You have toasted (i.e. destroyed) 100's...maybe 1,000's of people's machines. The solutions are complex and take advanced knowledge (like is the Bart CD good on Win 2000 Pro?....it looks like XP only)....it takes an advanced user to create this disk and load the three files. Thanks. Your software is worse than the baddest virus out there....complete destruction...and thanks again!! Your free software is not so free now! Would you like to come to my party and fix my computer. Yep...the best virus out there....SPYBOT

ja....unt vill die solution #3 verk mit Win 2000 Pro?

Hello,

Please have a look at this blog we have just written about this problem:
http://forums.spybot.info/blog.php?b=14
That should help to solve it. :-)

Best regards
Sanra
Team Spybot

Hello,

Please have a look at this blog we have just written about this problem:
http://forums.spybot.info/blog.php?b=14
That should help to solve it. :-)

Best regards
Sanra
Team Spybot

Yes, thank you all at Spybot (best virus in the world) for toasting my computer. I wonder if we can name a new virus...the hellzlittlespy Vers. 1.3 virus that wasn't a virus...but toasted more computers than any before? I have now spent 7 hours trying to fix the registry of my computers using all of the methods on this and other forums. Your "Solution #2" does not work. Guess what...it does not work. I burned the image onto cd and booted from that cd. Everything went as shown on the screen shots, but the registry was not changed from the one that is now defective.....due to your software...and only your software. In the beginning of trying to use the iso disk, it comes up with a statement that the computer has to be started in Safe Mode twice because no changes can be made without this. However, the computer cannot be started in Safe Mode due to your software removing the code it needs in the registry to start in Safe Mode. Why don't you screw up one of your computers.......and see that your solution does not work.....what now Sherlock?

There were problems in the include file <filename>. See ''Include errors.log'' for details.Does that ring a bell? Whenever you scan with an old version like 1.3, it'll tell you that it's incompatible. Unless you've decided to go to the settings page and disable this warning. Search the forum for this message and you'll see that many users do actually notice this message.

We kept the updates available for 1.3 users simply for those who were forced to keep using it e.g. because they have Windows 95 and not enough RAM for a newer version, with the understanding that they would not simply ignore the warning. We did not keep them available for people who decided to ignore both this message and the two updates available through the updater since.

....uuugh....don't even try this........there was no "warning" at ALL......if there was, I certainly would not have just "ignored" it. Is this some kind of a sick joke to blame the victim? It's like my computer was raped...and now you want to blame me. Not Funny At ALL! I had the installed version of 1.3......I used it quite often and upgraded using the buttons on the interface. The only pop-up message was about conflicts with Adaware.....and even that message I did not disable. If you want to help, that is one thing.....but please, don't even try this blame game b.s. dude.

and might I add for those that are tone deaf;

"There were problems in the include file <filename>. See ''Include errors.log'' for details".

Ring a bell?????...NO!

If you search the forum for "Include errors.log", you'll find 66 discussions from other people who asked what this message means. Here's a screenshot of what I refer to:

http://img162.imageshack.us/img162/9359/screenshot87warningxy9.png

There is on option on the settings page, called
Ignore if single detections in include files need a newer program version.
which would make this message go away if checked, but otherwise, it should show up on each scan, probably multiple times.
Are you sure you haven't seen this during scans?

And since you said you upgraded quite often, take a look at the updates that all versions of Spybot-S&D download (warning, tech talk ahead):
http://www.safer-networking.org/updates/spybotsd.ini
It's a bit technical, but in the group [Main update 1.5.2], there is no MinBuild parameter, meaning that it will show to all versions up to the MaxBuild one, which here is 20071230 (1.5.2 itself). Both the "Importance=Hoch" and the exclamation mark in front of the "Info" field tell the update function to pre-check this update in the list of updates Spybot-S&D shows. So, from the technical perspective, everything looks quite like 1.3 would show the main update.

That is theory alone of course and quite technical maybe, so I went ahead, took a fresh 1.3, searched for updates, and voila:

http://img124.imageshack.us/img124/8361/screenshot85spybotsearchh0.png

The main application update shows, and installs when clicking the download button. Unless you right-clicked the entry and told Spybot-S&D to ignore this update, it would show up again and again. And if you stopped the update after starting it, the setup file to install the new version should still remain visible on your desktop.

Between 1.3 and 1.4, I have to admit there might not have been a full installer, just a message that told you to download the newer version, which is no longer reproducible today, so I can't retest that condition.

PepiMK...I haven't used ""quote" as that would be a waste of space....but let me say the following.

You are obviously a much smarter guy than me when it comes to this particular issue. I am heated up as I now have three computers that are toasted.....and they all contain things that I need on a daily basis. My life is at a standstill.......although I do have copies of a lot of files, etc. and can get the information if I am willing to reformat, re-enter all the programs and transfer files.

We can argue about what screens came up and what was downloaded for a long period of time. The fact is that no message ever came up that you show in the first screen shot and I don't really understand where you are going on the second screen shot. Everytime I downloaded the updates, the boxes would turn to green check marks. Everytime I used Spybot, I updated. I never got any error messages about error logs, versions or anything else. I certainly never got any message about updating to a newer version....because I gladly would have. I certainl;y did not go into settings. All boxes were checked. Believe me...this is just another glitch in the softare as it relates to Win 2000 Pro and the Service Pack that I use....which would be the latest according to the Microsoft updater. Arguing about this does not do anyone any good. You are only trying to justify what happened and it certainly seems that someone at Spybot added some malicious code.

Can we please just move on from what has passed? Can you help me to add the registry line that is necessary to boot? Someone at Spybot needs to spend the time to figure out what to do. The fixes (three methods) do not work. Can you help?

The second screenshot should have shown that the main application update to 1.5.2 should actually show and install during regular updates. But you're right, moving on to fix the problem would be the more sensible thing than arguing :)
I must admit though that with all the voices around, I haven't read up everything on the issue yet; I will have to read more and possibly run a test here to get the complete picture to not give any wrong advice.

Thanks.....I'm standing by hoping someone can help. I'm trying not be be an ass...le......but this is a big problem for me.....and I have not seen anything quite like this....ever.

By the way, I am working from the only working computer in my house. The situation is the same here.....Spybot v.1.3......the updater does not have any error messages or version update requests...and I have never gone into settings.....this is admin. controlled and no one has access to this one.....but as you agree, let's move on....and thanks for your help.

By the way...I just saw how you get into the "settings" of spybot v 1.3......believe me...I have never been in here before. If you like, I will answer any questions about what is checked and what is not checked.

I went with method 2. All went well with download of offline registry tool.
When I come to-- "On the next prompt choose "9" Registry editor" it changes pages and prompts "What to do" "Simple registry editor"

I enter: cd Microsoft\Windows NT\CurrentVersion\Winlogon--just like example.

It gives back: (...)\Windows NT\CurrentVersion\Winlogon
as though it can't read it.
I have repeated 4 times.

Thanks for your help.

Should I start a new thread for this?

I too got stuck on the log-on screen after removing HellzLittleSpy with Spy-bot. However formatting your hard-drive is like burning the village because a child caught a cold. Believe me, I've burned many villages. The first time I got stuck in the log-on screen I booted from my winXP cd and I reinstalled windows over my current windows directory then spent most of the day doing updates. Approx fix time 6.5 hours. Hovever by overwriting my existing windows directory I managed to save my desktop settings and all my installed programs still existed in windows.

Then I got really stupid, I ran Spybot again and 'fixed' my system which started the problem all over again. Luckily I have two computers on my desk and am able to look up information on the fly while one is down.

Thank you JOE for you link to page showing System restore from Recovery Console (http://searchwincomputing.techtarget.com/tip/0,289483,sid68_gci1167895,00.html).Total fix time 45Min's. Including Internet search for the answer, and then only because I had to retype lines several times before I got the spacing correct. Line should be :
copy(space)_REGISTRY_MACHINE_SOFTWARE(...

etc...

Fortunately I remember a little dos from the olden days.

Now the important question, do I have a key-logger in my system or not? Spy-bot says I do, my spyware says I don't.

Obviously I won't be checking my bank balance on-line anytime soon.

Ominious Knowes

I have to agree with Walker. Thousands of people trust Spybot to keep them safe....NOT destroy their machines. Mine is also toast. Please quit arguing over whose fault this is....IT IS NOT OURS! I really can't afford to send my computer somewhere and have it fixed. Can we move on and find a way (if there is one) to fix this.

I recently had the same experiences with Hellz Little Spy. However, I was lucky enough to find the following site: http://www.icompute.info/System_restore_from_xp_cd.htm and it gave directions for doing a system restore from Recovery. I have Windows XP and this site worked well for me. Good Luck!
However, I still can't get Spybot to stop telling me I have Hellz Little Spy and Cool Search.

I recently had the same experiences with Hellz Little Spy. However, I was lucky enough to find the following site: http://www.icompute.info/System_restore_from_xp_cd.htm and it gave directions for doing a system restore from Recovery. I have Windows XP and this site worked well for me. Good Luck!
However, I still can't get Spybot to stop telling me I have Hellz Little Spy and Cool Search.

.....anything for win 2000 pro?

Spybot managed to disable two XP computers at us, too.

We fixed them using BartPE. Followed the instructions from here: http://windowsxp.mvps.org/peboot.htm

I think it is ridiculous that this can happen just because a user did not upgrade the software, only the definitions. I don't upgrade a software just because a new version is out. The definition ugrade process should sense the version of the software and download relevant definitions only.

The makers of Spybot should be very ashamed now.

Spybot managed to disable two XP computers at us, too.

We fixed them using BartPE. Followed the instructions from here: http://windowsxp.mvps.org/peboot.htm

I think it is ridiculous that this can happen just because a user did not upgrade the software, only the definitions. I don't upgrade a software just because a new version is out. The definition ugrade process should sense the version of the software and download relevant definitions only.

The makers of Spybot should be very ashamed now.

In all the research you did...did you notice if Bart's will work on Win 2000 Professional? It seems it is only for XP....but I'm not sure...even though I have been reading now for about 30 hours!!!!! Thanks!

I too got stuck on the log-on screen after removing HellzLittleSpy with Spy-bot. However formatting your hard-drive is like burning the village because a child caught a cold. Believe me, I've burned many villages. The first time I got stuck in the log-on screen I booted from my winXP cd and I reinstalled windows over my current windows directory then spent most of the day doing updates. Approx fix time 6.5 hours. Hovever by overwriting my existing windows directory I managed to save my desktop settings and all my installed programs still existed in windows.

Then I got really stupid, I ran Spybot again and 'fixed' my system which started the problem all over again. Luckily I have two computers on my desk and am able to look up information on the fly while one is down.

Thank you JOE for you link to page showing System restore from Recovery Console (http://searchwincomputing.techtarget.com/tip/0,289483,sid68_gci1167895,00.html).Total fix time 45Min's. Including Internet search for the answer, and then only because I had to retype lines several times before I got the spacing correct. Line should be :
copy(space)_REGISTRY_MACHINE_SOFTWARE(...

etc...

Fortunately I remember a little dos from the olden days.

Now the important question, do I have a key-logger in my system or not? Spy-bot says I do, my spyware says I don't.

Obviously I won't be checking my bank balance on-line anytime soon.

Ominious Knowes

This solution also seems to be for XP.....any knowledge of a solution for 2000 Pro?

By the way, I also got away lucky the first time. I didn't know what the crash was about (didn't connect it to a recent exclusion of Hellzlittlespy)...and was able to build from a previous system state in Norton Systemworks. Unfortunately, after the second removal of "Hellz"...Norton crapped out. (GoBack was never a stable environment)

I don't know if BartPE can fix a w2000 system. It won't hurt to try...

It probably can't be built on w2000, but you can download a burnable ISO with a t0rr3nt client: http://www.onlytorrents.com/torrent/bartpe-bootable-cd-iso-image:4ebedb3654cb25891aa792b8d9514c3b95081773

@edk--
You can edit the Windows 2000 registry with BartPE. BartPE is a standalone operating system and if your system fits the minimum hardware requirements(e.g. 160MB RAM) you should be able to boot with BartPE. It is correct that you cannot build a PE system with Windows 2000 because this system is not supported. So downloading a ready iso file could be a solution.

@walker
It is really hard to follow your posts in order to collect the necessary information. I assume you are very desperate and that you need help. As written, it is neccessary to gain some data first. So please answer the questions even if you have already given the information in some of your posts.

1. Which operating system do you use? Windows 2000 Professional?
2. You have a working Windows 2000 system available, correct?
3. Do you have ever used the Bios settings?
4. Do you have ever plugged a hard disk yourself?
5. Which file systems are used in the damaged computers? NTFS or FAT?
http://en.wikipedia.org/wiki/NTFS

Depending from your experiences it should be enough to have one working system in order to repair the other systems.

By the way, I have an old Windows 2000 Professional system here as well. If necessary I could try to fix Hellzlittlespy with Spybot 1.3 as well so that I can try some solutions myself.

@edk--
You can edit the Windows 2000 registry with BartPE. BartPE is a standalone operating system and if your system fits the minimum hardware requirements(e.g. 160MB RAM) you should be able to boot with BartPE. It is correct that you cannot build a PE system with Windows 2000 because this system is not supported. So downloading a ready iso file could be a solution.

@walker
It is really hard to follow your posts in order to collect the necessary information. I assume you are very desperate and that you need help. As written, it is neccessary to gain some data first. So please answer the questions even if you have already given the information in some of your posts.

1. Which operating system do you use? Windows 2000 Professional?
2. You have a working Windows 2000 system available, correct?
3. Do you have ever used the Bios settings?
4. Do you have ever plugged a hard disk yourself?
5. Which file systems are used in the damaged computers? NTFS or FAT?
http://en.wikipedia.org/wiki/NTFS

Depending from your experiences it should be enough to have one working system in order to repair the other systems.

By the way, I have an old Windows 2000 Professional system here as well. If necessary I could try to fix Hellzlittlespy with Spybot 1.3 as well so that I can try some solutions myself.

Thanks.....

1. Yes, Win 2000 Pro (all damaged systems the same)
2. Yes, working system available
3. Yes, I know how to get into Bios and change all the avail. settings
4. Yes, I know how to plug in a hard disk
5. Everything is NTFS

From all of this, if possible, I think the solution is to take out a bad drive and install as a secondary in the good machine....boot to the good drive. If you can tell me where the missing file came from (I know it comes from the registry/hive , etc.)...the exact folder in Win 2000 Pro, maybe I could just replace the missing line, by opening the folder and manually inserting it? I'm not sure if this is possible, as I am not at the top of this field.

Thanks again for any help.....

Correct, this is what I'm thinking. Unplug the damaged hard disk, change the jumper from master to slave and plug it in the working system.

Shame2 has already posted the same idea here:
http://forums.spybot.info/showthread.php?t=30030&page=9

As Shame2 has experienced it you should be careful. This is the reason why I'm asking the questions.

Here is a link with some screenshots with instructions how you should edit the registry:
http://windowsxp.mvps.org/peboot.htm

I know it is for Windows PE but it is similar to what you need to do. Please read the steps from 2 - 9 and ask the questions now if you don't understand a step. We will try to clarify all questions before starting the repair procedure.

Of course, it shouldn't be

C:\WINNT\system32\config\SOFTWARE

in step 3 and 8 in your case because you want to edit the damaged drive. So look for the new assigned drive letter after plugging in the damaged drive and confirm that it is the correct hive which you want to edit.

@walker
Still there? Please don't start the procedure before clarifying if there are any questions. It is obvious that you haven't sleep a lot in the last hours and so it is possible that you mistake the drive letters in some places.

By regarding step 8 you probably won't find the "Userinit" entry because this one is completely missing after the problem with the old Spybot version.


Then go to 'Edit>create new value'.
Type Userinit in the 'Name' field and make sure REG_SZ is in the 'Type' field.
Click OK and the String Editor box will open. Type or paste the path to userinit.exe in the field:
C:\Windows\system32\userinit.exe, <-XP AND don't forget the comma at the end!
C:\WINNT\system32\userinit.exe, <-Win2000 AND don't forget the comma at the end!(quoted from shame2, thanks!)

"C:\WINNT\system32\userinit.exe," only C: if C: was the drive letter as well in the damaged system. So be aware because this is different from step 3 where you only locate the damaged hive.

I don't think that it is really necessary to plug in the bad drive into another working computer. I am currently testing an alternative for walker and I think he should wait until we are finished with our tests... I think he could save a lot of time by waiting for our testresults instead of trying your solution...

I agree. If you have already finished a simple small boot disk which change the registry automatically, walker and everyone else with this problem should prefer the software solution.

Walker,
There are two solutions for your problem. The first one you can find here by "Method 4":
http://forums.spybot.info/blog.php?b=14

and the second one is described below. Please decide by yourself which variant is best for you:

An easy way to solve the problem is to use the repair installation function on your windows 2000 installation disk (you need a valid Windows 2000 key):


1. Insert the installation disk into your cd/dvd drive

2. Make sure that the boot sequence in the bios is set to "boot from cd first"

3. Start your computer and you will see the dialog "press any key to boot from cd..." please do so

4. Your computer will load a lot of stuff. When he is finished you have to choose
"To set up Windows 2000 now, press ENTER" (in the following steps you will get the possibility to repair your current windows automatically)

5. In the next step you have to confirm the Licensing Agreement by pressing "F8"

6. The computer should search for versions of Win2000 already installed on the computer. Afterwards you can choose to repair the old Windows 2000 on your system by pressing "r"


Then Windows will copy all necessary system files to your computer. Additionally it will replace all necessary registry keys and when the installation is finished you can login to the computer.

Attention: Maybe not all third-party software installed on your system will work without problems. Perhaps you have to reinstall some of these software. But all your files located on the harddisk should be available again.

I have an XP laptop & a Vista laptop. The XP I've shut down & restarted....it's toast! The Vista also had the update but I've not shut it down since the update so is that why I'm still here? I'm afraid to breathe wrong on my Vista since it's my only window to the world right now. I'm not as technically savvy as some on here so I'm not comfortable trying to fix this on the fly. Can I do a system restore on this machine (Vista) and live through it??? Any hope yet for the XP???

SlmJon: Regarding your XP box, see my earlier posts in this thread.

I've tried booting from my XP disc. Using F12, I selected boot from CD, it ignores me completely & tries to boot from HD. I can't find a way to get to the recovery console.

SlmJon:

For methods to fix the problem caused by HellzLittleSpy, see this blog entry:
Userinit Issue
http://forums.spybot.info/blog.php?b=14
There is also a suggestion by HP_XP_User (http://forums.spybot.info/member.php?u=43614) to purchase "Fix It Utilities Professional version 8" which seems to be successful in correcting the problem. See this post (http://forums.spybot.info/showpost.php?p=208934&postcount=21).

Thanks for the input. I tried the blog suggestions. Method 1 requires that the "dead" XP computer shows up on the network. It doesn't since I can't log in. Method 2 went OK until it got to "registry path"...then the program hung & would go no further. After quitting & restarting a couple of times, then it said it couldn't find a HD that had a Windows OS. That scared me enough that I stopped and have done nothing further.

Now, I'm living in total fear that my Vista machine will crash. Since it hasn't yet, is there something I can do to fix it???? Will a system restore fix the problem?

I recently had the same experiences with Hellz Little Spy. However, I was lucky enough to find the following site: http://www.icompute.info/System_restore_from_xp_cd.htm and it gave directions for doing a system restore from Recovery. I have Windows XP and this site worked well for me. Good Luck!
However, I still can't get Spybot to stop telling me I have Hellz Little Spy and Cool Search.

This site got me back online!! WoooHoooo! Thanks so much! Now I'll just have to go through more posts and find manual removal instructions for hellz little spy as Spybot is still finding it for me as well. Won't hit fix this time though... thats for sure!

Thanks so much!!
ashe

asheatl26: There is no hellzlittlespy on your computer. This is a false alarm given by Spybot 1.3.

If you are not totally disappointed in Spybot, install v1.5.2. It won't find this on your computer.

Walker,
There are two solutions for your problem. The first one you can find here by "Method 4":
http://forums.spybot.info/blog.php?b=14

and the second one is described below. Please decide by yourself which variant is best for you:

An easy way to solve the problem is to use the repair installation function on your windows 2000 installation disk (you need a valid Windows 2000 key):


1. Insert the installation disk into your cd/dvd drive

2. Make sure that the boot sequence in the bios is set to "boot from cd first"

3. Start your computer and you will see the dialog "press any key to boot from cd..." please do so

4. Your computer will load a lot of stuff. When he is finished you have to choose
"To set up Windows 2000 now, press ENTER" (in the following steps you will get the possibility to repair your current windows automatically)

5. In the next step you have to confirm the Licensing Agreement by pressing "F8"

6. The computer should search for versions of Win2000 already installed on the computer. Afterwards you can choose to repair the old Windows 2000 on your system by pressing "r"


Then Windows will copy all necessary system files to your computer. Additionally it will replace all necessary registry keys and when the installation is finished you can login to the computer.

Attention: Maybe not all third-party software installed on your system will work without problems. Perhaps you have to reinstall some of these software. But all your files located on the harddisk should be available again.

I just got a little sleep........as soon as I can function I will try this.......and report back....thanks to all who are trying to help!!

With method #4....could you set this up in a way that I can understand what to do. I created the floppy...it works...but I don't know what choice to pick...and then it says something in German...then just sits there flashing a prompt that cannot be typed on.......what to do?





Walker,
There are two solutions for your problem. The first one you can find here by "Method 4":
http://forums.spybot.info/blog.php?b=14

and the second one is described below. Please decide by yourself which variant is best for you:

An easy way to solve the problem is to use the repair installation function on your windows 2000 installation disk (you need a valid Windows 2000 key):


1. Insert the installation disk into your cd/dvd drive

2. Make sure that the boot sequence in the bios is set to "boot from cd first"

3. Start your computer and you will see the dialog "press any key to boot from cd..." please do so

4. Your computer will load a lot of stuff. When he is finished you have to choose
"To set up Windows 2000 now, press ENTER" (in the following steps you will get the possibility to repair your current windows automatically)

5. In the next step you have to confirm the Licensing Agreement by pressing "F8"

6. The computer should search for versions of Win2000 already installed on the computer. Afterwards you can choose to repair the old Windows 2000 on your system by pressing "r"


Then Windows will copy all necessary system files to your computer. Additionally it will replace all necessary registry keys and when the installation is finished you can login to the computer.

Attention: Maybe not all third-party software installed on your system will work without problems. Perhaps you have to reinstall some of these software. But all your files located on the harddisk should be available again.

....hobbyist disk ..........ok......now at promt....a lot of German........20 reboots....a lot of clicking around....questions in German......OK..........

....hobbyist disk ..........ok......now at promt....a lot of German........20 reboots....a lot of clicking around....questions in German......OK..........

Please...Continuation of this in blog.......I don't understand what dos commands you are using..........

I agree. If you have already finished a simple small boot disk which change the registry automatically, walker and everyone else with this problem should prefer the software solution.

....would you please take a look at the blog entries and try to help me? I cannot follow his dos sytem of naming and entry....but I think the format itself will work, as I have been able to get into safe mode using old files pulled up by a NTFS editor. The registry editor disk will work now as the "dirty" error is gone. But I need to get back to the current "bad registry" now...and change that one line with the registry editor. Two shut downs in safe mode did the trick....but again, I don not understand his method of dos entry.

delete delete

@Walker

Sorry, I was sleeping. So you have chosen "Method 4", the hardest fix. Didn't really saved your time.:lip:

Shame2's description is easier because booting with another Windows system allows you to use the familiar Windows interface where you don't have to use many command lines.

Anyway, you have almost finished "Method 4" then you'll have to proceed with "Method 2".

It seems that you have already done this because you can boot Windows in safe mode again.


Windows 2000:

Code:
cd c:\Winnt\system32\config
rename software software.bak
copy c:\Winnt\repair\software software

The line


rename software software.bak

is very important. If you have forgotten this line or entered it wrong it would be overwritten by the default registry if you proceed with the next line. With other words your old registry is lost if you make any mistakes here.

I will explain the command lines in order to clarify what they do.


cd c:\Winnt\system32\config (enter)
This will "open" the directory "c:\Winnt\system32\config".


rename software software.bak(enter)
This will rename your old registry filename "software" to the filename "software.bak". At this point it would be advisable to confirm that it was successful before you proceed. Eg.:

dir(enter)
This command shows the containing files of the directory. After confirming that there is a file called "software.bak" you can proceed with the next step.

copy c:\Winnt\repair\software software(enter)
This should copy the file "software" from the directory "c:\Winnt\repair" to the directory "c:\Winnt\system32\config". This syntax is a little bit different from the normal DOS syntax. Again, you can confirm if it has worked with the command:

dir(enter)
Now there should be a file called "software" and a file called "software.bak". After that you should be able to boot in Windows safe mode because now Windows should load the default registry. Reboot two times so that Windows "thinks" that the registry is OK.(to be continued)

@walker

In order to use "Method 2" for restoring your original registry we have to undo the renaming first. Again, I will explain the command lines. The procedure is explained in the blog.


Windows 2000:
Code:

cd c:\Winnt\system32\config
rename software software.oldbackup
rename software.bak software




cd c:\Winnt\system32\config (enter)
We open the directory "c:\Winnt\system32\config" again.


rename software software.oldbackup(enter)
Don't know if it is neccessary but this couldn't harm you. It will rename your default registry file "software" to "software.oldbackup".

rename software.bak software(enter)
Renaming your damaged registry file to its old name. In order to ensure that everything was entered correctly, you should use the command:

dir(enter)
There should be a file called "software" and a file called "software.oldbackup" now. The file "software.bak" shouldn't be there anymore.
Your old damaged registry is back. At this point you shouldn't boot Windows if you don't want to repeat "Method 4" again.

After that we can proceed with "Method 2". Reboot with the bootcd where you have the software "Ntpasswd".

I hope this has explained what the command lines are doing and why you have to use them. If you have any questions by regarding "Method 2" then please ask. Just tell me where exactly you need an explaination and I will try to clarify it.

By the way, it is not neccessary to use "Method 2" after beeing able to boot in Windows safe mode again. Just skip these steps:


4. restore latest Software registry key
Now boot with NTFS4Dos again.
This time we will restore the file we renamed to software.bak earlier:

Windows 2000:
Code:

cd c:\Winnt\system32\config
rename software software.oldbackup
rename software.bak software

Windows XP:
Code:

cd c:\Winnt\system32\config
rename software software.oldbackup
rename software.bak software

Remember that you now have a corrupted Registry again , so do not try to boot Windows now or the NTFS may get "dirty" again.


5. reboot directly to bootcd and apply method 2
Now follow the steps described in Method 2.
Changes should be writeable now.

edit3: corrected paths as reported by shame2
edit4: added Method 4 , removed Method 3 to save space

Then proceed as following:

1. Boot Windows 2000 in safe mode.

2. Type "regedt32" in the run prompt

3. Click on the "HKEY_LOCAL_MACHINE" window and Highlight/Select the line
HKEY_LOCAL_MACHINE with the mouse

4. Go to menu "File - load hive..."

5. Select your damaged registry file which should be in C:\windows\system32\config\software.bak

6. It will ask for a name it should load in your registry. Just choose "Test". It really doesn't matter what name you choose as long as it is not already in use. We choose "Test" so that we can easily find it later. Your damaged registry should be loaded now.

7. Navigate to the new hive which should be

HKEY_LOCAL_MACHINE\test\microsoft\windows nt\currentversion\winlogon

8. Search for the entry "userinit:..." and make a doubleclick with the mouse on it.

9. Enter this line(if your default system letter is C: )
c:\winnt\system32\userinit.exe, and confirm it with OK.

10. Now highlight/select the "Test" hive and unload it, menu "File - unload hive..."

11. Now you just have to rename the registry. So boot with "NTFS4Dos" again.

12. Execute this here:

Windows 2000:

cd c:\Winnt\system32\config
Open the folder

rename software software.oldbackup
Rename the default registry

rename software.bak software
Rename the old repaired registry to the name "software" which is normally loaded when you boot your system. After that you should be able to boot your Windows normally again. Don't forget to change the boot sequence in your bios if you don't want to boot from cd again.

I am up to #12.....I don't understand what to do here. Everything else went OK.....got into windows....it went in normally (not safe mode)...to a messed up software situation (programs had a lot of error messages but this is expected I think)...then edited as directed using regedt32. OK...shut down normally and booted to NTFS4DOS. By the way, has anyone actually looked at this disk? (it is pretty messed up in itself...but not for now).

In any case, I am at the a prompt now.....what is next?








By the way, it is not neccessary to use "Method 2" after beeing able to boot in Windows safe mode again. Just skip these steps:



Then proceed as following:

1. Boot Windows 2000 in safe mode.

2. Type "regedt32" in the run prompt

3. Click on the "HKEY_LOCAL_MACHINE" window and Highlight/Select the line
HKEY_LOCAL_MACHINE with the mouse

4. Go to menu "File - load hive..."

5. Select your damaged registry file which should be in C:\windows\system32\config\software.bak

6. It will ask for a name it should load in your registry. Just choose "Test". It really doesn't matter what name you choose as long as it is not already in use. We choose "Test" so that we can easily find it later. Your damaged registry should be loaded now.

7. Navigate to the new hive which should be

HKEY_LOCAL_MACHINE\test\microsoft\windows nt\currentversion\winlogon

8. Search for the entry "userinit:..." and make a doubleclick with the mouse on it.

9. Enter this line(if your default system letter is C: ) and confirm it with OK.

10. Now highlight/select the "Test" hive and unload it, menu "File - unload hive..."

11. Now you just have to rename the registry. So boot with "NTFS4Dos" again.

12. Execute this here:

Windows 2000:

cd c:\Winnt\system32\config
Open the folder

rename software software.oldbackup
Rename the default registry

rename software.bak software
Rename the old repaired registry to the name "software" which is normally loaded when you boot your system. After that you should be able to boot your Windows normally again. Don't forget to change the boot sequence in your bios if you don't want to boot from cd again.

"Rename the old repaired registry to the name "software" which is normally loaded when you boot your system. After that you should be able to boot your Windows normally again".

...and I don't get the above line......is this part of what you have printed out in the instructions...or something after

rename software.bak software

??????????????????????????????????

Ok, you are back in NTFS4DOS, right? Now you just have to enter the three command lines below.




cd c:\Winnt\system32\config (enter)





rename software software.oldbackup(enter)





rename software.bak software(enter)

That is all. After that you should be able to boot normally again. The rest was only a comment what we do with these commands and why we are doing this.

Code:
cd c:\Winnt\system32\config(enter)
We open the directory "c:\Winnt\system32\config" again.



Code:
rename software software.oldbackup(enter)


Code:
rename software.bak software(enter)

Then re-booted to Windows......same old version with many software errors got booted to.

Please advise.

It seems it hasn't loaded the correct registry. Please navigate in Windows and look in the folder:

c:\Winnt\system32\config

Can you find the files:

software

and

software.oldbackup

Or is there still a file called "software.bak"? Please also compare the file size of these files and tell me them. In order to see the file size make a right mouse click on the file and choose "properties".

It seems it hasn't loaded the correct registry. Please navigate in Windows and look in the folder:

c:\Winnt\system32\config

Can you find the files:

software

and

software.oldbackup

Or is there still a file called "software.bak"? Please also compare the file size of these files and tell me them. In order to see the file size make a right mouse click on the file and choose "properties".


I have;

software
software.old
software.sav

Properties gives 55.7 mb for the config folder.....it does not give each file individually but refers to the entire config folder....of which the three files are included


(also when trying from C:\winnt\system32\config
on the NTFS disk.....I get the following;
rename software software.oldbackup (not enough memory)
rename software.bak software (file not found)

Please wait a few minutes. I'm starting my Windows 2000 system in order to compare the files.

Correction;

Software is 13.4 mb
Software.old is 13.0 mb
Software.sav is 13.0 mb

I was looking at it in the hive and not as a folder.

Please wait a few minutes. I'm starting my Windows 2000 system in order to compare the files.

Thanks.......

100% software.bak is gone.....I looked at it from the individual folder in
"My Computer" also.

This is bad because it seems that you have overwritten your old damaged registry. "Method 4" is too difficult. My fault, I shouldn't have let you trying this instead of using my first suggestion to unplug the drive. There is still hope for this system. One recovery should be still there. Do you have used the registry backup option in Spybot when you have installed the software? If yes, then there should be still a backup for you. I have to search the path because I didn't have Spybot installed.

Found it. Here is the FAQ containing the information for the registry backup:
http://www.safer-networking.org/en/howto/backup.html

This is bad because it seems that you have overwritten your old damaged registry. "Method 4" is too difficult. My fault, I shouldn't have let you trying this instead of using my first suggestion to unplug the drive. There is still hope for this system. One recovery should be still there. Do you have used the registry backup option in Spybot when you have installed the software? If yes, then there should be still a backup for you. I have to search the path because I didn't have Spybot installed.

I have to agree with you on this...it certainly looks like the registry was overwritten. I have tried to load all three options and they are all basically toasted old registries.

I'll look through Spybot also...but I am getting doubtful that this is ever going to resolve. I do appreciate your help though.

I have found the reason why you have accidentally overwritten your original damaged registry. "Method 4" implies that you execute the command lines in a chronological order and only once.:sick:

Now your system is almost in the same state like using the repair installation suggested by MisterW. Aren't there any registry backups in the folder:

C:\Documents and Settings\All Users\Application Data\Spybot - Search&Destroy\Backups\
:scratch:

I have found the reason why you have accidentally overwritten your original damaged registry. "Method 4" implies that you execute the command lines in a chronological order and only once.:sick:


....it figures....don't take this the wrong way...I appreciate all you have tried to do and the time spent......the NTFS disk is also a quirky piece of shit. If you download the disk from the Avira site and boot to floppy in your Win 2000 machine, you will see what I mean. It does not go directly to the "yes" in reference to using for private use. It has a whole bunch of other stuff going on....prompts written in German......requiring what???...I don't know...it freezes....it asks over 20 bootup questions....all this is not mentioned by anyone...making me believe that no one actually looked at the disk from the download. When you try to change the directory, the original poster had a lot of mistakes in the coding......just the windows/winnt stuff was posted wrong......then we get to the A prompt and the difficulty in changing the directory in the first place. So, I probably did do something wrong........the original instructions posted were horrible...it implied that the user knows how to use dos commands....and again, the software is all f'ed up.

So, it figures that in the back-up folder of spybot nothing exists. I did get to the last folder by unchecking the boxes to see the hidden folders...nothing there.

We are both spending too much time on this......thank you for all you tried to do.

My feeling about Spybot have not changed.....nice hobbyist software for computer geeks who are into the computer as a hobby and as an educational "experience". I never should have used the software in the first place......freeware is not supported usually....it's a kid somewhere who writes some code and gets it onto the net. Spybot is a bit different because of their commercial enterprise, but the forum is not watched properly and the software is buggy to say the least.

This entire go around about going with a newer version is silly, stupid and childish. If I have working software that is continually updated...with no mention of upgrades in pop ups....why would i go out and try to get a newer version...which usually has a ton of bugs and problems and forums and questions and disasters?....I stay with what works.....v. 1.3 worked up until the update containing the malicious code......and it was malicious code, no matter what Pepi and the crew want to go with. For an update to toast a registry by removing a line that gets you into windows....that is malicious.

I am done....I will take my lumps and move on. The drive will be wiped clean and i will spend the hours necessary to get this going. No files are lost as I have access to the drive.....but Spybot you certainly Suck the big bannana!!

Chi-va...thanks for everything.....I really mean it.

I gonna get some sleep. It is really late over here. I hope you was able to find the registry backups. If not, whatever. Your system is at least running. Just install all the drivers, software and updates again. I know, it will take several hours again but at least you really have a good reason to be angry, spending over 48 hours with repairing the system.:mad:

Have a good night and at least a wonderful sunday!

P.S.: Wonderful, no backups.:sick:. Please don't forget to make a backup of your data before you wipe out the disk. I'm sorry that I wasn't helpful at all. In the next life we will just try it with unplugging the hard disk. It is much easier because you don't have to use command lines.

I gonna get some sleep. It is really late over here. I hope you was able to find the registry backups. If not, whatever. Your system is at least running. Just install all the drivers, software and updates again. I know, it will take several hours again but at least you really have a good reason to be angry, spending over 48 hours with repairing the system.:mad:

Have a good night and at least a wonderful sunday!

P.S.: Wonderful, no backups.:sick:. Please don't forget to make a backup of your data before you wipe out the disk. I'm sorry that I wasn't helpful at all. In the next life we will just try it with unplugging the hard disk. It is much easier because you don't have to use command lines.

You too....thanks again!! .....please don't say that you weren't helpful...you certainly were....at least I can get out my data....and move on quickly now!!

P.S. ...yes...I will get all my word docs., etc. out and re-install.