retype it using the two steps above.

Quick Tests

Now, we're going to do some quick tests to see if you have another infection that could start the loop or prevent you from accessing your normal desktop:

  1. Type cd .. (cd, space, then two periods) then push Enter/Return.
  2. Type cd Image File Execution Options then push Enter/Return.
  3. Type cd userinit.exe then push Enter/Return.
  4. [Skip this step if you get the message "Key userinit.exe not found!"] Type delallv then push Enter/Return.
  5. [Skip this step if you get the message "Key userinit.exe not found!"] Type cd .. (cd, space, then two periods) then push Enter/Return.
  6. Type cd explorer.exe then push Enter/Return.
  7. [Skip this step if you get the message "Key explorer.exe not found!"] Type delallv then push Enter/Return.
  8. [Skip this step if you get the message "Key explorer.exe not found!"] Type cd .. (cd, space, then two periods) then push Enter/Return.
  9. Type cd iexplore.exe then push Enter/Return.
  10. [Skip this step if you get the message "Key iexplore.exe not found!"] Type delallv then push Enter/Return.
  11. [Skip this step if you get the message "Key iexplore.exe not found!"] Type cd .. (cd, space, then two periods) then push Enter/Return.
  12. Type cd logonui.exe then push Enter/Return.
  13. [Skip this step if you get the message "Key logonui.exe not found!"] Type delallv then push Enter.
  14. [Skip this step if you get the message "Key logonui.exe not found!"] Type cd .. (cd, space, then two periods) then push Enter/Return.
  15. Type cd logoff.exe then push Enter/Return.
  16. [Skip this step if you get the message "Key logoff.exe not found!"] Type delallv then push Enter/Return.
  17. [Skip this step if you get the message "Key logoff.exe not found!"] Type cd .. (cd, space, then two periods) then push Enter/Return.
  18. Type cd winlogon.exe then push Enter/Return.
  19. [Skip this step if you get the message "Key winlogon.exe not found!"] Type delallv then push Enter/Return.
  20. [Skip this step if you get the message "Key winlogon.exe not found!"] Type cd .. (cd, space, then two periods) then push Enter/Return.
  21. Push q then Enter/Return to exit the registry editor.
  22. Wait about 1 second.
  23. Push q then Enter/Return to quit the program.
  24. Wait about 1 second.
  25. Push y then Enter/Return to save the registry changes you made. If you did not make changes, skip this step as the option won't appear. (ignore any errors that appear)
  26. Wait about 1 second.
  27. Push n then Enter/Return at the "new run" prompt. (ignore any errors that appear)
  28. Wait about 3 seconds.
  29. Take the Offline Registry Editor CD/DVD out and close the CD/DVD tray.
  30. Hold down the power button on your machine for about 5 seconds to power it off.
  31. Turn on your computer, and try going into Safe Mode.
So, NOW are you able to log in?

Yes!: Please go on to the next page! :-)

Still No!: Please contact me. (see the first page)

Was this step extra helpful? Please it!
I've spent a great deal of time and effort on this FREE guide and programs. If you wish to give your thanks, (and your income allows) please consider pushing this button to via PayPal! I also accept checks/money orders if you email me. Thank You! :-D