After running a scan on Spybot 1.3 I encountered the extremely annoying log on/off loop. Currently, I have tried nearly every solution, from Bart PE, boot up disk, and even tried to run a 'system recovery' all to no avail. Everything failed, eventually I used my other computer's hard drive to access my files and found out that I'm actually missing almost every key on the Winlogon registry tree. Now my only question is does anyone know how to recover or restore these keys?

Any other solutions aside from the ones I mentioned would also be helpful.

Operation System: Windows XP Home Edition 2002 Service Pack 3
If any other information is needed please ask

Hello,

Please have a look at this blog we have just written about this problem:
http://forums.spybot.info/blog.php?b=14
That should help to solve it. :-)

Best regards
Sandra
Team Spybot

Hi forgot to mention that I've read that entire page already, thanks anyways Sandra but I haven't been able to fix the problem with any of those solutions.

If anyone knows any place where a computer automatically backups and saves a registry, that would be extremely helpful. As I could just pop the one Winlogon keys into my registry.

Hi,

do you use the same Windows system on the other working computer as well? If yes, then it is possible to just import the Winlogon key from the working computer with a slight modification.

Can you tell me which changes you have already done with which tools? Is the userinit.exe entry still missing in the damaged registry?

Hi thanks for replying Chi-Va, my current operating system is Professional however, I still have access to another computer that is Home Edition.

I have 2 hard drives on this computer, a F: and C:

I have been unable to make any changes with any tools except with Regedt. In which I uploaded the old F:\ ntuser hive to my current registry. I then proceeded to restored the Userinit.exe registry key but when it didn't fix my problem I removed it.

Realizing after wards that I was missing almost every other key in the Winlogon folder, I tried importing keys from one hard drive to another but that failed for reasons now made obvious to me (Different Operating Systems).

Your help is much appreciated

I'm still not sure what you have done so far. It is difficult for me to find a solution as long as I don't know if the damaged registry is still there or if you have maybe accidentally deleted the old registry.

Is F: the removed drive with the damaged registry? However editing ntuser.dat won't fix the problem. It would explain, why Winlogon was almost empty. I would
suggest to use the backups and undo everything what you have tried yet.

This would be the instruction for repairing the registry with a second working system(I would prefer to use a BartPE CD if you are able to build one with the second system).
Plug the damaged drive in the second system and boot with your working system.

1. Type "regedit" in the run prompt

2. Navigate to the path "HKEY_LOCAL_MACHINE" and Highlight/Select the line

HKEY_LOCAL_MACHINE

3. Go to menu "File - load hive..."

4. Select your damaged registry file which should be in your case:

F:\Windows\system32\config\software

(only if F: is the removed system partition of the damaged Windows XP Professional system. If you have renamed the file "software" with any of the suggested tools from the blog then you should choose the renamed file(software.bak).)

5. Windows should ask you for a name it should load the hive in your current registry. Just choose "Test". It really doesn't matter what name you choose as long as it is not already in use. We choose "Test" so that we can easily find it later. Your damaged registry should be loaded now.

6. Navigate to the new hive which should be

HKEY_LOCAL_MACHINE\Test\microsoft\windows nt\currentversion\winlogon

Each click on the "+" should open a subfolder. Open all the subfolder from "Test" to "Winlogon".

7. Search for the entry "userinit:..." and make a doubleclick with the mouse on it. If userinit is missing choose in the regedit menu "Edit->New" and select this:

String Value (Reg_SZ)

Give it the name:

Userinit

Hit "Enter"

8. Enter this line if the path for userinit.exe is wrong or missing

c:\Windows\system32\userinit.exe,

and confirm it with OK.

(Only Drive C: if C: is the original path of the Windows XP Pro system. Change the path if it is another drive letter!)

9. Now highlight/select the "Test" hive and unload it, menu "File - unload hive..." After that "...\Test\..." should be unloaded.

(10. Rename the file software.bak to software. Windows will load the registry hive which is named software not software.bak, etc.)

Shutdown the system remove the drive and put it back to the damaged system.

Edit:You cannot import the registry that easily. As written some modifications are necessary. This is not a matter of Pro or Home version.

Thanks Chi-Va the looping problem is fixed now was just editing the wrong registry hive. However, I can't get into my old account, instead microsoft just creates a new account with generic user settings and a new My Documents folder that is named Egemna.EGEMNA and every time I run a system restore and login it just makes a new folder named for example Egemna.EGEMNA000.

Thanks for helping to solve my problem, but do you have any idea how this new problem could have occured?

PS: I did change the permission on the old files, could that be causing the error?

I'm glad that you have fixed the logon problem.:)

There are several reasons what could cause the problem with your account. Damaged registry, logged registry, wrong ntuser.dat and also wrong
permissions. Maybe there are more possibilities. If I were you I won't try to mess up the system anymore by trying to locate the
reason. Just copy your old user account and everything should be fine. Please don't delete your old user account until
you are 100% sure that everything works.

How to copy data from a corrupted user profile to a new profile in Windows XP:
http://support.microsoft.com/?scid=kb%3Ben-us%3B811151&x=15&y=14

How to take ownership of a file or folder in Windows XP:
http://support.microsoft.com/?scid=kb%3Ben-us%3B308421&x=6&y=9

P.S.: Since Spybot S&D 1.5.20 there is a similar problem reported.E.g.:
Spybot 1.6 locking user registry hives
http://forums.spybot.info/showthread.php?t=33102

Hi Chi-Va hate to bother you with this after you've helped me so much, but after reading the (http://support.microsoft.com/?scid=k...1151&x=15&y=14) link I tried to copy the necessary files to a new account but was unable to copy the ntuser registry anywhere yet, I can still upload the hive. Also the permission for the entire user account has been changed so that I can accesses all other files.

Any advice?

I see, but you shouldn't copy ntuser anyway.

Copy files to the new user profile

Step 4. Press and hold down the CTRL key while you click each file and subfolder in this folder, except the following files:

• Ntuser.dat
• Ntuser.dat.log
• Ntuser.ini

That means it is important not to copy these files. There will be a new ntuser for the new account.

Thank you! Computer is fully operational finally.

Thank you! Computer is fully operational finally.


I am glad to hear everything is settled now. :bigthumb: I will direct anyone that is having the exact issue like you did to try the solutions in this thread. :) Thanks for letting us know of your results!!