Hi, so I guess i visited a site with a virus, and S&D started asking if i wanted to block a whole bunch of values, and I wasn't sure what any of these values were, so I just hit "deny change" for all of them

I just realized when I started up my computer that it didn't load after I typed in the password, and I realized that userinit.exe was blocked. I ran userinit.exe from the Run menu, and my computer started up.

so basically my question is: How do I allow a value that I previously said for S&D to deny? How do I stop S&D from blocking userinit.exe?


thanks for any feedback

Hello,

Please right-click the Resident icon in the system tray "Spybot S&D resident" and select "Settings". There you will find 4 lists for remembered decisions (allowed/denied processes and registry changes). In order to remove an entry just click on the cross next to it. TeaTimer will then "forget" this decision and you will be asked again the next time.

Best regards
Sandra
Team Spybot

Hi Sandra, I followed your instructions but now when I log into my XP account, it immediately logs me out before I can do anything, before anything loads. I can't even log in to disable Spyboy S&D. How can I shut down S&D without logging in? i can't even use my computer because i can't log in

thanks for any feedback.

Hi bugmento,

what about this:
Try to start your computer in safe and dis-able TeaTimer or do whatever you like there.

You said that you perhaps visited a site with a virus. Are you sure to be free of Malware?


Best regards,
-Matt-

Hi bugmento,

what about this:
Try to start your computer in safe and dis-able TeaTimer or do whatever you like there.

You said that you perhaps visited a site with a virus. Are you sure to be free of Malware?


Best regards,
-Matt-


Hi Matt, how do I start my computer in Safe Mode? I have XP and I don't know where the screen to start in Safe Mode is.

And to answer your second question, I'm pretty sure I dont have malware on my computer, because S&D or my other anti-spyware programs would have detected it, plus I dont think malware would make my account log out immediately after logging in.

Hi bugmento,

If Windows XP is the only operating system installed on your computer, booting into Safe Mode with these instructions.

* If the computer is running, shut down Windows, and then turn off the power
* Wait 30 seconds, and then turn the computer on.
* Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
* Ensure that the Safe mode option is selected.
* Press Enter. The computer then begins to start in Safe mode.
* When you are finished with all troubleshooting, close all programs and restart the computer as you normally would.

;)

Best regards,
-Matt-

Hi bugmento,

If Windows XP is the only operating system installed on your computer, booting into Safe Mode with these instructions.

* If the computer is running, shut down Windows, and then turn off the power
* Wait 30 seconds, and then turn the computer on.
* Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
* Ensure that the Safe mode option is selected.
* Press Enter. The computer then begins to start in Safe mode.
* When you are finished with all troubleshooting, close all programs and restart the computer as you normally would.

;)

Best regards,
-Matt-

Hi Matt, so i just tried booting in Safe Mode, as well as Last Working mode or whatever its called, and Safe Mode with Command Prompt. None of them allowed me to get into my account without logging out immediately. They would take me to the login screen and there would be

Administrator
and
My account

I tried logging into both Administrator and my account, and both had the same problem: Log in and log out immediately.

Any suggestions? I'm still just trying to disable teatimer.exe or the whole Spybot so I can just log in.

thanks,

Ryan

Hi bugmento,

I don't know if I'm going to say something very stupid now (please correct me if needed), but as far as I know, Spybot or TeaTimer will never load when starting your computer in safe mode. Safe mode should only start Windows, nothing else.

So I ask myself, how should TeaTimer block userinit.exe it it isn't loaded?

Can you give us an file path of userinit.exe ?

I'll think about your problem... :scratch:


Best regards,
-Matt-

Hi bugmento,

I'm back again. :)

Boot into the "Safe Mode Menu" again and try "Last known good configuration", and see if that works.

Unless someone else knows a fix, and as a last resort you could try a repair install from the XP CD.
Perhaps this can help you too: http://support.microsoft.com/kb/307545/EN-US/


Best regards,
-Matt-

Hi,

I suppose that the correct registry entry for userinit is not set anymore probably because the Teatimer has prevented it once. Now it doesn't matter if the Teatimer is running or not. As long as the registry entry is not set correctly you won't be able to log in.

The solution is to manually set the entry for userinit. The best chance was when you was still able to use the Run menu but this is to late now.

Please read this blog from a Team Spybot member and choose one method in order to repair the registry:

http://forums.spybot.info/blog.php?b=14

After repairing the registry and rebooting the Teatimer could ask you about userinit again. Please allow the change this time.

hey matt, chi-va, thanks for all the feedback. chi-va, the link you gave in your post seems to pretty accurately describe my problem, so i guess I have to network another computer to mine to fix it. To do this, would I just plug a network cable into my computer and the other end into another computer? because i can't create a network from "network connections" since I can't even log in.

thanks,
ryan

In order to use method 1 you will need a network switch, or a router, or a hub or a crossover cable. Apart from that, it is probably necessary to configurate the network because your broken system doesn't seem to be in a network yet.

In this case, please modify method 1 by using a live operatings system like Windows PE( customised version BartPE).
http://windowsxp.mvps.org/peboot.htm

Okay so I'm trying method 1, but when I get to "Connect Network Registry", i can detect my computer, named "Ryan", but when it asks for username/password for an account with administrator rights, I type in the username/password for my only account, "R" and the right password, and it says it "the following error occurred...blah blah..access is denied"

Im thinking this is because since my computer can't log in without immediately logging out, my account can't stay logged in so the 2nd computer I'm networked to can't detect it.

So basically, the only way for me to fix the registry is to create the Boot CD and stick that in my computer and start it up?

thanks

It may be possible that there are some remote registry service restrictions or the service is not running. Like written, I suggest to use the BartPE boot CD.

Just create the CD, insert it in the broken system and change the boot sequence in your Bios if it is necessary. The provided link gives you a good instruction what you have to do step by step.

http://windowsxp.mvps.org/peboot.htm

If you have any problems with creating the BootCD e.g. if you don't have a Windows XP CD then please try method 2.

Warning: Method 2 and similar methods are risky because they are only using command lines where you see less warning messages.
So it may be possible that you overwrite your original registry without beeing able to recover it. Unless you understand what
each command line is doing I highly recommend to prefer repair methods with a grafical user interface.

Okay so I just tried to create a Boot CD from the instructions provided on the link you gave, but the thing is

1.) I don't have access to a computer with XP install files
and
2.) I don't have an XP install CD.

I tried to create the Boot CD from a computer with Vista, and obviously it didn't detect any XP install files, and I didnt have an XP install CD to put it for it to scan.

So basically, since I don't have any XP things for the PE Builder program to get the XP install files from, I can't make the Boot CD.

So, i'm back to method 1. But the thing about method 1, in the
http://forums.spybot.info/blog.php?b=14 example,
the screenshot shows that the IP address was typed, as opposed to the name of the computer, which I kept typing in that box that asked for the name of the object. Is there a way to find the IP address of the computer (with the userinit.exe registry problem) using the computer its connected to?
(I just connected the 2 computers with an ethernet crossover cable)


if this method doesn't work for me, then the only thing i can do is totally wipe my computer and restart it from when i bought it, so thats why i'm really trying to get this to work.

thanks for any feedback,

ryan

PS, would the CDs that rewrite my computer from when i bought it, the Toshiba Recovery and Applications CDs, have XP install files on them? if they did i guess i could try using those with the PE builder.

As written, using method 1 could be difficult if the network is not properly configurated. There are networking tools for finding the IP address. E.g.: http://www.radmin.de/download/ipscan15.exe
(Advanced IP Scanner v1.5 from radmin)

Are there any reasons why you are ignoring the other methods from the blog?


2. Method : Offline registry tools and password resetter
Requirements:
This tool requires a 2nd computer to download and create a bootcd, there are no further requirements.

The download can be found here
Download size is about 3 MB, which is quite small and makes this method recomendable

OEM CDs and Recovery CDs are not suitable for creating Windows PE.
Once the CD is created the userinit affected computer needs to be started with this CD.

After the boot procedure has been completed, the system asks for the boot partition.
Usually the choice would be "1".
In my example it is "2".

Screenshot 1

After that the path to the registry is asked. By default the correct path is already given, so this can be accepted by pressing the enter key.

Screenshot 2

Next choose "2" : RecoveryConsole parameters [software]

Screenshot 3
On the next prompt choose "9" Registry editor

Screenshot 4
The system now enters a bash console like navigation for the Software key of the Registry.
Following commands may be helpful:
Code:

note that Names are case sensitive
ls - will list the current key contents
cd <$keyname> - will open the key given in <$keyname>
cd .. - will go up one layer of the key structure
ed <$valuename> - will open prompt to edit the value specified in <$valuename>

So entering:
Code:

cd Microsoft\Windows NT\CurrentVersion\Winlogon

Will lead you to the required location.
Screenshot 5
The command ls will list the contents.
Type
Code:

ed Userinit

Screenshot 6

Now enter the required Data for the Userinit Value:
Code:

for Windows XP
c:\windows\system32\userinit.exe,

for Windows 2000
c:\winnt\system32\userinit.exe,

Screenshot 7

With the following command the Data of the Userinint Value can be confirmed:
Code:

cat Userinit

Screenshot 8

If the data is correct you can now enter q to quit the registry editor mode.
Enter q again to exit the Software Hive.
You will now be prompted to save, enter y to save.

Screenshot 9

After that a prompt for a new run appears, enter n for no.
Screenshot 10
Reboot normally and log on to Windows.

It is quite safe as long as you don't have to use method 4 as well.

OEM CDs and Recovery CDs are not suitable for making a Windows PE CD.

I looked over all the methods provided in the blog and only method 1 doesn't require a boot CD. methods 2 and 4 (i didn't see a 3) both require the boot CD, which i don't have the resources (ie Windows XP install CD) to create.

so pretty much i think method 1 is the only one that I can possibly do. I'll try that IP address finder program you provided to try to get the IP address of the problem computer with the 2nd computer its connected to.

thanks,
ryan

There seem to be a misunderstanding.


This tool requires a 2nd computer to download and create a bootcd, there are no further requirements.

The download can be found here:
http://home.eunet.no/~pnordahl/ntpasswd/
Download size is about 3 MB, which is quite small and makes this method recomendable

Once the CD is created the userinit affected computer needs to be started with this CD.

As you can see it, it is not the same as Windows PE. Just download the tool and make a bootable cd with it. A Windows XP cd is not necessary for this procedure.

PS.: Excuse me for the wrong quotation. "OEM CDs and Recovery CDs are not suitable for creating Windows PE." It was mixup after editing the last post. This line was not in the original blog. Please follow the original instructions from the blog. There are also screenshots which could help you to fix the problem.

YESSSSSS so i tried method 2, created the boot CD, and followed all the steps, and now I can log in without XP logging out immediately. When i first booted up, SpybotS&D asked me if i wanted to allow a whole bunch of changes, and I clicked "Allow change" for all of them. I just restarted again and it seems like my computers working just about fine now.

Thanks so much for all your help chi-va, the links and feedback really were great.

thanks again,
ryan