Issue: Windows Logs on and Logs off immediately
You may not be able to log on to system using either Normal Mode or Safe Mode. Try logging into safe mode with command prompt if safe mode does not work. This occurs only when Winlogon service tries to load the Windows default shell (explorer.exe) and user shell (userinit.exe) from registry. This service searches for Explorer.exe and Userinit.exe in the following path of registry:
HKLM\Software\Microsoft\Windows NT\Current Version\Winlogon
Troubleshooting Steps to Fix Log on and Log off immediately issue
Method 1:
Navigate to the following registry key and changes the value of Shell and Userinit as mentioned below.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
Shell = explorer.exe
Userinit=X:windowssystem32userinit.exe
NOTE: These files may also be deleted by spywares. You may need to extract them using Windows CD or from another computer.
Steps for rectifying this Log on and Log off immediately problem:
- Type computer name (infected computer)
- Navigate to the following location in registry of destination or infected computer.
Edit these two values in the right pane as mentioned.
Shell=explorer.exe
Userinit = x:\windows\system32\userinit.exe
6. Exit from Registry
7. Restart Infected computer.
8. You should be able to log on to computer and it won’t do log off immediately.
If you don’t have any other computer try the following step.
Try to boot the computer in safe mode with command prompt by pressing F8 during startup and selecting safe mode with command prompt.If it can be boot to safe mode with command prompt.
Open Registry Editor and Change the value of the following two entries in Registry key.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
Shell=explorer.exe
Userinit = x:\windows\system32\userinit.exe
Windows Log on and Log off immediately |
If there is a key named “OldUserinit”, delete the “Userinit” key and rename the “OldUserinit” key to “Userinit”.
Method 2:
For Windows XP – Infected with Wsaupdater.exe virus
Wsaupdater.exe is spyware that changes Userinit.exe, to Wsaupdater.exe in the registry and that’s why windows logs off immediately after logging in. When you scan the computer with Ad-Aware by Lavasost it removes the Wsaupdater.exe file from the computer, but it cannot change the registry subkey back to Userinit.exe,. The registry subkey that is changed is
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Value: Userinit
Data: C:\Windows\System32\Wsaupdater.exe
Change the data value to C:\Windows\System32\Userinit.exe,.
Note- The comma following the file path information is required.
Use the Recovery Console to copy Userinit.exe to Wsaupdater.exe to allow logon capability to be restored and to let you manually correct the registry data. To do this, follow these steps:
- At the Recovery Console command prompt, type cd system32, and then press ENTER.
- Type copy userinit.exe wsaupdater.exe, and then press ENTER.
- Type exit, and then press ENTER.
Modify the registry
Open Registry Editor and go to the following key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
In the right pane, right-click userinit, and then click Modify.
Replace wsaupdater.exe with userinit.exe, (make sure to include the comma, as shown), and then click OK.
Restart your computer.
Delete the Wsaupdater.exe file.
Method 3:
IF YOU CANNOT GET THE COPY USERINIT.EXE WSAUPDATER.EXE TO WORK
1) Use the XP Install disk and go into the Recovery Console to open Command prompt from repair your computer option that comes when pressing F8 during startup in windows Vista and above.
2) “We need to replace the software hive with a previous good backup temporarily to stop logging off immediately .”
a.) type cd system32\config enter
b.) type ren software software.old enter
This renames the current software hive to software.old
c.) type copy C:\windows\repair\software enter
It should say “1 file(s) copied”
d.) Type exit to quit Recovery Console and restart.
3) Hit F8 before Windows starts to enter Safe Mode – You should hopefully be able to log in now
4) Now we need to Fix the registry
a.) Start–>Run–> type regedit, enter
b.) Select or highlight “HKEY_LOCAL_MACHINE”
c.) Click File–>Load Hive
d.) Find where you saved the software.old file (C:\windows\system32\config\software.old)
e.) Just name it test
f.) Navigate to “test\software\microsoft\windows nt\currentversion\winlogon”
g.) Look for the Userinit field
h.) it may have blank or no value data.
– Double click on the key and type C:\windows\system32\userinit.exe,
Note: if anything differs repeat step 5 with HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
5) Restart and log back into Recovery Console
7) Restore the original hive now
a.) type cd system32\config enter
b.) type del software enter
c.) type ren software.old software enter
d.) type exit enter
8) Log back into Windows normally. This will work for sure!. You computer will not log off immediately now.
Method 4:
If the Userinit value is correct and all the above steps does not help and you are still logged off immediately after log in then it could be an issue with the user profile or registry associated with user profile too.Use the following steps to fix this issue.
- Restart the computer and login as a Local Admin or another domain user.
- Rename the profile of the user who has problem logging in : C:\Users\%username%
- Delete the profile key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ProfileList\S-X-X-XX
(S-X-X-XX is the format of profile identifier or the security identifier of a user so Look through each Profile key under this reg key and view the ProfileImagePath value to find which key is related to which user).
Windows Logs on and Logs off immediately |
4. Delete the profile key of the user who has problem logging in.
Logout and login as the original user who has login issue and it will create a new profile for him. If you do not delete the registry key it will continually give a temporary profile to that user infinitely or until you rename their C:\Users\%username% folder back.
Try logging in again and it should work fine.
if you have another account that works or by other means: login to other account and grant problem account admin rights. worked for me
This fixed my issue. I found an extra entry in the UserInit key. It had "skipmetrosuite" in there. I believe that was left over from Win8 and that ridiculous metro screen. I had some software installed that bypassed the Metro UI and went right to the desktop.
Ever since I had upgraded to Win10, the user account couldn't log in unless it was in the Administrators group. Not anymore. I removed that bit about skipmetrosuite and now I can do things as expected.
Thanks.
On Method 4
How,what and to what i need to rename?
i need to rename
On Method 4
How and what i need to rename?
Thaks a lot for the article. In my case there was an extra path in the userinit key added by HP Protect Suite. No other article found on the net helped me. Thank you.
On Method 4 you need to rename the user profile, that is facing the problem.If your username is "Bob" then rename it to something like "Bob-old". You will need to login with another account or guest account if enabled.At the time of renaming authenticate with the admin password.
You have to rename the folder at C:Users[your name here] to C:Users[your name here_old]. You will have to log into another admin account on the computer from a fresh boot to do this, or it won't let you because your profile is currently in use. If you don't know the built-in Administrator account password, there are boot disks like Knoppix you can download an .iso file of and then burn a CD using that file with a burner program that would've come with your CD-R(W) drive/your computer (or can search for and download/install one), then reboot and boot to that CD (NOTE: Don't just burn the .iso file to CD – you have to use a program to extract the .iso contents and burn those). Once in, you'd reset that password, reboot, then log in as Administrator, then rename the folder, go to the registry to delete that registry key, then reboot again and log in with your old account. If that account is not an admin, you'll have to go back in as Administrator to move files like your Favorites, Desktop, Documents over to the new folder that got created. You should only copy the most essential things, as it's a sign of corrupt profile settings/files that cause this to happen in the first place.
[…] Windows Logs on and Logs off immediately – Hawkdive […]