I did a cursory look at the forum and didn't see this problem. I installed v1.5.2 and did the requested reboot. Now I can't log in to my system. I click on my username and type in my password, and the system logs me in and then immediately logs me out. This happens repeatedly. I have tried virtually all boot modes under the f8 menu: safe mode, debugging mode, everything. (OS is XP Pro, and I think it is completely updated--it updates automatically). The behavior is always the same for either my regular account or the admin account. It logs in and immediately logs out. Any suggestions? I REALLY don't want to reinstall the OS.

I'm assuming you are typing from another user's computer.

Are you sure you downloaded from this site?:
http://www.safer-networking.org/en/mirrors/index.html

Did you have any other versions of Spybot-SD on your computer prior to installing? Any running programs? Any programs that may have conflict, an AV (anti-virus)? Do you by any change have Trend Micro's products?

I'm was thinking about a System RESTORE, until you said you couldn't boot :sad:.

I am having the exact same problem as "round midnight". I updated Spybot to 1.5.2 last night from an old version icon on my desktop. What am I supposed to do to correct the problem? I am a computer user not installer or tech person so my knowledge is very limited. I thought I was doing a good thing yesterday by updating my virus scans - wrong!!!

I am having the exact same problem as "round midnight". I updated Spybot to 1.5.2 last night from an old version icon on my desktop. What am I supposed to do to correct the problem? I am a computer user not installer or tech person so my knowledge is very limited. I thought I was doing a good thing yesterday by updating my virus scans - wrong!!!

I don't see how updated your AV database can result in this. What is your AV (anti-virus)? How about your OS?

You said "old version icon". What is devil is that? An update software? Were there any previous versions of Spybot on your computer prior to upgrading. If so, did you uninstall it first?

round_midnight:

Have you attempted any corrective action such as doing a System Restore to a Restore Point immediately prior to the failure (installation of Spybot)? If not I suggest that you attempt that.

I'm having the same problem on my home PC and work laptop, both running XP. The unit boots up fine, after I log in it will come up with saving settings and logs me back out. I did save a restore point with spybot search & destroy
How can I get get it to run without being able to log in?
I tried booting up everyway possible, no luck.
Please help!!

SimonSays:


... I tried booting up everyway possible, no luck. ...
Booting into Safe Mode, did you try?
Last Known Good Configuration (only can be tried once).
Safe Mode with Command Prompt.
If you able to get the Command Prompt, type:
%systemroot%\system32\restore\rstrui.exe

I believe spybot is clearing a registry entry that is needed by Windows. Try this from another computer on your network, or by using Ultimate Boot CD 4 Windows to edit the registry:

To fix this remotely, open Regedit.exe on your computer, select File>Connect Network Registry
Enter the name of the computer to fix and then browse to the location specified in the reg file: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

Change the key “UserInit” to this value:
C:\WINDOWS\system32\userinit.exe,
You must include the , at the end of the string.

This should resolve the issue.

I believe spybot is clearing a registry entry that is needed by Windows. Try this from another computer on your network, or by using Ultimate Boot CD 4 Windows to edit the registry:

To fix this remotely, open Regedit.exe on your computer, select File>Connect Network Registry
Enter the name of the computer to fix and then browse to the location specified in the reg file: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

Change the key “UserInit” to this value:
C:\WINDOWS\system32\userinit.exe,
You must include the , at the end of the string.

This should resolve the issue.


I think your right, is there any other way to edit the registry?

Thanks for your Help.
Simon

I've had this happen on 6 computers so far, but I have them on the network so I can remove registry edit though them.

Here are some other tools that have offline registry edits:

http://home.eunet.no/~pnordahl/ntpasswd/
http://windowsxp.mvps.org/peboot.htm
http://ubcd4win.com/index.htm

I've had this happen on 6 computers so far, but I have them on the network so I can remove registry edit though them.

Here are some other tools that have offline registry edits:

http://home.eunet.no/~pnordahl/ntpasswd/
http://windowsxp.mvps.org/peboot.htm
http://ubcd4win.com/index.htm

I was able to create a BartPE disk, works great but the fix is not working, I changed the registry and rebooted, still logs in then logs out...

simon

I also have the same problem. I try to log in, it starts to, my background loads, but then it immediately logs me out and I'm back at the welcome screen. I'm using XP home.

I tried to boot from the XP disc and use the recovery console to copy userinit.exe but it didn't help.

I also can't use safe mode at all.

I don't know what could be causing it, I just used the same spybot I've used for years, updated it and ran it. It found a couple infections but I can't remember what there were.


Is there anything else I could try?

I've got the same logging in/logging off problem as everyone else after running Spybot on Wednesday.

Has anyone found a solution for a non-networked computer?

I have had this on many computers so far and have successfully repaired it! Follow the instructions here to build a Bart PE CD:
http://thinkinginpixels.com/quick-fixes/fix-windows-xp-log-onlog-off-loop

I noticed that you must use a non-OEM Windows XP CD to build the Bart PE CD.

Thank you for your suggestion. I'll work on creating the Bart CD. I'm thankful we have a laptop as I don't know what we would have done with no working computer.

After all this, should we stop using Spybot? Will whatever happened be fixed? Is somebody at Spybot looking into this or should I report it in another place?

I've had this happen on 6 computers so far, but I have them on the network so I can remove registry edit though them.

Here are some other tools that have offline registry edits:

http://home.eunet.no/~pnordahl/ntpasswd/
http://windowsxp.mvps.org/peboot.htm
http://ubcd4win.com/index.htm

I can install Spybot v1.5.2 and boot up ok but, I tried to uninstall Spybot and i get an error msg: "c:\program files\spybot-search and destroy\unins000.msg" missing. Re-install or download new file.
How is that done? I'm not a guru so could sure use some help if someone out there has had any experience with this!
Thanks, Arnie

I can install Spybot v1.5.2 and boot up ok but, I tried to uninstall Spybot and i get an error msg: "c:\program files\spybot-search and destroy\unins000.msg" missing. Re-install or download new file.
How is that done? I'm not a guru so could sure use some help if someone out there has had any experience with this!
Thanks, Arnie

Try re-installing Spybot again and then uninstalling it. This problem is relatively rare though I have no idea what causes it.

If you still can't uninstall it then try this FAQ (http://www.spybot.info/en/howto/uninstall.html).

clarkabc,

You might try deactivating SpybotSD's IE Browser helper (Tools>Resident then untick Resident SD Helper) then reboot and try the uninstall again. If that doesn't work, then I would also recommend the approach suggested by Terminator.

Try re-installing Spybot again and then uninstalling it. This problem is relatively rare though I have no idea what causes it.

If you still can't uninstall it then try this FAQ (http://www.spybot.info/en/howto/uninstall.html).

Aha! I remember this culprit. Tom and I solved it :P.

Well it actually depends on the version of the current Spybot that this error message is occurring. If this is 1.4, then you'll have to retrieve the executable for 1.4 and install it over the current version. As far as I know the user won't be able to uninstall of the message appears.

After that... UNDO the immunization and disable SDHELPER and TEATIMER. I'm not sure if the "small fix" will be required, unless the user is facing problems installing 1.5.2.20.

For those in this thread who are experiencing the logon/logoff loop problem, I suggest you do a Repair install, run Spybot and see what it finds. Don't remove it with Spybot, just make a note of what it is along with the registry info. that can be gotten by expanding the problem name (click the + sign). There are other ways to remove the problem(s), albeit it takes longer. I'm curious as to what types of "baddies" it finds....I had the same problem and ended up doing a destructive reinstall today, but just for curiousity sake, post what problems Spybot found, I'm wondering if you have the same issues I did.

I was able to create a BartPE disk, works great but the fix is not working, I changed the registry and rebooted, still logs in then logs out...

simon

Had the same problem...made a BartPE disk, and at first I didn't think it was working either....because I was still being emediately logged out. However, the problem is that I was trying to enter the original PW to logon. This isn't necessary after you use the BartPE disk. The PW is no longer there. So you need make sure when you go back to login to your computer that you DONT enter a password after running BartPE...just hit enter and you should be able to log right on to your computer!

Making the BartPE turned out to be the most frustrating part of this whole nightmare process, but I'm just thankful I was able to get back into my computer without having to completely reinstall everything and wipe my computer!

I downloaded the latest update last night, and today I am in the login/logout loop! My machine is a Dell. I came to work and asked our IT guy about it and he said 2 other people at work had had the exact same problem after running Spybot over the weekend!

I really think you should be devoting time to figuring out what your last update is doing to people's PCs... PRONTO!

I'm running Spybot 1.6 RC1 and I'm not experiancing any problems.

Are you running XP? Are you running a non-OEM version (i.e. Dell, Emachine, etc)? All our problems are on these systems.

same issues on my desktop. I believe that one is running an older version of spybot but i cannot get in to see which one it is

I ran the upgates on both desktop and laptop yesterday 6/29. Laptop which has a more current version is ok, desktop is stuck in a login/log off loop

both are running XP
Laptops a toshiba/desktops a HP

I'm running a HP computer with Vista Home Premium SP1.

For what it's worth, I am not experiencing any problems regarding those updates...and, like someone else on this thread said, the developers need to get right on this and find out what happened to all these PC's. I am rather nervous about this software right now, truth to tell.

I have 2 computers. One is an HP Desktop with Windows XP Media Center Edition. I'm using AVG 7.5 with that. I disabled AVG before running Spybot's installation. I do not have the IE helper or the teatimer turned on, only the immunizer. Spybot is not finding any problems on this machine, although I presently have a case presented to Castlecops re a suspicious file which I have since deleted, but that's not relevant. No behavior problems on this computer. Scans by BitDefender, ESET, and AVG say the computer is clean. In my inexpert opinion, I cannot see anything untoward in the HiJackthis logs.

The other is a Lenovo laptop running Windows XP Pro. I am not using any of the resident features. Spybot scans do not identify any problems. I am also using AVG 7.5 and have consulted Castlecops because this laptop is networked to the PC and I may have opened the file on it as well. I can't see an obvious problem on the Hijackthis log here either.

Neither system is displaying any aberrant behavior. Ewido scans on both cleared out 150 tracking cookies missed by Spybot.

I downloaded the update from the Canadian mirror.

Maybe this helps, maybe not...But I would want to know what the problem computers all have in common and the setups of machines that have not had any problems.

Good luck to all, hope you solve it soon!

P.S. OS's on both computers are SP2. Spybot version 1.5.2 on both as well. I use Firefox on the desktop and Opera on the laptop.

Just for the record, I am running a Windows XP Pro on a Dell Inspiron 5150 computer. Today I used my Spybot (version 1.3) to download the latest malware definitions. I started the program and after a short time I noticed the “HELLZLITTLESPY” definition as one of the being found. I was not familiar with this spyware and before I did anything else I did a Google search and luckily found this web forum. When I went back and looked I discovered that this supposed malware was actually defining a part of the registry. So I was glad that I did not remove it.

I also noticed that one of the posts suggested that the problem might be that I was using the 1.3 version with the newer definitions causing the disastrous false positive. I was going to download the newest 1.5.2 version,as suggested when I noticed the other posts indicating that this very act seeming also produced the same boot up problem.

So at this time I am not going to do anything until this situation is cleared up. But I do appreciate this forums existence and will be following it for further information.

Best Regards,
Bill

Since there were so many boot problems, I was thinking if some users had attempted md usa spybot fan's instruction:
--
http://forums.spybot.info/showpost.php?p=206613&postcount=5
http://forums.spybot.info/showpost.php?p=206836&postcount=7
--

Bill, if upgrading results in the boot loop, attempt to do a restore point in SAFE MODE.

Just for the record, I am running a Windows XP Pro on a Dell Inspiron 5150 computer. Today I used my Spybot (version 1.3) to download the latest malware definitions. I started the program and after a short time I noticed the “HELLZLITTLESPY” definition as one of the being found. I was not familiar with this spyware and before I did anything else I did a Google search and luckily found this web forum. When I went back and looked I discovered that this supposed malware was actually defining a part of the registry. So I was glad that I did not remove it.

I also noticed that one of the posts suggested that the problem might be that I was using the 1.3 version with the newer definitions causing the disastrous false positive. I was going to download the newest 1.5.2 version,as suggested when I noticed the other posts indicating that this very act seeming also produced the same boot up problem.

So at this time I am not going to do anything until this situation is cleared up. But I do appreciate this forums existence and will be following it for further information.

Best Regards,
Bill

I think it's always a good idea to confirm that anything any security program flags as 'malware' truly *is* malware. Any security program can come up with a false positive, and sometimes those can be devastating. I used to use ZoneAlarm Internet Security Suite and it was constantly trying to nuke my graphics card software!

I learned to appreciate virustotal.com and just recently discovered http://virusscan.jotti.org/ for getting a second opinion on individual files . When I want a second opinion with a full system scan, I use Bitdefender online for a full scan (set it to 'report only' first!) and I recently tried ESET for the first time a few days ago. Disable your resident antivirus before running these scanners. ESET provides the option to automatically clean. I did not let it do so. When I ran ESET, if it had found a problem, I would have made a note of it, researched it, and then decided if I wanted to redo the scan and let ESET clean it. Ewido is a good free online scanner as well. You can check there first to see if your resident AV is compatible before you run the scanner. It gives you the option of deciding what to do with any malware it finds as well. I used Panda a few years ago and it was good and thorough, as was Housecall. However, both these require constant back and forth between their server and your PC throughout the scan, and that takes too much bandwidth for that to be workable with my internet connection.

P.S. I'm not an expert, I'm just a person who used to own a Windows 98SE computer that required a LOT of pampering and 'fixing' to keep it running, and being in a rural area, I had to learn to do a lot by myself and ask a lot of questions at forums and e-mail lists because I simply had no other option. I now own a wonderfully stable XP Media Center Edition machine and it is very important to me that it STAY that way. :) The laptop is a little over a week old and running beautifully, as only a new computer can, and I also want to keep it that way.

SimonSays:


Booting into Safe Mode, did you try?
Last Known Good Configuration (only can be tried once).
Safe Mode with Command Prompt.
If you able to get the Command Prompt, type:
%systemroot%\system32\restore\rstrui.exe


I updated spybot on Friday 27 Jun and did not not start the laptop until this morning and i have the exact problem. As soon as i log on XP logs me off i tried the safe modeoptions with no luck........Never had this problem before this update....

I have had this on many computers so far and have successfully repaired it! Follow the instructions here to build a Bart PE CD:
http://thinkinginpixels.com/quick-fixes/fix-windows-xp-log-onlog-off-loop

I noticed that you must use a non-OEM Windows XP CD to build the Bart PE CD.

THANK YOU! This worked perfectly on my Dell, I'm really glad I didn't have to reinstall.

So was it determined that the log on/off loop was caused by the removal of HellzLittleSpy? Because my spybot did in fact detect it right after I ran the update. I removed it and that's when I started having problems, I'm kinda curious on how it got on my system or how long it's been there.

I just ran another scan and it detected it again, does anyone have an idea on how to safely remove it?

This isn't the only forum discussing this. Here's one:

http://forums.majorgeeks.com/showthread.php?p=11765

I can confirm that this issue occurs with the dated Spybot S&D 1.3 and current signature updates on Windows 2000 or newer. The general option to avoid this issue is to use the current Spybot S&D 1.5.2 with the signature updates made for it.

So anyone still using a Spybot S&D 1.3 should upgrade , for instance activate the mainupdate within the internal updater.

If the issue already occured you can use the methods Malloc described (http://forums.spybot.info/showpost.php?p=206853&postcount=10) to restore login. The first and easiest way Malloc names is to edit the registry with a remote computer through the network. Also see page 1 (http://forums.spybot.info/showthread.php?t=30030) of this thread.


At least 2 users appear to have this issue with Spybot S&D 1.5.2 which should not be possible. In these cases please send your latest fixes logs (located in c:\documents and settings\all users\appdata\spybot - search & destroy\logs\ ) and an export of the registry key

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

to detections@spybot.info with a reference to this thread

Your problem is not spybot, It never was. Your problem is two things, CoolWWWsearch.hjg and HellzLittleSpy. Once you remove HellzLittleSpy you won't be able to get back on your desktop, ever! I've been trying in vain to find a solution to get those two out without having problems. I still can't. I downloaded CWS shredder and it got rid of coolwwwsearch.hjg but without finding a way to get rid of HellzLittleSpy as well, it just comes right back. And like I said, if you let ANY VERSION of spybot, spyroot spywhatever delete it, you arent coming back to your desktop! This is so incredibly AGGRAVATING!! I can't believe after all this time there's STILL no solution. I'm sorry if I sounded nasty in all this, I honest to god didnt mean to and I apologize to you all. I'm just so exhausted with this thing. I cant get rid of it!!! job1866@aol.com

I still can't log in! Last night I created the BartPE, edited the registry back to what it should be, and I'm still looping. My company's IT department has had my machine all morning with no success!

This is NOT a MINOR inconvenience Spybot people. Your program has destroyed (at least so far) many PCs and wasted substantial time for probably 1000's of people. Remember, most people can't get here to complain... because their PC doesn't work!

I talked to a Geek Squad buddy of mine who says he has given up trying to fix this and is just reinstalling XP! What are the downsides to doing that?

Im having the same problem right now. I do have a network at home and i have tried accesing the registry but it wont work. i can get to the command prompt using my recovery disk but i dont know where to go from here. can anyone help?

Sorry for the above post but it wouldnt let me edit. I am running xp on a gateway. I ran the scan yesterday and spybot deteceted a couple of items but the only ones i remeber where hellzlittlespy and a better internet auroura. then after i removed those i went on system internals to clean the registry, then i tried restarting the computer and the whole looping nightmare started. I cant access the registry through my network ive tried that, I was going to try the bart thing but im running vista from this computer and am not sure if it will work. I can get to the command prompt by using my recovery cd but all it says is A:\> and i have no idea where to go from there. Can anyone help?

ToastedPC:


I ... edited the registry back to what it should be, and I'm still looping. ...

The normal entry is looks like this from a registry export (Windows XP):


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

Or like this in Registry Editor (regedit.exe):


Userinit REG_SZ C:\WINDOWS\system32\userinit.exe,
Where by columns:
Name = Userinit
Type = REG_SZ
Data = C:\WINDOWS\system32\userinit.exe,
Is that what you edited the entry to?

If so, is there a "userinit.exe" in the path "C:\WINDOWS\system32"?

I was able to remove my hard drive and connect it to my work laptop using an adater, I see it as a storage drive.
I went into the windows/system32 and copied the userinit.exe from my laptop.
Still does the same thing, logs then off. I had it for setup to auto login, no password needed. Could this be causing a problem?
Any ideas guys?

Thanks for your help

I found something on the majorgeeks forum that worked for someone there.

http://forums.majorgeeks.com/showthread.php?t=163170

In case the link doesn't work (and I see the last link I posted to this thread at majorgeeks did not), I'll copy and paste:

"I had the exact same problem this week. Very frustrating. I tried three different utility programs that I could boot from the CD drive. Norton System Works, System Mechanic, and Fix It Utilities 8 Profesional. Fix It Utilities 8 was the only one that solved the problem. Use it to boot from the CD. Run the "Recovery Commander" then restore a "system restore checkpoint"
Everything is fine now. Works good. Cost about $30-$40"

Hope that helps someone.

Sorry for the above post but it wouldnt let me edit. I am running xp on a gateway. I ran the scan yesterday and spybot deteceted a couple of items but the only ones i remeber where hellzlittlespy and a better internet auroura. then after i removed those i went on system internals to clean the registry, then i tried restarting the computer and the whole looping nightmare started. I cant access the registry through my network ive tried that, I was going to try the bart thing but im running vista from this computer and am not sure if it will work. I can get to the command prompt by using my recovery cd but all it says is A:\> and i have no idea where to go from there. Can anyone help?

Not sure what the rules are here about directing people to other forums, but I figure at a time like this, the point is to help people get back into their systems, to heck with the rules, eh?

There is a discussion about this at majorgeeks.com. That discussion is here:

http://forums.majorgeeks.com/showthread.php?t=163170

One of the posters in that discussion mentions this to get to a system restore from a command prompt:'

http://support.microsoft.com/kb/304449

Hope that helps!

How does one do any of this without an XP installation disc? It seems I've seem several solutions but I either need the installation CD or the instructions aren't very clear....Nor can I get in using Safe mode....HELP!!!

From what i gathered that link for system restore with the command promp you still have to get to your actual desktop or something, however i was able to creat this bart cd and to answer the question above me i did it without an xp disk. I went to a freinds house that was running xp and i just had it search for the xp things it needed. I am going from this website http://thinkinginpixels.com/quick-fixes/fix-windows-xp-log-onlog-off-loop/
i cant remeber who posted the link but ill see if it works ill let u guys know.

:laugh: Im so happy right now, I finally got to the desktop and these instruction really worked http://thinkinginpixels.com/quick-fixes/fix-windows-xp-log-onlog-off-loop/ thanks for that website my computer was saved for now.

hello,

here (http://forums.spybot.info/blog.php?b=14)
are some hopefully helpfull descriptions on restoring the login.

After doing several virus scans including some online ones spyware scans as well and alot of research, Ive figured out what started this whole boot prob. After doing the last update with spybot then running spybot, i found it was picking up false positives. I never had HellsLittleSpy, none of us prob did. By Spybot taking out that user init line in the registry (the supposed HellzLittleSpy) it messed up the comp. Some of you will prob have to do windows repairs or even format. It also gave a false reading for a line in the reg having to do with my Nvidia graphics card (aurora, a better internet) and coolwwwsearch. :mad::mad::mad::mad::mad::mad:

hello,

here (http://forums.spybot.info/blog.php?b=14)
are some hopefully helpfull descriptions on restoring the login.

I have tried every one of the suggestions that I could, to no avail. The biggest problems: I cannot create the offline boot cd you recommend because it downloads as a zipped ISO that I can only copy (both to my computer and to a disc) but not extract; the Offline Registry Editor site notes this as a problem but says it can't help and I should go to a manual or friends (also no help). The affected computer (Compaq XP Home) is not on a network and I can't add it to my existing one now! I cannot make a Bart PE disc because I do not have a non OEM XPSP2 disc. My other two computers run XP Pro. I have tried all other suggestions on this list that I could understand; some are just too advanced for me. I cannot be the only one with all of these problems! And I cannot lose everything on the affected computer, which isn't even mine!! Any further suggestions?

Malloc said:

>>I believe spybot is clearing a registry entry that is needed by Windows. Try this from another computer on your network, or by using Ultimate Boot CD 4 Windows to edit the registry:

To fix this remotely, open Regedit.exe on your computer, select File>Connect Network Registry
Enter the name of the computer to fix and then browse to the location specified in the reg file: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

Change the key “UserInit” to this value:
C:\WINDOWS\system32\userinit.exe,
You must include the , at the end of the string.

This should resolve the issue. <<

I've tried several ways to do this, but I cannot get permission to read or write to my uncle's software file / registry. Any ideas?

Currently, I have his hard drive installed as an external on my PC, so that I could back up all his data. I can put it back in his PC but then cannot boot except on the BART disk, and I'm not sure how to edit his registry from BART.

Thanks in advance.

I got a little further, by rebooting my computer (to disconnect uncle's hard drive). Reconnected, am able to open his registry hive HKLM in RegDatXP. Find the bad entry at Microsoft\Windows NT\CurrentVersion\Winlogon

But...

The size of this key is set to 1, and I can't change it to contain the value
C:\WINDOWS\system32\userinit.exe,

ARGH!

Is the 30-day free trial of RegDatXP not allowed to edit? Is there something else corrupted in his HKLM that makes the data type=1 and lenght=1? How can I update the length so I can make the change?

thanks for your ideas...

Is the 30-day free trial of RegDatXP not allowed to edit? Is there something else corrupted in his HKLM that makes the data type=1 and lenght=1? How can I update the length so I can make the change?

thanks for your ideas...

I created that bart cd and fallowed the the instructions in the link i gave above. theres a file that you link to your bart cd and it is burnt on there It automatically changes the registry. When i put it the bart cd in all i had to do is hit go and find the file which was on the cd and click on it and restart my computer. Excluding the creation of the cd the proccess took me under 5 min. Hopefully that will help.

Sorry to post again, but I've edited it!

For those still struggling, things I learned along the way.

First, RegDatXP cannot edit keys to be larger than they are set to be. Since the value of the key “UserInit” was reset to nothing with a length of 1, RegDatXP cannot increase it to contain the correct value:
C:\WINDOWS\system32\userinit.exe,

Second, the Load Hive thingy is *scary*. Seriously, you appear to be loading something into your own Registry on your functional machine! But it doesn't seem to hurt anything on your PC's registry. <deep sigh of relief>

Follow Malloc's instructions, click on HKLM hive, Load Hive (use a really unique name so you'll see it - NOT a name like other hives and keys), go to your newly loaded hive, edit the value of UserInit, and then go back to the top of your new hive (I called mine Ed) and Unload the Hive. It saves the updated hive back where you loaded it from, in my case, on my uncle's hard drive.

I'm putting the drive back into his computer... and... it works!!

Somewhere along the line, both my and Uncle's PCs now skip the login screen, but I'll go into control panel and reinstate that. It's certainly a tiny problem compared to the logon/logoff loop!

Can anyone confirm that 1) this was a Spybot problem, and 2) ... I'm not sure - should I update his Spybot, or just tell him never to run it again??

(My problem with Bart was that I used my husband's Bart CD - we didn't realize that Bart CDs are situation specific, and the links that I visited from this thread didn't give instructions - just told you to create a Bart CD.)

You have toasted (i.e. destroyed) 100's...maybe 1,000's of people's machines. The solutions are complex and take advanced knowledge (like is the Bart CD good on Win 2000 Pro?....it looks like XP only)....it takes an advanced user to create this disk and load the three files. Thanks. Your software is worse than the baddest virus out there....complete destruction...and thanks again!!:spider:

I downloaded the latest update last night, and today I am in the login/logout loop! My machine is a Dell. I came to work and asked our IT guy about it and he said 2 other people at work had had the exact same problem after running Spybot over the weekend!

I really think you should be devoting time to figuring out what your last update is doing to people's PCs... PRONTO!

Toasted mine too....time for a blanket party!

I've had this happen on 6 computers so far, but I have them on the network so I can remove registry edit though them.

Here are some other tools that have offline registry edits:

http://home.eunet.no/~pnordahl/ntpasswd/
http://windowsxp.mvps.org/peboot.htm
http://ubcd4win.com/index.htm

Try that first link...maybe you need a passwordt?

What do you do in win 2000 pro to fix this...thanks...10 hours so far...everything tried...many dvd's wasted...nothing works......computer worked fine before Spybot reg. edit/deletion. Thanks!:snorkle:drowning

The website/server/download does not work...also will this work on win 2000 pro......great software that SpyBot is...........thanks!!

Help!!!!!!!!!!!!!!






2. Method : Offline registry tools and password resetter

Requirements:
This tool requires a 2nd computer to download and create a bootcd, there are no further requirements.

The download can be found here
Download size is about 3 MB, which is quite small and makes this method recomendable

Once the CD is created the userinit affected computer needs to be started with this CD.

After the boot procedure has been completed, the system asks for the boot partition.
Usually the choice would be "1".
In my example it is "2".

Screenshot 1

After that the path to the registry is asked. By default the correct path is already given, so this can be accepted by pressing the enter key.

Screenshot 2

Next choose "2" : RecoveryConsole parameters [software]

Screenshot 3

On the next prompt choose "9" Registry editor

Screenshot 4

The system now enters a bash console like navigation for the Software key of the Registry.
Following commands may be helpful:

Code:
note that Names are case sensitive
ls - will list the current key contents
cd <$keyname> - will open the key given in <$keyname>
cd .. - will go up one layer of the key structure
ed <$valuename> - will open prompt to edit the value specified in <$valuename>So entering:
Code:
cd Microsoft\Windows NT\CurrentVersion\WinlogonWill lead you to the required location.

Screenshot 5

The command ls will list the contents.
Type
Code:
ed UserinitScreenshot 6

Now enter the required Data for the Userinit Value:
Code:
c:\windows\system32\userinit.exe,Screenshot 7

With the following command the Data of the Userinint Value can be confirmed:

Code:
cat UserinitScreenshot 8

If the data is correct you can now enter q to quit the registry editor mode.
Enter q again to exit the Software Hive.
You will now be prompted to save, enter y to save.

Screenshot 9


After that a prompt for a new run appears, enter n for no.
Screenshot 10

Reboot normally and log on to Windows.

Walker, do you own a real Win2000 installation disk?

I'm guessing that all my data is still accessible and intact? I'd like to take my pc to a computer repair place (Geek Squad, etc.) and have them image my hard drive and then I'll just throw my dell in the garbage (courtesy of spybot). My time is worth more than the hours I know I'll need to fix this mess that sypbot apparently created with their malicious product. I'm buying a Mac today and will never use spybot again.

jms1002:


I'm guessing that all my data is still accessible and intact? ...
Everything should be intact except the one registry entry that is causing the problem.

On Windows XP the normal entry is looks like this from a registry export:


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

Or like this in Registry Editor (regedit.exe):


Userinit REG_SZ C:\WINDOWS\system32\userinit.exe,
Where:
Name: Userinit
Type: REG_SZ
Data: C:\WINDOWS\system32\userinit.exe,

This careless and ridiculous if not malicious damage by the Spybot people: Safer Networking, ranks their program with the worst Malware. I've 'phoned all my family and friends and told them to get Spybot off their computers immediately and to pass the word on to everyone they know. It's the least I can do. For them.
I'm programming a new PC from scratch (it's taken weeks) and fortunately I've been creating backup images of the drive with Acronis.9 at regular intervals. I was nearly finished and put it online last night to update Nod32, Adaware & Spybot and then ran them all in that order. Then I spent hours trying to fix it after using Spybot. I gave up and deployed my last image losing another few hours of recent programming. But because of that I'm one of the lucky ones. I won't have time to get back to my project till Sunday and then only enough time to re-do the work I did last night. *%$#@#$$%
I was hoping to be tuning my firewall and taking it for a test run on the digital superhighways by then.
Spybot's name is mud at the moment. Who will be game to use it again?:eek: Would you? Who've been screwed? You really, really messed up BIG time. *I* suspect someone with a vengeance/grievance :devil: at Safer Networking has added a malicious bit of code to the update files(?). What will it be next time?
"format c:" ?
Bye Bye.

PS
you cannot even supply/check proper information for fixing this:
http://forums.spybot.info/blog.php?b=14

"The required default value and data:
Code:
for Windows XP
Userinit=c:\windows\system32\userinit.exe,

for Windows 2000
Userinit=c:\windowsnt\system32\userinit.exe, " <- win 2000 would be .......c:\WINNT\system32\userinit.exe,

Tut tut.
Please check the information you are providing to your users to end the suffering you have sent them.:police:

I've seen posts by your 'Team Members' (kid brother/sister?):cowboy: advising to try booting safe mode. Duh? These poor people are locked out. No doors and the 'Windows' are bolted from the inside. I'm guessing you 'Safer Networking' people use Linux when you're at home? So you would know grief as much as windows users. I see one or two forlorn victims crying 'Mac for me' after this fiasco. Another pretty desert island but with very little 'cargo'. Only good thing about Winblows is heaps of garbage washes up and occasionally you find something good. Spybot was a find :) but now, as I said, it's got covered in mud :sad:.

I suggest you remove all update files from your servers and replace them with a text file only containing a warning, an apology and promises that whatever bums are actually on seats at 'Safer Networking' are really working to make the program 'Safer...'. Right Now.

I got bitten but I half blame myself. I unchecked a couple entries Spybot had marked for deletion which were obviously programs I had recently installed. I hesitated about 'userinit.exe' but, trusting the program and being a little tired and bleary eyed, I pushed the button.
Damn damn damn damn damn damn damn damn damn damn damn damn damn.

First of all CALM DOWN I appreciate this is an extremely stressful time but accidents can and do happen and sometimes the source of the problem isn't the obvious one.

Secondly The problems you are experiancing only happen if you are using an old version of spybot or you remove the Hellzlittlespy entry. Spybot 1.6 will be out on the 7th and hopefully this problem will be sorted by the new release, Also be careful what you say as some of what you have said could be considered slander:nono:.

To quote PepiMK



We kept the updates available for 1.3 users simply for those who were forced to keep using it e.g. because they have Windows 95 and not enough RAM for a newer version, with the understanding that they would not simply ignore the warning. We did not keep them available for people who decided to ignore both this message and the two updates available through the updater since.

Just a quick note. Spybot-SD 1.6 released tomorrow. That is July 4th.

as i have understand it will be released on monday look at this: http://forums.spybot.info/showthread.php?t=30453

Thanks for clarifying. I got it.

First of all CALM DOWN I appreciate this is an extremely stressful time but accidents can and do happen and sometimes the source of the problem isn't the obvious one.

Secondly The problems you are experiancing only happen if you are using an old version of spybot or you remove the Hellzlittlespy entry. Spybot 1.6 will be out on the 7th and hopefully this problem will be sorted by the new release, Also be careful what you say as some of what you have said could be considered slander:nono:.

To quote PepiMK

First of all, SHAME has spoken the truth at every juncture in this. If you want to carry this further, we can take this to another level. If you supply your personal information and the "owners" of SpyBot....I will gladly supply my information and we can bring this to the "legal" level. Your comments are laughable. I fully stand behind the comments of this poster....he is certainly not even remotely close to "slander".

He does bring up some very interesting points. This is basically hobbyist software and I should not have been using it in the first place (my bad).....but someone at your "company" surely did this on purpose as a malicious act.......removing lines of registry code identified as "hellzlittlespy".....cannot be an "accident". If you were legitimate in any way, the "company" would admit to this.

Another interesting comment by "Shame" is that you cannot even get the fix remotely close to right. The original "blog" did not identify method #3 as an XP/VISTA only fix. Then method #2 doesn't work for me, as numerous bad shutdowns have caused the iso/boot file to exclaim....."you must start two times in safe mode".....great!!!!!!!!!!!....you can't.

So, where is the slander? Spybot has succeeded where no virus has ever been able to....complete destruction.

SpyBot is in fact the most damaging VIRUS I have ever encountered.

By the way....you will get your chancce at a "slander" suit......I am so pissed off about this I am in the process of obtaining a url and i will soon be listed in all the search engines as a possible choice of selection when Spybot is the search term. The verbage will not be pretty.:euro:

Walker, do you own a real Win2000 installation disk?

Yes I do. I booted to it. It cannot fix this problem....at least with my knowledge base. What do you suggest?

removing lines of registry code identified as "hellzlittlespy".....cannot be an "accident"That the task in question is not compatible with 1.3 is documented in the public:
http://wiki.spybot.info/index.php/RegyChange
I kind of doubt we would prepare a intential bug about four years before letting it occur...


So, where is the slander? Spybot has succeeded where no virus has ever been able to....complete destruction.You must've had luck with your choice of viruses then ;)


I am so pissed off about this I am in the process of obtaining a url and i will soon be listed in all the search engines as a possible choice of selection when Spybot is the search term. The verbage will not be pretty.Sorry, but dozens of bad guys already pay big bucks to Google for Adwords for that purpose to be able to cheat people, unless you're a professional criminal, it should get difficult to get a high rank among them ;)

I did a cursory look at the forum and didn't see this problem. I installed v1.5.2 and did the requested reboot. Now I can't log in to my system. I click on my username and type in my password, and the system logs me in and then immediately logs me out. This happens repeatedly. I have tried virtually all boot modes under the f8 menu: safe mode, debugging mode, everything. (OS is XP Pro, and I think it is completely updated--it updates automatically). The behavior is always the same for either my regular account or the admin account. It logs in and immediately logs out. Any suggestions? I REALLY don't want to reinstall the OS.

Hi,

I've read that this problem doesn't occur with v1.5.2, but like round_midnight, I also was running v1.5.2 and have the same problem as of my June 29th update. My loop is now actually preceded by a Logon Message, "The system could not log you on. Make sure your User name and domain are correct, then type password again. Letters in passwords must be typed using the correct case." After this, I go to the logon/logoff loop. This occurs in windows logon, safe mode, administrator, or regular account. I have made no headway on the problem at all, it seems.

Having read this and Major Geeks forums comments on this problem and having visited every recommended site with hope of a solution, I am now waiting on an XP Installation CD from Dell to try the Bart PE.

I don't have a solution to offer, but wanted to make sure v1.5.2 is not given the "all-clear". If I didn't have two computers in the home to research the problem, I would have d/l the update onto this computer as well as part of the "weekend update."

Hope there is a true solution soon! If I have any success, I will post asap. Unfortunately, I seem to be undereducation for this one!

That the task in question is not compatible with 1.3 is documented in the public:
http://wiki.spybot.info/index.php/RegyChange
I kind of doubt we would prepare a intential bug about four years before letting it occur...

You must've had luck with your choice of viruses then ;)

Sorry, but dozens of bad guys already pay big bucks to Google for Adwords for that purpose to be able to cheat people, unless you're a professional criminal, it should get difficult to get a high rank among them ;)

I think as days go by you will learn that there is more to this than you know now....and maybe an apology will be in order. Look at bevdye1962 ....so you see this isn't only 1.3 and the non-screen "warnings" that v.1.3 people got. You have a problem and you want to play verbal football with it. Why go down this road? The fact is that SpyBot has caused a lot of problems for a lot of people and you are calling me a possible "Criminal" because my computers have been fried/toasted...and stepped on...by SpyBot. When I say that no virus has ever caused this much damage I mean it. That is a fact, as far as I am concerned.

I am not accusing the owners of SpyBot with intentionally creating this problem.....but something has been done with the latest updates to cause this problem. Even if an older version was used against suggestions that it not be.....having an update that causes a read of "hellzlittlespy"....and a deletion of a boot file from the reg.....is a bit much. At least it is to be considered unprofessional. The program ceasing to fuction at all, and not being able to be updated by the "updater" would have been a less harsh penalty to the criminal users of this software. This is like executing someone because he has not changed his under shorts.

All of this said......can someone please look over the posts and try to come up with a fix that is well written...and works?

A user sent me a PM with some information...I am posting it here so people can comment and possible give ideas in reference to what is mentioned here. Thanks.





Re: HellzLittleSpy Fix that really, really does work…..

--------------------------------------------------------------------------------

Hi,

I did see your posts at various different forums...and people's re-posts of your posts.

To be honest, I assumed this was some type of "troll service"....and that you were trying to drum up business for a small software seller.

After seeing the time you have spend on these PM's.....I don't think this is the case...and I appreciate your concern and trying to help.

First, I have to tell you that I did download the free program ver.8.....of course the boot disk is a paid for item....but this is OK. I downloaded to the only working computer in my home/small office setup. I see how the software creates restore points and it has a very nice interface....better than Norton in my opinion.

However, here is the problem...all of the computers have Norton Systemworks and Anti-Virus installed with GO BACK. Here is the problem. In order to try the other fixes mentioned in all of these posts....Norton wanted the removel of Go Back and all of it's components......this is before boot up....in a sort of pre boot....after bios area. It took about an hour to fully remove Go Back. This was the only way I could try the Win 2000 recovery console (didn't work)...the Bart Cd and/or the ISO/image...boot disk fiasco (requires two passes into safe mode!).

So, I believe that the earlier system states have all been removed....at least in the way that Norton reacts with them. The computer also never had Fix Vers. 8 installed of course, so whatever recovery points are created when the software is installed are not there.

I really do not think that this will work.

What are your thoughts?....by the way....I would gladly pay for the software...this is not the issue...I just think the system state recovery points are no longer there.

Nick Walker










Quote:
Originally Posted by HP_XP_User
Walker...

HellzLittleSpy Fix that really, really does work…..

Numerous, recent posts have indicated that the 06/25/08 update with SpyBot V1.3 seems to indicate CoolWWWSearch.hjg and HellzLittleSpy as false positives.

After going through the absolute “nightmare” of restoring my home network after letting SpyBot remove the “Userinit” value from the registry, here is how I managed to get my 3 home network PC set up back when the Userinit reg setting gets wiped out from the reg value settings,

As you know you can’t even really effectively boot into SafeMode, so you can’t even run a DOS prompt to run any batch program to re-write the registry, you get into that endless logon – logoff loop, etc., etc.,

………………..WELL DON’T RUN TO REFORMAT!

Go to the big audio/video chain stores and get a product called “Fix It Utilities Professional version 8. It is made by Avanquest, it sells for about $40, and it’s a 3 user license. Pop the CD into your drive, change any bios/boot up settings to allow the PC to boot from the CD rather than the hard drive and let the CD boot. Once it boots, and the interface comes up, run the program called Recovery Commander. Choose the option to restore from a System Restore Checkpoint. Let it run and assuming you do have a series of system checkpoints to choose from, you should be OK, once you reboot. This is a lifesaver!

By the way, I do not work for this company, I am not trying to submit an ad, I don’t get any kickbacks, I too was beyond enraged after letting Spybot screw my PC. Then I remembered that I had this software. I use this for other stuff, this utility is loaded with other things that you will want to use, I repeat it is a Lifesaver and perhaps the best $40 you will ever spend, since without that reg value your PC is nothing more than a very large and heavy paperweight!!!!!

By the way see my previous post about yet another false positive!

Hope this helps the countless users that seem to be hit by this “false positive”


HP-XP_User

As I stated in another thread, writing posts in upper caps or bold letters is usually regarded as "shouting" on the Internet. If you don't want to be seen as a "troll service", I would recommend sticking to the netiquette ;)

The immediate consequence now is that updates will be closed for any dated versions, see the announcement (http://forums.spybot.info/announcement.php?f=12). This is a no-win situation, as from experience we know that as many people as do complain like you do currently will complain about that and would request to still receive updates.

I think I did mention it before: the 1.3 user base are mostly those with Windows 95 and very small hardware. Where else in the industry do you find companies that still support Windows 9x? From the guys at any of the big commercial companies, you'll just receive an arrogant laugh (or worse) if you even mention it. So in the end, this step will lead to these people having no protection at all. I'm not sure if this indeed is better than having to take extra care with the scan results.

PepiMK......you are a very strange person.

Firstly, this is a cut and paste of a PM that another memeber sent to me concerning the problem. How you do not realize that is totally beyond me.

Then you refer to "Troll Service". Do you really think I am a troll trying to cause you or anyone at Spybot a problem? I am a guy with a toasted set of computers...caused by Spybot software. Please don't try to dismiss me as a troll. If you would like to meet in person on this issue let's trade info in PM and I'll discuss this with you in the near future. Don't take this as a threat...I am a friendly guy....but not a troll!!

Then you refer to the complaint......and that "people like me".......do complain......wtf? Do you think I really want to post here at all? I am not a computer hobbyist......I use computers out of necessity and try to use trouble free software that is simple and non-destructive. It is a good idea to discontinue updates for old versions.

The reality is that you do not understand what has happened, why it happened....and you want to be arrogant in your approach. Why not try to fix the problem for all the people with toasted computers....who were not careful with their scan results....ha....you must be joking!!....oh...please don't take this as a troll shout....please, please, please.








As I stated in another thread, writing posts in upper caps or bold letters is usually regarded as "shouting" on the Internet. If you don't want to be seen as a "troll service", I would recommend sticking to the netiquette ;)

The immediate consequence now is that updates will be closed for any dated versions, see the announcement (http://forums.spybot.info/announcement.php?f=12). This is a no-win situation, as from experience we know that as many people as do complain like you do currently will complain about that and would request to still receive updates.

I think I did mention it before: the 1.3 user base are mostly those with Windows 95 and very small hardware. Where else in the industry do you find companies that still support Windows 9x? From the guys at any of the big commercial companies, you'll just receive an arrogant laugh (or worse) if you even mention it. So in the end, this step will lead to these people having no protection at all. I'm not sure if this indeed is better than having to take extra care with the scan results.

Walker,

For what it's worth, I put the blame on Microsofts unstable operating system. Spybot is a third party free download and even though it's worked great for many years, these things are bound to happen. I bought a Mac today (using it now) and it's been seamless and simple so far. If your computing needs consist of photos, internet, basic home spreadsheet and word processing, etc., then you may want to go that route as well and rid yourself of Microsoft products.

I understand what you are saying.

Actually, Spybot was a favorite software for me. It corrected many problems for me in the past on many different systems. I rec. (past tense).....it to everyone and I even downloaded it onto two recently purchased laptops for my college kids.

I do however believe this is a major glitch...one that I have never seen before under any circumstances. Old versions equal no updates, freeze ups, reboots.......possible removal of the software.....etc.....never has it equalled a complete toasting with no answers forthcoming as to how to correct it.

Also, the attitude from some people who are "Team Bot"...is amazing to me. I would be working on getting some software solution. I burned an ISO image from a downloaded zip .........booted to this "solution"....and I still can't get accesss because it now wants two starts in "Safe Mode".

OK.....thanks for your comments.......I appreciate your thoughts.

I do like Apple products for the activities you note.....but for now I am heavily invested in Microsoft Win......on 11 different systems.... maybe some changes in the future.











Walker,

For what it's worth, I put the blame on Microsofts unstable operating system. Spybot is a third party free download and even though it's worked great for many years, these things are bound to happen. I bought a Mac today (using it now) and it's been seamless and simple so far. If your computing needs consist of photos, internet, basic home spreadsheet and word processing, etc., then you may want to go that route as well and rid yourself of Microsoft products.

Maybe I posted in the wrong thread, I've been at this for days and my eyes are shot.

I chose "Method #2, Offline registry tools and password resetter" posted by Yodama

All went well with download of offline registry tool.
When I come to-- "On the next prompt choose "9" Registry editor" it changes pages and prompts "What to do" "Simple registry editor"

I enter: cd Microsoft\Windows NT\CurrentVersion\Winlogon--just like example.

It gives back: (...)\Windows NT\CurrentVersion\Winlogon
as though it can't read it.
I have repeated 4 times.

Has anyone used this method?

Thanks for your help.

I enter: cd Microsoft\Windows NT\CurrentVersion\Winlogon--just like example.

It gives back: (...)\Windows NT\CurrentVersion\Winlogon
as though it can't read it.
I have repeated 4 times.



Hello Steve_C,

your progress with this method is correct so far,
this

(...)\Windows NT\CurrentVersion\Winlogon
shows that you have navigated to the required registry key.
you just need to continue.

by entering

ls
the contents (Keys and Values) of Winlogon will then be listed.

with

cat Userinit
you can view what data is present in Userinit

with

ed Userinit
you will be able to change the data for Userinit

....but what can be done about the two safe mode visits if the volume is "dirty"? As you know, you cannot get into safe mode. So, the software will not write to the disk...reading it as "read only". Do you have the solution to this?....or any other idea....as Method #2 was the only one for Win 2000 not on a network. I have now put approx. 20 hours into this....and still have 3 disabled machines.

By the way, I was able to get all the way through the ISO file...but it won't change the registry values as it is perceiving that it cannot write.

If you have any ideas, I'll even remove the drive from the machine and put it in the only machine that works here.

....but what can be done about the two safe mode visits if the volume is "dirty"? As you know, you cannot get into safe mode. So, the software will not write to the disk...reading it as "read only". Do you have the solution to this?....or any other idea....as Method #2 was the only one for Win 2000 not on a network. I have now put approx. 20 hours into this....and still have 3 disabled machines.

By the way, I was able to get all the way through the ISO file...but it won't change the registry values as it is perceiving that it cannot write.

If you have any ideas, I'll even remove the drive from the machine and put it in the only machine that works here.

If the boot disc tells you that you will have to reboot into windows safe mode twice so it can write, then you should follow that instruction.

To get into Windows safe mode you need to press F8 after the Bios screen and before the graphical Windows boot screen.
Choose to boot into safe mode, if it is not present press F8 again.
After Windows has booted into safe mode (do not try to login), restart the computer properly:
choose to "shut down" then "restart". If you do not see the option for shutting down click the options button.
repeat this procedure, then boot from the bootcd from method 2, it is now possible to write the changes.

I appreciate the quick answer.....but I believe a boot into safe mode is impossible with the missing file (removed by hellzlittlespy error).

If I could get into safe mode I could fix the problem.

I appreciate the quick answer.....but I believe a boot into safe mode is impossible with the missing file (removed by hellzlittlespy error).

If I could get into safe mode I could fix the problem.

in this case it is not about logging in to Windows safe mode, it is sufficient to get the login screen, then shut down properly (this has to be done twice).

This is about the file system, if you restart Windows by means like the reset switch or ctrl+alt+del the file system will be flagged as "dirty" and cannot be written with the bootcd from method 2.

in this case it is not about logging in to Windows safe mode, it is sufficient to get the login screen, then shut down properly (this has to be done twice).

This is about the file system, if you restart Windows by means like the reset switch or ctrl+alt+del the file system will be flagged as "dirty" and cannot be written with the bootcd from method 2.

Yes, but getting into Safe Mode is part of the loop...so what is considered a proper shut down?....just shutting off the power??....there is no box to check to say....Shut Down........it is going to be a hard shut down no matter what.

(I'm trying to say...you don't get a login screen because that is in the loop)

...by the way...anything here that could help?
http://www.ntfs.com/boot-disk-dos.htm

I tried this...but I can't figure out what to do. I also purchased $40 worth of a recovery program.....but the recovery points were removed by Norton....so ng.

Yes, but getting into Safe Mode is part of the loop...so what is considered a proper shut down?....just shutting off the power??....there is no box to check to say....Shut Down........it is going to be a hard shut down no matter what.

(I'm trying to say...you don't get a login screen because that is in the loop)

...by the way...anything here that could help?
http://www.ntfs.com/boot-disk-dos.htm

I tried this...but I can't figure out what to do. I also purchased $40 worth of a recovery program.....but the recovery points were removed by Norton....so ng.

ok, it seems I falsely assumed an explicit login which requires. An auto login makes this issue more complicated. I will see if I can find a way around this and also check the boot disk from the link you provided.

I chose "Method #2, Offline registry tools and password resetter" posted by Yodama

Thanks again Yodama for your help and quick response.

What a relief. (so that's what my desktop looks like) What an ordeal.
You were right, I should have kept going. I couldn't read the next screen shot until you pointed it out.

It's been a long week, but I learned a lot--even learned to almost like my notebook--saved me this time.

Oh well, time to start backing up the old desktop--HO!
where have I heard that before?

Steve_C

ok, it seems I falsely assumed an explicit login which requires. An auto login makes this issue more complicated. I will see if I can find a way around this and also check the boot disk from the link you provided.

...yes, it has no password....autologon........in regular boot the logon box and the desktop wallpaper keep flashing in sync....in safe mode the box "loading settings".....just stays there and never goes into safe mode.

If I could get the "dirty disk" thing cleared out.....I could get this sorted.....the success of Steve_C.....would repeat.....I got to the end of the edit....but the screen warns that it cannot write until 2 safe mode shutdowns are made. The software is fairly easy to use.....except for this issue.

I read all of the material from the writer of the disk....it seems this "dirty disk" thing is an issue and he doesn't actively support the software.

ATTN Yodama
as you seem to be reading the forum now
Please correct the mistakes in your blog.
http://forums.spybot.info/blog.php?b=14
All your paths for Windows2000 are incorrect and will not work for those users.
eg
"for Windows 2000
c:\windowsnt\......."
Should be
"for Windows 2000
c:\winnt\......."

Terminator,
I didn't intend to 'slander' anyone.
'Team Members' posting 'ideas' without having first replicated the problem and then fixed it, are wasting people's time.
The blog has errors that I pointed out yesterday and that remain uncorrected today and which if followed will just waste more people's time.
Also some posters are promoting commercial $oftware here as a fix. Circling sharks? No slander. There's blood in the water.

Editing the registry from another NT(w2k,xp - vista(?)OS installation would be the quickest way for people who have a network setup or who are prepared to physically remove the affected drive and slave it to a working box.
I tried the latter after reading this page:

http://smallvoid.com/article/winnt-offline-registry-edit.html

(Note: the paths to the files/registry-hives in step 4 in the above page relate to Windows2000 eg:
winnt/system32/config/software
For XP just substitute windows for winnt).

However, I didn't read step 4 properly on that page and loaded the wrong hive. Being smart I assumed (wrongly) that I should load the file/hive 'ntuser.dat' from my admin profile which I did and the key was there but the entry wasn't so I added it, put the drive back in it's own box and of course still had the logon loop so I just used my backup disk image I'd made a few hours before and moved on - problem fixed, time wasted and work lost.
In hindsight I should have loaded the hive: \system32\config\SOFTWARE (I think) and fixed the registry entry in there.
That's the extensionless file C:\Windows\system32\config\SOFTWARE <-XP
and C:\WINNT\system32\config\SOFTWARE <-Windows2000

Read the above page link and the following extra notes might help.

Start>Run and type regedt32
(Regedt32.exe is here: C:\WINDOWS\system32\regedt32.exe <-XP
and here: C:\WINNT\system32\regedt32.exe <-Windows 2000)

In Regedt32 make sure 'View' is set to 'Tree and Data' and 'Security>Permissions' has 'Read' & 'Full Control' checked.

When you have the hive loaded and named it something obvious (like STUFFUP) navigate to & highlight the key:
Software\Microsoft\Windows NT\CurrentVersion\Winlogon in the left pane
(If there's another key named WINDOWSNT, it's NOT that one, it's as above: Windows NT).
Then go to 'Edit>create new value'.
Type Userinit in the 'Name' field and make sure REG_SZ is in the 'Type' field.
Click OK and the String Editor box will open. Type or paste the path to userinit.exe in the field:
C:\Windows\system32\userinit.exe, <-XP AND don't forget the comma at the end!
C:\WINNT\system32\userinit.exe, <-Win2000 AND don't forget the comma at the end!

Unload the hive and close regedt32.
If you've jumper slaved the drive don't forget to move the drive jumper back to master before you put it back in its box.

Now, I did this in the wrong hive as I said so I haven't verified that it works. But if the value gets written then it should be good to go.

Maybe someone from Safer Networking can check these steps, make sure it works and post it as a sticky (and somehow GET it to ALL your users along with other working methods).
Those who are capable can do it themselves and those who are not could print it out and take it to their local computer mr.fixit or competent friend. Shouldn't take a few minutes to fix with the RIGHT instructions.

Apology Accepted:beerbeerb:.

ATTN Yodama (Again)
I see you've made the w2k corrections to your blog.
But. Right down the bottom of Method 4.....one(at least) correction too many:

" Windows XP:
Code:
cd c:\Winnt\system32\config
rename software software.oldbackup
rename software.bak software "

Cheers.
Oh, Terminator.
Cheers. I just popped the top off one myself.

Oh all right.
That code up there for XP should be
cd c:\Windows\system32\config
Winnt is the Windows 2000 toilet as we all now know.

For the record I was running Spybot 1.3 when I downloaded all the latest definitions only, ran it and ended up in the basket. I didn't download the program update nor anything to do with TeaTimer or Immunising both of which I never use.
Why was I using old 1.3? Because I'd tried 1.4 and it was very slowwwww.

Malloc, way back on page1 of this thread first suggested the offline registry editing AFAIK.

I'm not scared to try Spyboot again.
But I might wait out a few rounds and see what happens.

http://www.tek-tips.com/viewthread.cfm?qid=924408

I suspected HellzLittle what ever caused it and when I just ran spybot it's there again, so i googled it and found all you folks trying to get a fix. I don't know if it'll work for you, but it did for me. I did not have a bootable CD either. I just renamed the software hive per below, added userinit value (mine was blank) and then put original registry back. Pls don't bust my chops - I'm an old guy that has little experience - and may have taken a bad risk - but i had no important info on this home xp computer. happy 4th.

Here's paste from above link.

" Here is a second approach to making the computer bootable:
(from the LavaSoft forum)

First things first get to recovery console.

At recovery console, we need to replace the software hive with a previous good backup. It should look something like this:
C:\windows>cd system32\config
C:\windows\system32\config>ren software software.old
This renames the current software hive to software.old
C:\windows\system32\config>copy C:\windows\repair\software
It should say "1 file(s) copied"
NOTE: After the next step you will want to remove the cd, then boot into safe mode. If you do not boot into safe mode in Windows XP it may prompt you to reactivate and you may not be able to get into Windows.

C:\windows\system32\config>exit

Now hit the F8 key and boot into safe mode. Logon to the administrator account when you reach the welcome screen. Hopefully you will be able to logon.

Now we need to edit your old registry to change the path to the userinit.exe file:
open regedit.exe
Highlight HKEY_LOCAL_MACHINE (note: this is important, if you do not highlight this the next step will not work)
goto file - load hive...
Now select your old registry file which should be in C:\windows\system32\config\software.old
It will ask you what to name it, if you don't understand, just type "test".
Now navigate to the following:
HKEY_LOCAL_MACHINE\<what your named this in the previous step>\microsoft\windows nt\currentversion\winlogon.
Look at what the userinit value is. On my customer's machine it was %system32%\userinit.exe which is invalid.

NOTE: If you can, post what your value is when you look at this.

Next change the value to read C:\windows\system32\userinit.exe

Now close the registry editor, and we need to go back to recovery console to put your original registry back which should look like this:
C:\windows>cd system32\config
C:\windows\system32\config>del software
C:\windows\system32\config>ren software.old software
C:\windows\system32\config>exit

This (in theory) should get you back into Windows.

Help. I have been trying to fix the log on/log off problem for several days. I am working on a romote computer with XP Home edition.

Using Yadama's instructions I followed the procedures in Method 2. I was able to do everything successfully, but when I tried to log on the problem was still there. I repeated the procedure several times. Each time the register entry has remained the corrected form:

c:\windows\system32\userinit.exe,


Then method 4 was posted and I followed it. I created a NTFS4Dos cd. Booting it in my computer I get to

A:\>

Here I type in:

cd c:\Windows\system32\config

and I get the message:

CHDIR failed for 'c:\Windows\system32\config'

if i simply type:

cd c:

then the following appears

C:\
A:\

Any suggestions?

Help. I have been trying to fix the log on/log off problem for several days. I am working on a romote computer with XP Home edition.

Using Yadama's instructions I followed the procedures in Method 2. I was able to do everything successfully, but when I tried to log on the problem was still there. I repeated the procedure several times. Each time the register entry has remained the corrected form:

c:\windows\system32\userinit.exe,


Then method 4 was posted and I followed it. I created a NTFS4Dos cd. Booting it in my computer I get to

A:\>

Here I type in:

cd c:\Windows\system32\config

and I get the message:

CHDIR failed for 'c:\Windows\system32\config'

if i simply type:

cd c:

then the following appears

C:\
A:\

Any suggestions?


Any help out there i'm in this exact boat..........

A:\>

type c:

A:\>c:

press 'Enter'

C:\>

type cd c:\Windows\system32\config

C:\>cd c:\Windows\system32\config

press 'Enter'

C:\Windows\system32\config>

A:\>

type c:

A:\>c:

press 'Enter'

C:\>

type cd c:\Windows\system32\config

C:\>cd c:\Windows\system32\config

press 'Enter'

C:\Windows\system32\config>


If only i can get there:

C:\Windows\system32\config>

I did everything you did above and continue to get

CHDIR failed for c:\Windows\system32\config


So i've got other problems apparently. I also can no longer get to the sign in window that has the dreaded sign in log off problem. DRAMA DRAMA DRAMA

A:\>

type c:

A:\>c:

press 'Enter'

C:\> <- Can you get this far? The C: prompt. You must get to this stage first.

If you didn't get this then do it and try entering your 'cd ....' command again. If that fails try this at the C:\> prompt:

type dir c:

C:\>dir c:

Press 'Enter'

a list of dir's (directories aka folders) on the root of C: will be displayed

See what your windows folder is called. Eg 'Windows' for XP, 'Winnt' for windows2000
To access other drives from the command prompt the first command you have to enter is simply the drive letter followed by a colon eg:
a: or b: or c: ........ x: y: z: etc etc to get the correct drive letter prompt.
The command " cd " means 'Change Directory' (directory also known as folder)
The error message you're getting 'CHDIR failed.....' means at least one of the directories/sub-directories in that path cannot be found.

Make sure you are typing the path correctly, no extra spaces etc.

Have a poke around with the drive letters and the dir command if you have more than one drive.
"I also can no longer get to the sign in window......"
You're not leaving the boot cd or floppy in it's drive are you?

A:\>

type c:

A:\>c:

press 'Enter'

C:\> <- Can you get this far? The C: prompt. You must get to this stage first.

If you didn't get this then do it and try entering your 'cd ....' command again. If that fails try this at the C:\> prompt:

type dir c:

C:\>dir c:

Press 'Enter'

a list of dir's (directories aka folders) on the root of C: will be displayed

See what your windows folder is called. Eg 'Windows' for XP, 'Winnt' for windows2000
To access other drives from the command prompt the first command you have to enter is simply the drive letter followed by a colon eg:
a: or b: or c: ........ x: y: z: etc etc to get the correct drive letter prompt.
The command " cd " means 'Change Directory' (directory also known as folder)
The error message you're getting 'CHDIR failed.....' means at least one of the directories/sub-directories in that path cannot be found.

Make sure you are typing the path correctly, no extra spaces etc.

Have a poke around with the drive letters and the dir command if you have more than one drive.
"I also can no longer get to the sign in window......"
You're not leaving the boot cd or floppy in it's drive are you?

I can get here

C:\>

and then here

C:\>dir c:

I'm at work and can't make use of the laptop right now but the info i got after going to the dir c: was minimal at best...

Actually what showed i put in another thread Saturday/sunday which appears to be lost now. CHI-VA was assisting at the time.....I'll have to get back to this once i get home......

THANKS

Hi rvnmaniac!

My posts are lost too. Something seems to wrong with your system. If I remember it correctly you have a Windows XP CD available. In this case I would recommend to build a BartPE CD. It is just a small download. You will need about 30 minutes to build the CD. The advantage is that you have an user interface similar to Windows XP which makes it easier to find and repair your system. No need to use stupid, confusing command lines.:lip:

Homepage from BartPE:
http://www.nu2.nu/pebuilder/

Here is a little video for building the CD:
http://www.youtube.com/watch?v=78gKzcuq-dw

You can find a guide for repairing your system here(post 27):
http://forums.spybot.info/showthread.php?p=210078#post210078

Before you can use the above fix you have to find your Windows system first. I would recommend to use "Total commander" (a file manager) which you can find on your BartPE CD.

Find this folder:

c:\windows\system32\config

Probably it is c: but it could be a different one. Don't mix it up with the folder for BartPE. It is easily to distinguish if you just take a look if the drive contains your data.

If you have found your system drive please rename(right mouse on the specific file and choose rename):

'default.bak' to 'default'
'sam.bak' to 'sam'
'system.bak' to 'system'
'software.bak' to 'software'
'security.bak' to 'security'

This is necessary because we have to undo the changes from the recovery console. After that you can proceed like described in this post:
http://forums.spybot.info/showthread.php?p=210078#post210078

I have to ask it again because this is necessary to understand what has happen to your system. Do you only have used the recovery console to rename the file names? You haven't formated the drive nor created new partitions? The same with the ultimate boot CD?

Formatting and creating new partitions would definitely delete your data. So don't do it.

Unlike these unfortunate guys, I didn't shut down my computer after version 1.3 found hellzlittlespy. Out of curiosity, I googled hellzlittlespy and came to this. needless to say I freaked after reading all this.
So, I made the entry in the regedit userinit value box as told (it was missing!)
Will this keep my computer from this nightmare?
Should I do anything else?
oh yeah, I installed ver 1.52 and have NOT rebooted, to be safe I restored the hellzlittlespy and www.coolsearch back into the system
What do I do next?

thanks,
John

Hi rvnmaniac!

My posts are lost too. Something seems to wrong with your system. If I remember it correctly you have a Windows XP CD available. In this case I would recommend to build a BartPE CD. It is just a small download. You will need about 30 minutes to build the CD. The advantage is that you have an user interface similar to Windows XP which makes it easier to find and repair your system. No need to use stupid, confusing command lines.:lip:

Homepage from BartPE:
http://www.nu2.nu/pebuilder/

Here is a little video for building the CD:
http://www.youtube.com/watch?v=78gKzcuq-dw

You can find a guide for repairing your system here(post 27):
http://forums.spybot.info/showthread.php?p=210078#post210078

Before you can use the above fix you have to find your Windows system first. I would recommend to use "Total commander" (a file manager) which you can find on your BartPE CD.

Find this folder:

c:\windows\system32\config

Probably it is c: but it could be a different one. Don't mix it up with the folder for BartPE. It is easily to distinguish if you just take a look if the drive contains your data.

If you have found your system drive please rename(right mouse on the specific file and choose rename):

'default.bak' to 'default'
'sam.bak' to 'sam'
'system.bak' to 'system'
'software.bak' to 'software'
'security.bak' to 'security'

This is necessary because we have to undo the changes from the recovery console. After that you can proceed like described in this post:
http://forums.spybot.info/showthread.php?p=210078#post210078

I have to ask it again because this is necessary to understand what has happen to your system. Do you only have used the recovery console to rename the file names? You haven't formated the drive nor created new partitions? The same with the ultimate boot CD?

Formatting and creating new partitions would definitely delete your data. So don't do it.

having problems downloading the BartPE CD. Watching the you tube display my folder was missing the ISO file pebuilder3110a. So i will try downloading it again.........I've only used the recovery console and have not formatted the drive nor created new partitions.......

having problems downloading the BartPE CD. Watching the you tube display my folder was missing the ISO file pebuilder3110a. So i will try downloading it again.........I've only used the recovery console and have not formatted the drive nor created new partitions.......

Downloaded again and got 4 Errors and 9 Warnings.......this is almost like work............

Ok, you can stop trying to build the BootCD. It seems that you don't have much luck. I guess that you are using an OEM version of Windows XP. Probably one from Dell. I'm almost out of ideas. :buried:

Do you have already tried all drive letters from a: to z: with NTFSDos? Wasn't there any folders if you used the 'dir' command? Please also try the command 'CHKDSK'. This will show you the data state of the drive.

Apart from that, do you have a second desktop computer where you can plug your hard disk?

Good Night!

Hi rvnmaniac!

I probably have finally found the reason why NTFS4DOS doesn't work for you. What capacity does your hard drive has? The
reason why I'm asking is because DOS doesn't support every hardware and this is probably the reason why we are
unable to find your system. Without the recovery console and without the support of a Windows PE system this is gonna be one of the
toughest repair procedure.

Is a repair installation an option for you? I know you will loose all the Windows Updates and the restore points but your personal data
will not be removed nor the installed applications. Some of them won't work after the repair installation because the registry would be
replaced as well.

http://www.webtree.ca/windowsxp/repair_xp.htm#How%20to%20Repair%20Windows%20XP%20by%20Installing%20Over%20top%20of%20Existing%20Setup:

The above solution would be our last resort. There are still methods left which we haven't tried yet. Just keep it in mind if
you don't have the time to try them out.

Do you still have a floppy drive? If yes, do you have ever created an automatic start disk?
http://support.microsoft.com/?scid=kb%3Ben-us%3B299526&x=5&y=20

I'm back up and running - got in using Spybot's "Method #2" solution when Fix-It Utilities didn't work for me. It is only by a miracle that I think I succeeded. I am not technically minded at all, and just entered commands on faith then hit reboot with fingers crossed. I wish everyone else still dealing with this issue much much luck. I totally wasted my entire 4-day holiday weekend dealing with this fiasco, and am still working on my system to be sure I have no permanent problems.

This whole mess is a prime example of the abysmal failure of the computer technology sector's ability to communicate with the masses with clear cut instructions and user-friendly "safe" technology. Computers are here to stay that is a given. But when you have college-educated users who are unable to understand even the most "basic" of commands, there is a problem with communication. A HUGE problem.

With most technology, you don't have to understand it to use it. I drive a car. I put gas in it, keep it tuned and serviced, I learn the rules of the road and I drive. Technology and models change, but overall a car is a car. Relatively simple. Almost everyone on the planet can drive one.

I own a computer. I have to have several operating systems to run it safely and efficiently, based on my individual or corporate needs. Each operating system has its own methodology. Change one system, must change some of the other system, but maybe not all. Average user guesses wrong on one step of an update, something major goes wrong, and out comes the techno-language that baffles almost everyone on the planet.

Computer technology is changing so quickly most of us cannot keep up - even if we understood what we're trying to keep up with. But most of us have other jobs that keep the planet running - important jobs like police officer, fireman, college professor... We don't have time to learn to function in a whole second industry. Sometimes we don't even know what questions to ask in order to get help. And therein lies the rub, my fellow discontented ones - those fellow humans who do learn this stuff for a living cannot communicate with those of us who don't!

I've learned more about computer operting systems in the last 6 days than I ever thought I'd learn - and feel I know absolutely nothing still!!! I've read multiple discussion threads on multiple websites, from post one to pages ad nauseum, and what I see are two distinct sides: Those who profess to know what they are doing - and those of us just struggling to keep up. The problem is, a lot of the time those who should know don't - but won't admit to it - and those of us struggling along feel grabbed by the short hairs (to put it as mildly as I can).

Face it: Computer technology is not like other technology because of three major issues: It involves technology evolving so quickly most can't keep up; it involves a major amount of trust in strangers who profess that they will keep us safe; and it involves connection to the internet where anyone in the world can maliciously invade our technology any time they want. It's the end of the world....

Spybot Tech Team: Re-read all the boards on this problem. You have a major trust issue with your product now that may not be surmountable - especially since you have just released another version of your spyware that is already having installation issues. Terminator says, "hopefully" this (current) problem will be sorted out by the new release. Not holding my breath. PepiMK, in many posts you've accused us public users of "deciding to ignore both this message and the two updates available," and "(ending updates to 1.3) ...will lead to these people having no protection at all. I'm not sure if this indeed is better than having to take extra care with the scan results." Well, right now, having no protection at all sounds a whole lot better than installing a program designed to help us but that actually helps to bring us down. Not a good way to regain broken trust...

Computer techs across the world: PLEASE find some way to speak in easy to understand, regular everyday people language! And please do not offer solutions until you are absolutely sure they will work for us mere mortals. Your updates obviously weren't obvious, or most of us would have updated! My husband ran spybot daily, and repeatedly has gone to the internet to access updates. Why didn't the system update automatically, not just the definitions? When Adaware updated their operating version, it was boldly announced on startup and directions for finding and downloading the most up-to-date version were clearly given. You can't hide something, and expect everyone to find it. And all this stuff about having to decide if each scan result was valid or not. Ummmm... isn't spybot designed to find bad stuff for us to remove from our computers before it causes damage? Why should I - like most, a non-technology oriented user - have to decide if Spybot is telling the truth or not?? Oh, see there... back to that trust issue again.

I will not be reinstalling any version of Spybot on my computer. It is obviously too difficult for stupid little me to use. You might have retained me as a user if the tech team had been able to show a little more organization in their response to this crisis, and compassion toward their wounded users. But turning this issue back on us and telling us it was our fault is too much. Faith gone.

One last question that I hope I can get a straightforward, understandable answer to: Since I used Method #2 to get back into my system, is hellzlittlespy still there, waiting for me to use my Norton or Adaware program to find, remove, and start me back into that logon loop, or am I good to go? Please, give me one last simple answer I can trust.

Mopeyone:

In the following analogy:


...

With most technology, you don't have to understand it to use it. I drive a car. I put gas in it, keep it tuned and serviced, I learn the rules of the road and I drive. Technology and models change, but overall a car is a car. Relatively simple. Almost everyone on the planet can drive one.

...

Do you personally perform the maintenance to "… keep it tuned and serviced, …". There was a day when a shade tree mechanic could pull out a timing light and tachometer, change the points and plugs and tune a car. Those days are gone too.

Using a computer is one thing. Unfortunately, in many cases maintaining it takes a different skill set.

Gee, thank you for choosing to rebut back but not answer my question. Suffice it to say that it seems that computer technologists will never understand the root of the frustration of their consumer base. I don't know why I tried.

Please, just let me know if I need to do anything more to get hellzlittlespy off my computer. I am sorry I am stupid and I don't really understand what I was able to fix - only that I was able to get past it. And I don't understand what a "false positive" is. And I don't know if I am truly free of this mess. Please, just tell me how to get past this so I can leave this forum and never ever come back.

I can safely say that Spybot 1.6.0.30 has cured this unfortunate problem and many others therefore I strongly advise all users to upgrade to it ASAP :eek:.

This whole mess was the result of conflicts between old and new technology (pay attention Microsoft). Those of you who insist on using obsolete versions of Spybot must shoulder a portion of the blame for this as it has been said, on more then one occassion, that the newer definitions are NOT fully compatible with versions 1.4 and below.

I accept that Windows 95/98/ME/2000 users may have problems running the latest versions of Spybot because of resource problems but that is your problem, not Spybots.

I know it sounds like I'm getting at the users of older operating systems but i'm not I'm just trying to draw a line under this mess and kick start the healing process.

As my last word on the subject, if you must use an older version of Windows be careful and if in doubt don't!!!

Gee, thank you for choosing to rebut back but not answer my question. Suffice it to say that it seems that computer technologists will never understand the root of the frustration of their consumer base. I don't know why I tried.

Please, just let me know if I need to do anything more to get hellzlittlespy off my computer. I am sorry I am stupid and I don't really understand what I was able to fix - only that I was able to get past it. And I don't understand what a "false positive" is. And I don't know if I am truly free of this mess. Please, just tell me how to get past this so I can leave this forum and never ever come back.

A "False Positive" is just a techie term for for thinking a file/entry is one thing when in fact it's something completely differant.

Your not stupid, I remember 8 years ago when I took my 1st IT course, I went into it thinking I knew everything about computers but I was totally and utterly WRONG, I went in at an intermediate level and after a fortnight I was ready to jack it in but I stuck with it and it made me a better person.

What I knew 8 years ago about computers compared to now could be written on the back of a postage stamp with space to spare. Computers are a constant learning curve, every day My computer teaches me something new and I learn from it.

To keep a computer tuned and ready to use, just follow these simple points:

1: Defrag your computer at least once a month.

2: Keep your Security Programs and Windows up to date by checking for updates every day or 2.

3: Run Anti-Virus and Anti Spyware Scans once fortnight.

4: If you don't understand something ask a knowledgable friend or a computer repair shop to clarifiy it for you.

5: Once a year format (wipe) your hard drive and re-install Windows and any other Essential programs.

6: Get a good drive cleaner and clear out the temp files and your Internet history once a week

If you have trouble doing these then ask your friendly local Repair shop to do it for you :).

I do not want to install version 1.6 of Spybot. Am I safe? Is hellslittlespy still on my computer? For this situation only: What will 1.6 do for me that leaving it off my computer won't? I continue not to understand the ramifications of this overall issue. Honestly, my mind (like many) is incapable of understanding computer technology. Trust me, I'm not an overall stupid person, but I know my limits - I am willing to admit them, but I refuse to be guilted by them. Please understand this. Am I safe, that is all I want to know. If I am not, what is the simplest way for me to get past the hellslittlespy invasion?

FYI - I use Windows XP Pro, on a computer-geek built system from various manufactured components (not all dell, HP, etc.)

Terminator, our posts crossed. You seem to be trying to help, so thank you. But... I still need reassurance regarding the HLS issue:

All of those items you list to keep a computer running efficiently we are already doing, as frequently or more often as you recommend. We will continue to practice these, and I appreciate the reminder. However, I need to know: Is HLS off my computer? If still there, how do I get rid of it safely? I don't mean to sound paranoid, but... well... I'm paranoid.

I do not want to install version 1.6 of Spybot. Am I safe? Is hellslittlespy still on my computer? For this situation only: What will 1.6 do for me that leaving it off my computer won't? I continue not to understand the ramifications of this overall issue. Honestly, my mind (like many) is incapable of understanding computer technology. Trust me, I'm not an overall stupid person, but I know my limits - I am willing to admit them, but I refuse to be guilted by them. Please understand this. Am I safe, that is all I want to know. If I am not, what is the simplest way for me to get past the hellslittlespy invasion?

FYI - I use Windows XP Pro, on a computer-geek built system from various manufactured components (not all dell, HP, etc.)

1.6 isn't affected by the false positive and since your running XP you'll have more than enough Computer resources to run it with out incident.

"Am I safe? Is hellslittlespy still on my computer?"

The only way you'll find that out is to install spybot and run another scan and if it shows up then you'll know.

When it comes to computing and the Internet we all need to be a little bit careful but there is no shame in asking for help, If you don't understand something ask.

Okay, so I install 1.6 and run a scan and HLS shows up again. What do I do then?????????????? I know you are trying to be patient with me, but this now paranoid non-technology oriented human does not understand the ramifications of finding something like this. I really hate making assumptions with computer stuff is involved (see where that got me already in prior posts). But can I assume if it doesn't find it I'm safe? or is this a dangerous assumption? And if it does find it, what do I do about it?? Really, intense handholding necessary at this point (and I bet I'm not the only one out there needing it).

Thanks again, really.

And, and just before I hit "send" I thought of another question. If I choose to keep the newest Spybot version on my computer, what is to prevent this ever happening again? I sincerely don't understand how we let this happen in this instance, I'm quite sure we'll probably miss letting it happen again. In the past we've done spybot updates - run a scan - deleted whatever it told us to delete - shut down, no problems. If I have to look at each entry spybot flags to try determine if it is a real threat or not, I guarantee I'm gonna get in trouble again.

Answering the top of this post more important at this point than the bottom question. I want the immediate threat off my computer, then I'll deal with moving forward.

Again, thanks.

Mopeyone:

Can I assume "HLS" is the HellzLittleSpy detection?

What version of Spybot were you originally running Spybot 1.3 or Spybot 1.4? The reason I am asking is because the boot loop problem with HellzLittleSpy in Spybot 1.3 was a false positive on systems without HellzLittleSpy. In Spybot 1.4 it was a real detection that got fixed incorrectly.

It may help if you posted the log of the actual detections you are getting. There are several ways to do that:
Run another scan.
When the scan completes, right click on the results list, select "Copy results to clipboard".
Then paste (Ctrl+V) those results to a new post in this thread.
--- or ---
Post the second Checks.yymmdd-hhmm.log produced during the original scan.

By default here are two Checks.yymmdd-hhmm.log files produced during a scan. The second Checks.yymmdd-hhmm.log has the details of what the scan found. A Fixes.yymmdd-hhmm.log file is produced if you fix or attempt to fix something.

There are two methods to copy and post the information from previous scans:
Method 1:
Go into Spybot > Mode > Advanced mode > Tools > View Reports > View Previous reports. Look for the Checks.yymmdd-hhmm.log or Fixes.yymmdd-hhmm.log file that contains the detections that you like help with. Open it. To copy it to the Clipboard, right click on the listing and select Select All > Right click again and select Copy. Paste (Ctrl+V) the contents of the Clipboard into a new post in this thread.
Method 2
The Checks.yymmdd-hhmm.log and Fixes.yymmdd-hhmm.log files are stored in the following folders:
Windows 95 or 98:
C:\Windows\Application Data\Spybot - Search & Destroy\Logs
Windows ME:
C:\Windows\All Users\Application Data\Spybot - Search & Destroy\Logs
Windows NT, 2000 or XP:
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs
Windows Vista:
C:\ProgramData\Spybot - Search & Destroy\Logs
Using Windows Explorer, navigate to the correct Checks.yymmdd-hhmm.log or Fixes.yymmdd-hhmm.log file. Double click on it and it should open with Notepad. To copy it to the Clipboard, right click on the listing and select Select All > Right click again and select Copy. Paste (Ctrl+V) the contents of the Clipboard into a new post in this thread.

We were running version 1.3 - which I've uninstalled from my computer, so don't think I can attempt to gather that other information for you.

And yes, "HLS" does stand for Hellzlittlespy - just got tired of typing it all out.

Mopeyone:

Please post a log from your current detection of Hellzlittlespy with Spybot 1.6!

I'll try it, but it'll take a couple of weeks. I'm supposed to be going on a vacation this week, and I'm way behind in preparing for it from having concentrated on nothing but this for 6 days. I'll install and try to capture a log when I get back. I really really need a vacation now.

Are there variations on what HLS did/how it appeared or something? By this request, it seems that every user of version 1.3 might have been "infected" "affected" differently... Or am I wrong, and a 1.3 system crash was a 1.3 system crash was a 1.3 system crash....

Just trying to get this resolved quicker if I can.

Thanks for continuing to try to help me understand...

I just spied a quote a friend recently sent me, that I copied and posted to my computer screen here at work: "Life is too short to be aggravated by non-human things!" A-men.

Hi there!

I guess I had excately the same problem as Mopeyone, and still do....
I've managed to repair XP and updated IE, but got infected while doing so. Now I've run the S&D 1.3 again, but getting a little wiser...

I guess I shouldn't fix the problems before I've upgaded to 1.6?

Right?

Here's a clip from 2 of the almost fatal reports.

Please, give me some advice what to do!

/M
-- Report generated: 2008-06-28 17:30 ---

CoolWWWSearch.hjg: User settings (Registerändring, fixed)
HKEY_USERS\S-1-5-21-436374069-1417001333-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\PrivDiscUiShown!=W=0

HellzLittleSpy: Settings (Registerändring, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit!=<$SYSDIR>\userinit.exe,


--- Spybot - Search && Destroy version: 1.3 ---
2008-06-17 Includes\Adware.sbi
2008-06-18 Includes\AdwareC.sbi
2008-06-03 Includes\Cookies.sbi
2008-06-03 Includes\Dialer.sbi
2008-06-24 Includes\DialerC.sbi
2008-06-03 Includes\HeavyDuty.sbi
2008-06-16 Includes\Hijackers.sbi
2008-06-17 Includes\HijackersC.sbi
2008-06-25 Includes\Keyloggers.sbi
2008-06-24 Includes\KeyloggersC.sbi
2004-11-29 Includes\LSP.sbi
2008-06-24 Includes\Malware.sbi
2008-06-24 Includes\MalwareC.sbi
2008-06-17 Includes\PUPS.sbi
2008-06-24 Includes\PUPSC.sbi
2007-11-07 Includes\Revision.sbi
2008-06-10 Includes\Security.sbi
2008-06-18 Includes\SecurityC.sbi
2008-06-03 Includes\Spybots.sbi
2008-06-03 Includes\SpybotsC.sbi
2008-06-17 Includes\Spyware.sbi
2008-06-17 Includes\SpywareC.sbi
2008-06-03 Includes\Tracks.uti
2008-06-24 Includes\Trojans.sbi
2008-06-25 Includes\TrojansC.sbi
2007-06-06 Plugins\TCPIPAddress.dll


--- Report generated: 2008-07-07 19:31 ---

Comet Cursors: Interface (_IBhoEvents) (Registernyckel, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{4937D5D1-2039-409A-BD83-FEC9B39B2356}

CoolWWWSearch.hjg: User settings (Registerändring, fixed)
HKEY_USERS\S-1-5-21-436374069-1417001333-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\PrivDiscUiShown!=W=0

HellzLittleSpy: Settings (Registerändring, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit!=<$SYSDIR>\userinit.exe,

Zlob.Downloader.vdt: Settings (Registernyckel, fixed)
HKEY_CLASSES_ROOT\multimediaControls.chl\


--- Spybot - Search && Destroy version: 1.3 ---
2008-06-17 Includes\Adware.sbi
2008-06-18 Includes\AdwareC.sbi
2008-06-03 Includes\Cookies.sbi
2008-06-03 Includes\Dialer.sbi
2008-06-24 Includes\DialerC.sbi
2008-06-03 Includes\HeavyDuty.sbi
2008-06-16 Includes\Hijackers.sbi
2008-06-17 Includes\HijackersC.sbi
2008-06-25 Includes\Keyloggers.sbi
2008-06-24 Includes\KeyloggersC.sbi
2004-11-29 Includes\LSP.sbi
2008-06-24 Includes\Malware.sbi
2008-06-24 Includes\MalwareC.sbi
2008-06-17 Includes\PUPS.sbi
2008-06-24 Includes\PUPSC.sbi
2007-11-07 Includes\Revision.sbi
2008-06-10 Includes\Security.sbi
2008-06-18 Includes\SecurityC.sbi
2008-06-03 Includes\Spybots.sbi
2008-06-03 Includes\SpybotsC.sbi
2008-06-17 Includes\Spyware.sbi
2008-06-17 Includes\SpywareC.sbi
2008-06-03 Includes\Tracks.uti
2008-06-24 Includes\Trojans.sbi
2008-06-25 Includes\TrojansC.sbi
2007-06-06 Plugins\TCPIPAddress.dll

Mateo1:


... I guess I shouldn't fix the problems before I've upgaded to 1.6?

Right?

...
If you fix the the following problem:


HellzLittleSpy: Settings (Registerändring, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit!=<$SYSDIR>\userinit.exe,
You will most likely disable your ability to logon to your system if you reboot without first restoring the original registry value altered during the fix.

So you are correct.

Oh, here's the current report.


--- Search result list ---
Right Media: Tracking cookie (Internet Explorer: Mats Olofsson) (Cookie, nothing done)


BurstMedia: Tracking cookie (Internet Explorer: Mats Olofsson) (Cookie, nothing done)


Comet Cursors: Interface (_IBhoEvents) (Registernyckel, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{4937D5D1-2039-409A-BD83-FEC9B39B2356}

CoolWWWSearch.hjg: User settings (Registerändring, nothing done)
HKEY_USERS\S-1-5-21-436374069-1417001333-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\PrivDiscUiShown!=W=0

HellzLittleSpy: Settings (Registerändring, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit!=<$SYSDIR>\userinit.exe,

Zlob.Downloader.vdt: Settings (Registernyckel, nothing done)
HKEY_CLASSES_ROOT\multimediaControls.chl\


--- Spybot - Search && Destroy version: 1.3 ---
2008-06-17 Includes\Adware.sbi
2008-06-18 Includes\AdwareC.sbi
2008-06-03 Includes\Cookies.sbi
2008-06-03 Includes\Dialer.sbi
2008-06-24 Includes\DialerC.sbi
2008-06-03 Includes\HeavyDuty.sbi
2008-06-16 Includes\Hijackers.sbi
2008-06-17 Includes\HijackersC.sbi
2008-06-25 Includes\Keyloggers.sbi
2008-06-24 Includes\KeyloggersC.sbi
2004-11-29 Includes\LSP.sbi
2008-06-24 Includes\Malware.sbi
2008-06-24 Includes\MalwareC.sbi
2008-06-17 Includes\PUPS.sbi
2008-06-24 Includes\PUPSC.sbi
2007-11-07 Includes\Revision.sbi
2008-06-10 Includes\Security.sbi
2008-06-18 Includes\SecurityC.sbi
2008-06-03 Includes\Spybots.sbi
2008-06-03 Includes\SpybotsC.sbi
2008-06-17 Includes\Spyware.sbi
2008-06-17 Includes\SpywareC.sbi
2008-06-03 Includes\Tracks.uti
2008-06-24 Includes\Trojans.sbi
2008-06-25 Includes\TrojansC.sbi
2007-06-06 Plugins\TCPIPAddress.dll


--- System information ---
Windows XP (Build: 2600) Service Pack 2
/ Internet Explorer 6 / SP1: Windows XP Hotfix - KB889293
/ Internet Explorer 6 / SP1: Windows XP Hotfix - KB918439
/ Internet Explorer 6 / SP1: Windows XP Hotfix - KB918899
/ Internet Explorer 6 / SP1: Windows XP Hotfix - KB925486
/ MSXML4SP2: FIX: ASP stops responding when calling Response.Redirect to another server using msxml4 sp2
/ MSXML4SP2: Security update for MSXML4 SP2 (KB936181)
/ Outlook Express 6 / SP1: Windows XP Hotfix - KB911567
/ Windows / SP1: Microsoft Internationalized Domain Names Mitigation APIs
/ Windows / SP1: Microsoft National Language Support Downlevel APIs
/ Windows Media Format 11 SDK: Hotfix for Windows Media Format 11 SDK (KB929399)
/ Windows Media Player 10: Säkerhetsuppdatering för Windows Media Player 10 (KB911565)
/ Windows Media Player 10: Säkerhetsuppdatering för Windows Media Player 10 (KB917734)
/ Windows Media Player 10: Säkerhetsuppdatering för Windows Media Player 10 (KB936782)
/ Windows Media Player 11: Säkerhetsuppdatering för Windows Media Player 11 (KB936782)
/ Windows Media Player 11: Snabbkorrigering för Windows Media Player 11 (KB939683)
/ Windows Media Player 6.4: Säkerhetsuppdatering för Windows Media Player 6.4 (KB925398)
/ Windows XP: Säkerhetsuppdatering för Windows XP (KB923689)
/ Windows XP: Säkerhetsuppdatering för Windows XP (KB941569)
/ Windows XP / SP0: Säkerhetsuppdatering för Windows Internet Explorer 7 (KB928090)
/ Windows XP / SP0: Säkerhetsuppdatering för Windows Internet Explorer 7 (KB929969)
/ Windows XP / SP0: Säkerhetsuppdatering för Windows Internet Explorer 7 (KB931768)
/ Windows XP / SP0: Säkerhetsuppdatering för Windows Internet Explorer 7 (KB933566)
/ Windows XP / SP0: Säkerhetsuppdatering för Windows Internet Explorer 7 (KB937143)
/ Windows XP / SP0: Säkerhetsuppdatering för Windows Internet Explorer 7 (KB938127)
/ Windows XP / SP0: Säkerhetsuppdatering för Windows Internet Explorer 7 (KB939653)
/ Windows XP / SP0: Säkerhetsuppdatering för Windows Internet Explorer 7 (KB942615)
/ Windows XP / SP0: Säkerhetsuppdatering för Windows Internet Explorer 7 (KB944533)
/ Windows XP / SP0: Snabbkorrigering för Windows Internet Explorer 7 (KB947864)
/ Windows XP / SP0: Säkerhetsuppdatering för Windows Internet Explorer 7 (KB950759)
/ Windows XP / SP10: Microsoft Compression Client Pack 1.0 for Windows XP
/ Windows XP / SP2: Windows XP Service Pack 2
/ Windows XP / SP3: Windows XP Hotfix - KB834707
/ Windows XP / SP3: Windows XP Hotfix - KB867282
/ Windows XP / SP3: Windows XP Hotfix - KB873333
/ Windows XP / SP3: Windows XP Hotfix - KB873339
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB883939)
/ Windows XP / SP3: Windows XP Hotfix - KB885250
/ Windows XP / SP3: Windows XP Hotfix - KB885835
/ Windows XP / SP3: Windows XP Hotfix - KB885836
/ Windows XP / SP3: Windows XP Hotfix - KB885884
/ Windows XP / SP3: Windows XP Hotfix - KB886185
/ Windows XP / SP3: Windows XP Hotfix - KB887472
/ Windows XP / SP3: Windows XP Hotfix - KB887742
/ Windows XP / SP3: Windows XP Hotfix - KB888113
/ Windows XP / SP3: Windows XP Hotfix - KB888302
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB890046)
/ Windows XP / SP3: Windows XP Hotfix - KB890047
/ Windows XP / SP3: Windows XP Hotfix - KB890175
/ Windows XP / SP3: Windows XP Hotfix - KB890859
/ Windows XP / SP3: Windows XP Hotfix - KB890923
/ Windows XP / SP3: Windows XP Hotfix - KB891781
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB893066)
/ Windows XP / SP3: Windows XP Hotfix - KB893086
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB893756)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Uppdatering för Windows XP (KB894391)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB896358)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB896422)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB896423)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB896424)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB896428)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB896688)
/ Windows XP / SP3: Uppdatering för Windows XP (KB896727)
/ Windows XP / SP3: Uppdatering för Windows XP (KB898461)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB899587)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB899588)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB899591)
/ Windows XP / SP3: Uppdatering för Windows XP (KB900485)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB900725)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB901017)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB901190)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB901214)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB902400)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB903235)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB904706)
/ Windows XP / SP3: Uppdatering för Windows XP (KB904942)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB905414)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB905749)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB905915)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB908519)
/ Windows XP / SP3: Uppdatering för Windows XP (KB908531)
/ Windows XP / SP3: Uppdatering för Windows XP (KB910437)
/ Windows XP / SP3: Uppdatering för Windows XP (KB911280)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB911562)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB911567)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB911927)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB912812)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB912919)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB913446)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB913580)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB914388)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB914389)
/ Windows XP / SP3: Snabbkorrigering för Windows XP (KB914440)
/ Windows XP / SP3: Hotfix for Windows XP (KB915865)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB916281)
/ Windows XP / SP3: Uppdatering för Windows XP (KB916595)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB917159)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB917344)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB917422)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB917953)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB918118)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB918439)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB918899)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB919007)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB920213)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB920214)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB920670)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB920683)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB920685)
/ Windows XP / SP3: Uppdatering för Windows XP (KB920872)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB921398)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB921503)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB921883)
/ Windows XP / SP3: Uppdatering för Windows XP (KB922582)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB922616)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB922760)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB922819)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB923191)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB923414)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB923694)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB923980)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB924191)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB924270)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB924496)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB924667)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB925454)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB925486)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB925902)
/ Windows XP / SP3: Hotfix for Windows XP (KB926239)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB926255)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB926436)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB927779)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB927802)
/ Windows XP / SP3: Uppdatering för Windows XP (KB927891)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB928255)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB928843)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB929123)
/ Windows XP / SP3: Uppdatering för Windows XP (KB929338)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB929969)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB930178)
/ Windows XP / SP3: Uppdatering för Windows XP (KB930916)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB931261)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB931784)
/ Windows XP / SP3: Uppdatering för Windows XP (KB931836)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB932168)
/ Windows XP / SP3: Uppdatering för Windows XP (KB932823-v3)
/ Windows XP / SP3: Uppdatering för Windows XP (KB933360)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB933729)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB935839)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB935840)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB936021)
/ Windows XP / SP3: Uppdatering för Windows XP (KB936357)
/ Windows XP / SP3: Uppdatering för Windows XP (KB938828)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB938829)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB941202)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB941568)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB941644)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB941693)
/ Windows XP / SP3: Uppdatering för Windows XP (KB942763)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB943055)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB943460)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB943485)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB944653)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB945553)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB946026)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB948590)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB948881)
/ Windows XP / SP3: Säkerhetsuppdatering för Windows XP (KB950749)
/ Windows XP / SP4: Uppdatering för Windows XP (KB942763)
/ Windows XP / SP4: Säkerhetsuppdatering för Windows XP (KB950760)
/ Windows XP / SP4: Säkerhetsuppdatering för Windows XP (KB950762)
/ Windows XP / SP4: Säkerhetsuppdatering för Windows XP (KB951376)
/ Windows XP / SP4: Säkerhetsuppdatering för Windows XP (KB951376-v2)
/ Windows XP / SP4: Säkerhetsuppdatering för Windows XP (KB951698)


--- Startup entries list ---
Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe"
file: C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe
size: 39792
MD5: 8b9145d229d4e89d15acb820d4a3a90f

Located: HK_LM:Run, iTunesHelper
command: "C:\Program\iTunes\iTunesHelper.exe"
file: C:\Program\iTunes\iTunesHelper.exe
size: 267048
MD5: 04a9f0c58b170f30445bcc0683ef9ffc

Located: HK_LM:Run, Norman ZANDA
command: "C:\Program\Norman\Npm\Bin\ZLH.EXE" /LOAD /SPLASH
file: C:\Program\Norman\Npm\Bin\ZLH.EXE
size: 277616
MD5: f9da295ba43d6428c55116610c8a2988

Located: HK_LM:Run, NPCTray
command: C:\Program\Norman\npc\bin\npc_tray.exe /LOAD
file: C:\Program\Norman\npc\bin\npc_tray.exe
size: 126008
MD5: d54116ff57dffb196913cccb440cb2fb

Located: HK_LM:Run, PC Pitstop Optimize Scheduler
command: C:\Program\PCPitstop\Optimize\PCPOptimize.exe -boot
file: C:\Program\PCPitstop\Optimize\PCPOptimize.exe
size: 2577120
MD5: 62f139b48c9b85c44480c334e2de26db

Located: HK_LM:Run, QuickTime Task
command: "C:\Program\QuickTime\qttask.exe" -atboottime
file: C:\Program\QuickTime\qttask.exe
size: 413696
MD5: 6df76965a0fb8237e9c3b3cab9815ec2

Located: HK_LM:Run, TkBellExe
command: "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot
file: C:\Program\Delade filer\Real\Update_OB\realsched.exe
size: 180269
MD5: d09a5f5c4dbd5d4dff09ab1a69812062

Located: HK_CU:Run, ctfmon.exe
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: febe82a289a6645e26b27f3a0a4d2b84

Located: HK_CU:Run, MSMSGS
command: "C:\Program\Messenger\msmsgs.exe" /background
file: C:\Program\Messenger\msmsgs.exe
size: 1694208
MD5: 74e6e96c6f0e2eca4edbb7f7a468f259

Located: Startup (common), HOTSYNCSHORTCUTNAME.lnk
command: C:\Program\Palm\Hotsync.exe

Located: Startup (common), InterVideo WinCinema Manager.lnk
command: C:\Program\InterVideo\Common\Bin\WinCinemaMgr.exe
file: C:\Program\InterVideo\Common\Bin\WinCinemaMgr.exe
size: 98304
MD5: f1d8d98012efc27680983b25c8cf4f12

Located: Startup (common), Microsoft Office.lnk
command: C:\Program\Microsoft Office\Office10\OSA.EXE
file: C:\Program\Microsoft Office\Office10\OSA.EXE
size: 83360
MD5: 5bc65464354a9fd3beaa28e18839734a

Located: Startup (common), Personal.lnk
command: C:\Program\Personal\bin\Personal.exe
file: C:\Program\Personal\bin\Personal.exe
size: 722728
MD5: 5f5e0176e1b30ebc8266658894c72cb3

Located: Startup (common), Windows Skrivbordssökning.lnk
command: C:\Program\Windows Desktop Search\WindowsSearch.exe
file: C:\Program\Windows Desktop Search\WindowsSearch.exe
size: 257752
MD5: cfbd142459389efd5c5f27cd913c2564



--- Browser helper object list ---
{02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
BHO name:
CLSID name: Yahoo! Toolbar Helper
description: Yahoo Companion!
classification: Legitimate
known filename: Ycomp*_*_*_*.dll
info link: http://companion.yahoo.com/
info source: TonyKlein

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
BHO name:
CLSID name: Adobe PDF Reader Link Helper
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link: http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: C:\Program\Delade filer\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 2006-10-23 00:08:42
Date (last access): 2008-07-01 09:55:14
Date (last write): 2006-10-23 00:08:42
Filesize: 62080
Attributes: archive
MD5: C11F6A1F61481E24BE3FDC06EA6F7D2A
CRC32: E388508F
Version: 0.8.0.0

{1C1B8A44-61FE-411E-8F33-813A4E2E2984} (AVG Safe Search)
BHO name:
CLSID name: AVG Safe Search

{2F85D76C-0569-466F-A488-493E6BD0E955} (dsWebAllowBHO Class)
BHO name:
CLSID name: dsWebAllowBHO Class
Path: C:\Program\Windows Desktop Search\
Long name: dsWebAllow.dll
Short name: DSWEBA~1.DLL
Date (created): 2006-03-26 23:44:10
Date (last access): 2008-07-01 09:59:46
Date (last write): 2006-03-26 23:44:10
Filesize: 265432
Attributes: archive
MD5: 3EEEAFCE6B19C9AB3F6AE71A6FC99B11
CRC32: BA5EA549
Version: 0.2.0.6

{53707962-6F74-2D53-2644-206D7942484F} ()
BHO name:
CLSID name:
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\Program\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 2004-05-12 02:03:00
Date (last access): 2008-07-01 09:59:34
Date (last write): 2004-05-12 02:03:00
Filesize: 744960
Attributes: archive
MD5: ABF5BA518C6A5ED104496FF42D19AD88
CRC32: 5587736E
Version: 0.1.0.3

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
BHO name:
CLSID name: SSVHelper Class
Path: C:\Program\Java\jre1.5.0_06\bin\
Long name: ssv.dll
Short name:
Date (created): 2005-11-10 14:03:56
Date (last access): 2008-07-01 09:57:04
Date (last write): 2005-11-10 14:22:10
Filesize: 184423
Attributes: archive
MD5: F01726F7CA8538FDD4663C9DB8FEAEDC
CRC32: 0111B892
Version: 0.5.0.0

{7E853D72-626A-48EC-A868-BA8D5E23E045} ()
BHO name:
CLSID name:

{9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
BHO name:
CLSID name: Windows Live Sign-in Helper
Path: C:\Program\Delade filer\Microsoft Shared\Windows Live\
Long name: WindowsLiveLogin.dll
Short name: WINDOW~1.DLL
Date (created): 2006-08-31 21:33:06
Date (last access): 2008-07-01 09:55:54
Date (last write): 2006-08-31 21:33:06
Filesize: 322368
Attributes: archive
MD5: E43F7CFDEE2B00A22C96C168147B20D3
CRC32: 2AEACC43
Version: 0.4.0.100

{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
BHO name:
CLSID name: Windows Live Toolbar Helper
Path: C:\Program\Windows Live Toolbar\
Long name: msntb.dll
Short name:
Date (created): 2007-10-19 12:20:48
Date (last access): 2008-07-01 09:59:50
Date (last write): 2007-10-19 12:20:48
Filesize: 546320
Attributes: archive
MD5: CEE1BE1DA21300208D07FBEAE9EA2B51
CRC32: 12446524
Version: 0.3.0.1



--- ActiveX list ---
DirectAnimation Java Classes (DirectAnimation Java Classes)
DPF name: DirectAnimation Java Classes
CLSID name:
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\dajava.cab
info link:
info source: Patrick M. Kolla

Microsoft XML Parser for Java (Microsoft XML Parser for Java)
DPF name: Microsoft XML Parser for Java
CLSID name:
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\xmldso.cab
info link:
info source: Patrick M. Kolla

ppctlcab (ppctlcab)
DPF name: ppctlcab
CLSID name:

{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool)
DPF name:
CLSID name: Office Genuine Advantage Validation Tool
Path: C:\WINDOWS\system32\
Long name: OGACheckControl.DLL
Short name: OGACHE~1.DLL
Date (created): 2006-10-13 12:30:10
Date (last access): 2008-07-01 10:18:16
Date (last write): 2007-03-05 14:34:28
Filesize: 676224
Attributes: archive
MD5: B221B218126BC9409257F39837BAB90C
CRC32: 60F920AA
Version: 0.1.0.6

{166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control)
DPF name:
CLSID name: Shockwave ActiveX Control
description: Macromedia ShockWave Flash Player 7
classification: Unknown
known filename: SWDIR.DLL
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\Adobe\Director\
Long name: SwDir.dll
Short name:
Date (created): 2008-04-18 13:36:02
Date (last access): 2008-07-01 10:18:44
Date (last write): 2008-03-19 19:36:22
Filesize: 202168
Attributes: archive
MD5: 284259B6EB9901B8978B78AFC5514627
CRC32: 6C37B749
Version: 0.11.0.0

{5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module)
DPF name:
CLSID name: Windows Live Safety Center Base Module
Path: C:\WINDOWS\Downloaded Program Files\
Long name: wlscBase.dll
Short name:
Date (created): 2008-06-24 08:05:12
Date (last access): 2008-06-24 08:05:12
Date (last write): 2008-06-24 08:05:12
Filesize: 455744
Attributes: archive
MD5: 17536C890DF63AB4644EB111C28128F5
CRC32: 0E5EC3BB
Version: 0.1.0.8

{5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control)
DPF name:
CLSID name: Facebook Photo Uploader Control
Path: C:\WINDOWS\Downloaded Program Files\
Long name: FacebookPhotoUploader.ocx
Short name: FACEBO~1.OCX
Date (created): 2005-11-03 20:17:36
Date (last access): 2008-07-01 10:08:06
Date (last write): 2005-11-03 20:17:36
Filesize: 1935120
Attributes: archive
MD5: 5A39F109CB87893FD683F49699BCE2B4
CRC32: 729D4EBC
Version: 0.3.0.5

{8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class)
DPF name:
CLSID name: MessengerStatsClient Class
Path: C:\WINDOWS\Downloaded Program Files\
Long name: messengerstatsclient.dll
Short name: MESSEN~1.DLL
Date (created): 2003-05-29 16:00:20
Date (last access): 2008-07-01 10:08:06
Date (last write): 2003-05-29 16:00:20
Filesize: 160864
Attributes: archive
MD5: B069B555A00AA026F657AA4FD13AE154
CRC32: 89BB01E1
Version: 0.7.0.1

{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} ()
DPF name:
CLSID name:

{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\Macromed\Flash\
Long name: Flash9f.ocx
Short name:
Date (created): 2008-03-25 04:32:42
Date (last access): 2008-07-01 10:20:00
Date (last write): 2008-03-25 04:32:42
Filesize: 2991488
Attributes: archive
MD5: 48FDF435B8595604E54125B321924510
CRC32: 12335E29
Version: 0.9.0.0



--- Process list ---
Spybot - Search && Destroy process list report, 2008-07-08 21:23:51

PID: 0 ( 0) [System]
PID: 4 ( 0) System
PID: 192 (1660) C:\Program\Windows Desktop Search\WindowsSearchFilter.exe
PID: 196 (1756) C:\WINDOWS\system32\ctfmon.exe
PID: 204 (1756) C:\Program\Messenger\msmsgs.exe
PID: 216 ( 916) C:\Program\Norman\npf\bin\npfuser.exe
PID: 228 (2320) C:\Program\Norman\Nvc\Bin\cclaw.exe
PID: 424 ( 640) C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PID: 440 ( 640) C:\Program\Bonjour\mDNSResponder.exe
PID: 504 ( 4) \SystemRoot\System32\smss.exe
PID: 572 ( 504) \??\C:\WINDOWS\system32\csrss.exe
PID: 596 ( 504) \??\C:\WINDOWS\system32\winlogon.exe
PID: 640 ( 596) C:\WINDOWS\system32\services.exe
PID: 652 ( 596) C:\WINDOWS\system32\lsass.exe
PID: 700 (1756) C:\Program\InterVideo\Common\Bin\WinCinemaMgr.exe
PID: 760 ( 640) C:\WINDOWS\system32\svchost.exe
PID: 800 ( 640) C:\Program\Norman\Npm\Bin\Elogsvc.exe
PID: 812 ( 640) C:\Program\Norman\Ngs\bin\NPROSEC.EXE
PID: 888 ( 640) C:\WINDOWS\system32\svchost.exe
PID: 956 ( 640) C:\WINDOWS\system32\svchost.exe
PID: 1032 ( 640) C:\WINDOWS\System32\svchost.exe
PID: 1064 (1756) C:\Program\Personal\bin\Personal.exe
PID: 1100 ( 640) C:\Program\Norman\Npm\Bin\Zanda.exe
PID: 1120 ( 640) C:\Program\Norman\npm\bin\nvoy.exe
PID: 1188 (1660) C:\Program\Windows Desktop Search\WindowsSearchFilter.exe
PID: 1192 ( 640) C:\WINDOWS\System32\svchost.exe
PID: 1256 ( 640) C:\WINDOWS\System32\svchost.exe
PID: 1268 ( 640) C:\Program\Norman\npf\bin\npfsvc32.exe
PID: 1304 (1756) C:\Program\Windows Desktop Search\WindowsSearch.exe
PID: 1484 ( 640) C:\WINDOWS\system32\spoolsv.exe
PID: 1564 ( 888) C:\Program\Delade filer\Microsoft Shared\Windows Live\WLLoginProxy.exe
PID: 1660 ( 888) C:\Program\Windows Desktop Search\WindowsSearchIndexer.exe
PID: 1756 (1688) C:\WINDOWS\Explorer.EXE
PID: 1916 ( 640) C:\Program\Norman\Npm\bin\NVCSCHED.EXE
PID: 1932 ( 640) C:\Program\Norman\Npm\bin\NJEEVES.EXE
PID: 1956 (1756) C:\Program\Delade filer\Real\Update_OB\realsched.exe
PID: 1992 (1756) C:\Program\iTunes\iTunesHelper.exe
PID: 2032 ( 640) C:\Program\Norman\npc\bin\npcsvc32.exe
PID: 2036 (1756) C:\Program\Norman\Npm\Bin\ZLH.EXE
PID: 2104 ( 640) C:\Program\iPod\bin\iPodService.exe
PID: 2492 ( 640) C:\WINDOWS\System32\alg.exe
PID: 2524 (1756) C:\Program\Microsoft Office\Office10\EXCEL.EXE
PID: 2560 ( 640) C:\Program\Norman\npc\bin\nuaa.exe
PID: 2700 ( 640) C:\Program\Norman\nse\bin\NSESVC.EXE
PID: 3056 ( 640) C:\Program\Norman\Nvc\bin\nvcoas.exe
PID: 3252 (2036) C:\Program\Norman\Nvc\Bin\Nip.exe
PID: 3680 (1756) C:\Program\Spybot - Search & Destroy\SpybotSD.exe
PID: 4060 (1756) C:\Program\Internet Explorer\iexplore.exe


--- Browser start & search pages list ---
Spybot - Search && Destroy browser pages report, 2008-07-08 21:23:51

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.google.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
http://www.google.com/ie
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
about:blank
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://www.google.com/ie
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://www.google.com/search?q=%s
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://www.google.com/ie
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


--- Winsock Layered Service Provider list ---
Protocol 0: NLF over [MSAFD Tcpip [TCP/IP]]
GUID: {B8EDD80C-C7BA-405D-ACD5-189E648724C8}
Filename: C:\Program\Norman\npc\bin\nlf.dll

Protocol 1: NLF over [MSAFD Tcpip [UDP/IP]]
GUID: {98DFB492-BA95-4E76-A9C5-60186EF3CD91}
Filename: C:\Program\Norman\npc\bin\nlf.dll

Protocol 2: NLF over [MSAFD Tcpip [RAW/IP]]
GUID: {4B6EF903-1AB0-4A47-84BA-3E1034BED286}
Filename: C:\Program\Norman\npc\bin\nlf.dll

Protocol 3: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 4: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 5: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 6: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 7: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{B71C9178-D011-40D8-968D-8CA1ED89F9BE}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{B71C9178-D011-40D8-968D-8CA1ED89F9BE}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{449D0066-13AA-42DF-BDC0-4CB27FCA7399}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{449D0066-13AA-42DF-BDC0-4CB27FCA7399}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D326444B-BF9D-4F51-AFBB-4BDE73E1003D}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D326444B-BF9D-4F51-AFBB-4BDE73E1003D}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{9AFD314D-D332-460A-9D29-92F8A966C44C}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{9AFD314D-D332-460A-9D29-92F8A966C44C}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4E8A109D-561E-4EA7-947A-5C6317CD2F31}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4E8A109D-561E-4EA7-947A-5C6317CD2F31}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 18: NLF
GUID: {0AA8A6F0-4E44-4C09-8BEC-C981447D5549}
Filename: C:\Program\Norman\npc\bin\nlf.dll

Namespace Provider 0: mdnsNSP
GUID: {B600E6E9-553B-4A19-8696-335E5C896153}
Filename: C:\Program\Bonjour\mdnsNSP.dll

Namespace Provider 1: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 2: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

Namespace Provider 3: Namnområde för NLA (Network Location Awareness)
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace

[QUOTE=bevdye1962;209119]..loop is now actually preceded by a Logon Message, "The system could not log you on. Make sure your User name and domain are correct, then type password again. Letters in passwords must be typed using the correct case." After this, I go to the logon/logoff loop.

---------
This is an update on my secondary Logon Message issue. It was resolved after doing chdsk and fixboot from c:\ prompt through recovery console with a Dell OEM reinstallation disk, then following the procedure at http://www.2pure.net/index.php?session=0&action=read&click=open&article=1150238652. I followed the steps at that link three times, and the third time I am back to the original logon/logoff loop that this thread is intended to address.


I'm still stuck in the logon/logoff loop, even when restoring to a date 2 weeks prior to the Spybot v1.5.2 update, so I am still researching with everyone else. Just wanted to update for someone else's sake who may run into the second Logon Message issue.

bevdye1962

I'm back up and running - got in using Spybot's "Method #2" solution when Fix-It Utilities didn't work for me. It is only by a miracle that I think I succeeded. I am not technically minded at all, and just entered commands on faith then hit reboot with fingers crossed. I wish everyone else still dealing with this issue much much luck. I totally wasted my entire 4-day holiday weekend dealing with this fiasco, and am still working on my system to be sure I have no permanent problems.

This whole mess is a prime example of the abysmal failure of the computer technology sector's ability to communicate with the masses with clear cut instructions and user-friendly "safe" technology. Computers are here to stay that is a given. But when you have college-educated users who are unable to understand even the most "basic" of commands, there is a problem with communication. A HUGE problem.

With most technology, you don't have to understand it to use it. I drive a car. I put gas in it, keep it tuned and serviced, I learn the rules of the road and I drive. Technology and models change, but overall a car is a car. Relatively simple. Almost everyone on the planet can drive one.

I own a computer. I have to have several operating systems to run it safely and efficiently, based on my individual or corporate needs. Each operating system has its own methodology. Change one system, must change some of the other system, but maybe not all. Average user guesses wrong on one step of an update, something major goes wrong, and out comes the techno-language that baffles almost everyone on the planet.

Computer technology is changing so quickly most of us cannot keep up - even if we understood what we're trying to keep up with. But most of us have other jobs that keep the planet running - important jobs like police officer, fireman, college professor... We don't have time to learn to function in a whole second industry. Sometimes we don't even know what questions to ask in order to get help. And therein lies the rub, my fellow discontented ones - those fellow humans who do learn this stuff for a living cannot communicate with those of us who don't!

I've learned more about computer operting systems in the last 6 days than I ever thought I'd learn - and feel I know absolutely nothing still!!! I've read multiple discussion threads on multiple websites, from post one to pages ad nauseum, and what I see are two distinct sides: Those who profess to know what they are doing - and those of us just struggling to keep up. The problem is, a lot of the time those who should know don't - but won't admit to it - and those of us struggling along feel grabbed by the short hairs (to put it as mildly as I can).

Face it: Computer technology is not like other technology because of three major issues: It involves technology evolving so quickly most can't keep up; it involves a major amount of trust in strangers who profess that they will keep us safe; and it involves connection to the internet where anyone in the world can maliciously invade our technology any time they want. It's the end of the world....

Spybot Tech Team: Re-read all the boards on this problem. You have a major trust issue with your product now that may not be surmountable - especially since you have just released another version of your spyware that is already having installation issues. Terminator says, "hopefully" this (current) problem will be sorted out by the new release. Not holding my breath. PepiMK, in many posts you've accused us public users of "deciding to ignore both this message and the two updates available," and "(ending updates to 1.3) ...will lead to these people having no protection at all. I'm not sure if this indeed is better than having to take extra care with the scan results." Well, right now, having no protection at all sounds a whole lot better than installing a program designed to help us but that actually helps to bring us down. Not a good way to regain broken trust...

Computer techs across the world: PLEASE find some way to speak in easy to understand, regular everyday people language! And please do not offer solutions until you are absolutely sure they will work for us mere mortals. Your updates obviously weren't obvious, or most of us would have updated! My husband ran spybot daily, and repeatedly has gone to the internet to access updates. Why didn't the system update automatically, not just the definitions? When Adaware updated their operating version, it was boldly announced on startup and directions for finding and downloading the most up-to-date version were clearly given. You can't hide something, and expect everyone to find it. And all this stuff about having to decide if each scan result was valid or not. Ummmm... isn't spybot designed to find bad stuff for us to remove from our computers before it causes damage? Why should I - like most, a non-technology oriented user - have to decide if Spybot is telling the truth or not?? Oh, see there... back to that trust issue again.

I will not be reinstalling any version of Spybot on my computer. It is obviously too difficult for stupid little me to use. You might have retained me as a user if the tech team had been able to show a little more organization in their response to this crisis, and compassion toward their wounded users. But turning this issue back on us and telling us it was our fault is too much. Faith gone.

One last question that I hope I can get a straightforward, understandable answer to: Since I used Method #2 to get back into my system, is hellzlittlespy still there, waiting for me to use my Norton or Adaware program to find, remove, and start me back into that logon loop, or am I good to go? Please, give me one last simple answer I can trust.

My feelings exactly...posted by someone with a greater command of the language...thank you!!:bigthumb:

Comments
Old
userinit
I have used method 2 numerous times with success, I don't know what walkere problem is, but maybe a basic computer course would be a good place to start.
Thank you
Posted Yesterday at 17:46 by turbobooster turbobooster is offline




To check out the "Walkere" problem just look at;

http://forums.spybot.info/showpost.p...&postcount=102
http://forums.spybot.info/search.php?searchid=1243611

Turboboostere.......pourquoi descendez cette route?....I hope you are smiling and have a nice beret on....but you are................très, très drôle Monsieur Turboboostere!!



I think I have been disrespected by Inspector Turboostere on the blog...maybe he should read all the threads in this site? He says he doesn't know what "Walkere problem is".........:funny:

My feelings exactly...posted by someone with a greater command of the language...thank you!!:bigthumb:

It seems like a lot of trouble to create a UserID simply to add one post but that is what I am doing. First of all I want to say, as did Walker, “Well said Mopeyone!”

I was lucky enough to fix the SpyBot damage with the so-called Method 2. One of the first actions, once I got my system back, was to delete all traces of SpyBot. I MAY return to the program someday but it is doubtful. I’ve deleted Spybot not so much because of what the program does or doesn’t do but because of the attitude of some of the support people here. In reading the posts it is obvious that some have attempted to be and have been helpful but it is also obvious that some of these people really should not be filling any type of support role.

The people behind Spybot should take a look at how Grisoft updates AVG, how Zonealarm rolls out updates and how Lavasoft rolls out Adaware. And they really need to take a look at who is doing support and move some of them to some backroom somewhere.

I've been following this problem from the start. I lost two days of computer usage but did not have to give up my entire weekend as I had feared. I know I am not a techie. I am more of a button pusher who follows instructions from my company's tech support teams while helping out here and there.

As I said earlier it seems like a lot of trouble to post one message. I'm not following the forum any longer as I am not running Spybot but I did want to offer moral support to Mopeyone. You are probably more tech-savy than most of the people out there. You are certainly more articulate!

Good luck.

Walker and Nothere Long - Thanks for posting your support. I hesitated to write, but I just had to get it out of my system. There are so many of us out here who have been totally frustrated with this issue - and who will, unfortunately it seems, continue to be frustrated as long as computer technology exists. I have and continue to feel your pain, so spoke for us all!

Nothere Long - thanks for citing the specific spyware companies who have done a great job alerting users to system vs. definition updates. We caught the latest Adaware update clearly, and updated immediatly. If only....

Good luck out there, fellow technology captives - We shall endure!

"Life is too short to be aggravated by non-human things!"

Spybot caused the computer problems that I'm hearing on this board, AND I CAN PROVE IT!! SPYBOT IS FINISHED!!!!:police: