• Welcome to Overclockers Forums! Join us to reply in threads, receive reduced ads, and to customize your site experience!

Windows Logon Error

Overclockers is supported by our readers. When you click a link to make a purchase, we may earn a commission. Learn More.
BaconTheory

BaconTheory

Member
Joined
Feb 23, 2005
Location
Coming to bunker your *** with my E-Bladed Cocker
Today my dad came to me and told me about this problem that he was having with his computer. When he starts up Windows XP and attempts to log on to his user, he gets a strange error that reads:

ERROR 16-bit MS-DOS Subsystem
C:\WINDOWS\system32\userint.exe
The NTVDM CPU has encountered and illegal instruction.
CS:053d IP:0465 OP:63 63 65 65 64

It gives me the option of either Terminating of ignoring, but if I choose ignore, then the dialog box keeps reappearing. If I choose Terminate, then the system freezes up. The good people at Dell Tech Support wanted my dad to reformat, but before he did, they wanted him to try using the Repair command from the Windows XP install disc. Well it worked, sort of. Now it asks him for an administrator password, but he can press just press enter and bypass it. However, if he bypasses it, then the logon process stops and he gets an MS-DOS prompt with only C:\WINDOWS on it. He has some files that he would like to save, and he only wants a reformat as a last resort. I'm thinking about just opening up his computer and removing his hard rive and hooking it up to my computer to recover the files, but that would be extremely time consuming. My next step would probably be to load up a copy of Knoppix and possibly revocer the files to my USB thumb drive, but I've never used Knoppix in a Windows rescue operation before.

Here are the specs (to the best of my knowledge) from my dad's PC:

Dell Dimension 4600
Dell Generic Mainboard
512MB of Micron DDR400
Hitachi Desksar 120GB HDD

Any help with this problem would be greatly appreciated as my dad does some important financial work for some non-profit organizations and also does work for his job at a hospital. Thanks in advance.
 
Ok so now he's getting into the recovery console, which is basically where dell tech support wanted you to be... Theres a few things which may be worthwhile to run here that they were looking for:

chkdsk /r
fixmbr
fixboot

Take note that he could have an infection though, and dell was misdiagnosing him with a hard drive problem... This depends on whether or not you have a typo in your thread starting post. Userint.exe is a virus which would be trying to load and giving you that message, userinit.exe is a windows system file used in the boot process which may be corrupt and need repaired.

If you aren't sure, you should first do a virus cleaning, as running the recovery console commands on an infected drive can be problematic.
 
Last edited:
I would assume that the networking drivers and services have been loaded, since you got to a prompt when you terminated the process. It may be possible to mount a fileshare to copy the files that you want to save to. Type "net /?" for information on the console networking commands...and ipconfig to see if your network service has started.

I don't know if Windows can mount a USB drive when in console mode. But Knoppix should allow you to recover the files just fine. (You may have to mount the filesystem by hand; I have had to do so when doing Windows recovery, but it should be mostly automatic.)

The real question is, why is the logon module (which should be pure 32-bit native Win32 code) trying to execute 16-bit MS-DOS code? That's what the "NTVDM" is, the NT Virtual DOS Machine.
 
are you sure it's userint.exe and not userinit.exe that is the error? userinit.exe is a legit file, userint.exe is not and I believe it is one of the files for the SDBot worm.
 
Captain Newbie said:
I would assume that the networking drivers and services have been loaded, since you got to a prompt when you terminated the process. It may be possible to mount a fileshare to copy the files that you want to save to. Type "net /?" for information on the console networking commands...and ipconfig to see if your network service has started.

I don't know if Windows can mount a USB drive when in console mode. But Knoppix should allow you to recover the files just fine. (You may have to mount the filesystem by hand; I have had to do so when doing Windows recovery, but it should be mostly automatic.)

The real question is, why is the logon module (which should be pure 32-bit native Win32 code) trying to execute 16-bit MS-DOS code? That's what the "NTVDM" is, the NT Virtual DOS Machine.
Click to expand...

He's in recovery console, there is no network support loaded, and the available local commands are very limited. Unfortunately, none of the above would work.

The code error is related to the infection he has which is trying to launch after login (its a virus, its not surprising its causing errors of some sort)... if he cannot access through an alternate username, such as the admin account, then he's going to need to resort to using a live CD of some sort. If he's lucky, perhaps the problem only affects one user account (associated to one user profile which could be deleted from a second admin account). He should try to login under another account on the PC, preferably one with admin rights.

For LiveCD's, popular choices are Knoppix or BartPE. I prefer BartPE... Make sure the network drivers you need are loaded on the disc, then you can just map a drive to another system on the network and transfer off what you need. You can find some information about it here, at the website of "GetDataBack for NTFS" which I have used with success in the past. You will want to use the plugin on that page with BartPE to recover all his files. Nothing will be lost, so you can tell him not to worry about that.

Worst case scenario, create a BartPE disc with GetDataBack for NTFS plugin installed and recover his data, then reinstall. Any questions, just ask.

I would probably go the above route... Alternatively, you could create a dos bootable disc and run a virus scanning app in DOS from disc, which would hopefully remove the virus and alleviate the problem without needing to reinstall. Long shot, and it'd probably be quickest to backup from BartPE and reinstall rather than waste time chasing shadows.
 
Last edited:
You must log in or register to reply here.

Similar threads

Voodoo Rufus
Win10 - cannot reset logon PIN
Replies
6
Views
579
Voodoo Rufus
Voodoo Rufus
TickleMyElmo
How do I create a non-administrator account in Win. 11?
Replies
2
Views
527
TickleMyElmo
TickleMyElmo
fabulouscoops
Windows update thinks my computer is not Win 11 ready, but it is.
Replies
3
Views
572
fabulouscoops
fabulouscoops
BugFreak
Error 5303 when accessing Office apps
Replies
0
Views
578
BugFreak
BugFreak
c627627
What is the LONGEST you can disable downloading Windows 10/11 updates and how?
Replies
12
Views
697
Janus67
Janus67
Back