Hellzlittlespy (great work guys)
- Thread starter walker
- Start date
@Walker
Sorry, I was sleeping. So you have chosen "Method 4", the hardest fix. Didn't really saved your time.:lip:
Shame2's description is easier because booting with another Windows system allows you to use the familiar Windows interface where you don't have to use many command lines.
Anyway, you have almost finished "Method 4" then you'll have to proceed with "Method 2".
It seems that you have already done this because you can boot Windows in safe mode again.
The line
is very important. If you have forgotten this line or entered it wrong it would be overwritten by the default registry if you proceed with the next line. With other words your old registry is lost if you make any mistakes here.
I will explain the command lines in order to clarify what they do.
(enter)
This will "open" the directory "c:\Winnt\system32\config".
(enter)
This will rename your old registry filename "software" to the filename "software.bak". At this point it would be advisable to confirm that it was successful before you proceed. Eg.:
(enter)
This command shows the containing files of the directory. After confirming that there is a file called "software.bak" you can proceed with the next step.
(enter)
This should copy the file "software" from the directory "c:\Winnt\repair" to the directory "c:\Winnt\system32\config". This syntax is a little bit different from the normal DOS syntax. Again, you can confirm if it has worked with the command:
(enter)
Now there should be a file called "software" and a file called "software.bak". After that you should be able to boot in Windows safe mode because now Windows should load the default registry. Reboot two times so that Windows "thinks" that the registry is OK.(to be continued)
Sorry, I was sleeping. So you have chosen "Method 4", the hardest fix. Didn't really saved your time.:lip:
Shame2's description is easier because booting with another Windows system allows you to use the familiar Windows interface where you don't have to use many command lines.
Anyway, you have almost finished "Method 4" then you'll have to proceed with "Method 2".
It seems that you have already done this because you can boot Windows in safe mode again.
The line
Code:
rename software software.bakis very important. If you have forgotten this line or entered it wrong it would be overwritten by the default registry if you proceed with the next line. With other words your old registry is lost if you make any mistakes here.
I will explain the command lines in order to clarify what they do.
Code:
cd c:\Winnt\system32\configThis will "open" the directory "c:\Winnt\system32\config".
Code:
rename software software.bakThis will rename your old registry filename "software" to the filename "software.bak". At this point it would be advisable to confirm that it was successful before you proceed. Eg.:
Code:
dirThis command shows the containing files of the directory. After confirming that there is a file called "software.bak" you can proceed with the next step.
Code:
copy c:\Winnt\repair\software softwareThis should copy the file "software" from the directory "c:\Winnt\repair" to the directory "c:\Winnt\system32\config". This syntax is a little bit different from the normal DOS syntax. Again, you can confirm if it has worked with the command:
Code:
dirNow there should be a file called "software" and a file called "software.bak". After that you should be able to boot in Windows safe mode because now Windows should load the default registry. Reboot two times so that Windows "thinks" that the registry is OK.(to be continued)
@walker
In order to use "Method 2" for restoring your original registry we have to undo the renaming first. Again, I will explain the command lines. The procedure is explained in the blog.
(enter)
We open the directory "c:\Winnt\system32\config" again.
(enter)
Don't know if it is neccessary but this couldn't harm you. It will rename your default registry file "software" to "software.oldbackup".
(enter)
Renaming your damaged registry file to its old name. In order to ensure that everything was entered correctly, you should use the command:
(enter)
There should be a file called "software" and a file called "software.oldbackup" now. The file "software.bak" shouldn't be there anymore.
Your old damaged registry is back. At this point you shouldn't boot Windows if you don't want to repeat "Method 4" again.
After that we can proceed with "Method 2". Reboot with the bootcd where you have the software "Ntpasswd".
I hope this has explained what the command lines are doing and why you have to use them. If you have any questions by regarding "Method 2" then please ask. Just tell me where exactly you need an explaination and I will try to clarify it.
In order to use "Method 2" for restoring your original registry we have to undo the renaming first. Again, I will explain the command lines. The procedure is explained in the blog.
Code:
cd c:\Winnt\system32\configWe open the directory "c:\Winnt\system32\config" again.
Code:
rename software software.oldbackupDon't know if it is neccessary but this couldn't harm you. It will rename your default registry file "software" to "software.oldbackup".
Code:
rename software.bak softwareRenaming your damaged registry file to its old name. In order to ensure that everything was entered correctly, you should use the command:
Code:
dirThere should be a file called "software" and a file called "software.oldbackup" now. The file "software.bak" shouldn't be there anymore.
Your old damaged registry is back. At this point you shouldn't boot Windows if you don't want to repeat "Method 4" again.
After that we can proceed with "Method 2". Reboot with the bootcd where you have the software "Ntpasswd".
I hope this has explained what the command lines are doing and why you have to use them. If you have any questions by regarding "Method 2" then please ask. Just tell me where exactly you need an explaination and I will try to clarify it.
Last edited:
By the way, it is not neccessary to use "Method 2" after beeing able to boot in Windows safe mode again. Just skip these steps:
Then proceed as following:
1. Boot Windows 2000 in safe mode.
2. Type "regedt32" in the run prompt
3. Click on the "HKEY_LOCAL_MACHINE" window and Highlight/Select the line
with the mouse
4. Go to menu "File - load hive..."
5. Select your damaged registry file which should be in C:\windows\system32\config\software.bak
6. It will ask for a name it should load in your registry. Just choose "Test". It really doesn't matter what name you choose as long as it is not already in use. We choose "Test" so that we can easily find it later. Your damaged registry should be loaded now.
7. Navigate to the new hive which should be
8. Search for the entry "userinit:..." and make a doubleclick with the mouse on it.
9. Enter this line(if your default system letter is C: )
10. Now highlight/select the "Test" hive and unload it, menu "File - unload hive..."
11. Now you just have to rename the registry. So boot with "NTFS4Dos" again.
12. Execute this here:
Windows 2000:
Open the folder
Rename the default registry
Rename the old repaired registry to the name "software" which is normally loaded when you boot your system. After that you should be able to boot your Windows normally again. Don't forget to change the boot sequence in your bios if you don't want to boot from cd again.
Then proceed as following:
1. Boot Windows 2000 in safe mode.
2. Type "regedt32" in the run prompt
3. Click on the "HKEY_LOCAL_MACHINE" window and Highlight/Select the line
Code:
HKEY_LOCAL_MACHINE4. Go to menu "File - load hive..."
5. Select your damaged registry file which should be in C:\windows\system32\config\software.bak
6. It will ask for a name it should load in your registry. Just choose "Test". It really doesn't matter what name you choose as long as it is not already in use. We choose "Test" so that we can easily find it later. Your damaged registry should be loaded now.
7. Navigate to the new hive which should be
Code:
HKEY_LOCAL_MACHINE\test\microsoft\windows nt\currentversion\winlogon8. Search for the entry "userinit:..." and make a doubleclick with the mouse on it.
9. Enter this line(if your default system letter is C: )
and confirm it with OK.
10. Now highlight/select the "Test" hive and unload it, menu "File - unload hive..."
11. Now you just have to rename the registry. So boot with "NTFS4Dos" again.
12. Execute this here:
Windows 2000:
Code:
cd c:\Winnt\system32\config
Code:
rename software software.oldbackup
Code:
rename software.bak software
Last edited:
I am up to #12.....I don't understand what to do here. Everything else went OK.....got into windows....it went in normally (not safe mode)...to a messed up software situation (programs had a lot of error messages but this is expected I think)...then edited as directed using regedt32. OK...shut down normally and booted to NTFS4DOS. By the way, has anyone actually looked at this disk? (it is pretty messed up in itself...but not for now).
In any case, I am at the a prompt now.....what is next?
In any case, I am at the a prompt now.....what is next?
"Rename the old repaired registry to the name "software" which is normally loaded when you boot your system. After that you should be able to boot your Windows normally again".
...and I don't get the above line......is this part of what you have printed out in the instructions...or something after
rename software.bak software
??????????????????????????????????
...and I don't get the above line......is this part of what you have printed out in the instructions...or something after
rename software.bak software
??????????????????????????????????
Ok, you are back in NTFS4DOS, right? Now you just have to enter the three command lines below.
(enter)
(enter)
(enter)
That is all. After that you should be able to boot normally again. The rest was only a comment what we do with these commands and why we are doing this.
Code:
cd c:\Winnt\system32\config
Code:
rename software software.oldbackup
Code:
rename software.bak softwareThat is all. After that you should be able to boot normally again. The rest was only a comment what we do with these commands and why we are doing this.
Code:
cd c:\Winnt\system32\config(enter)
We open the directory "c:\Winnt\system32\config" again.
Code:
rename software software.oldbackup(enter)
Code:
rename software.bak software(enter)
Then re-booted to Windows......same old version with many software errors got booted to.
Please advise.
cd c:\Winnt\system32\config(enter)
We open the directory "c:\Winnt\system32\config" again.
Code:
rename software software.oldbackup(enter)
Code:
rename software.bak software(enter)
Then re-booted to Windows......same old version with many software errors got booted to.
Please advise.
It seems it hasn't loaded the correct registry. Please navigate in Windows and look in the folder:
Can you find the files:
software
and
software.oldbackup
Or is there still a file called "software.bak"? Please also compare the file size of these files and tell me them. In order to see the file size make a right mouse click on the file and choose "properties".
Code:
c:\Winnt\system32\configCan you find the files:
software
and
software.oldbackup
Or is there still a file called "software.bak"? Please also compare the file size of these files and tell me them. In order to see the file size make a right mouse click on the file and choose "properties".
I have;
software
software.old
software.sav
Properties gives 55.7 mb for the config folder.....it does not give each file individually but refers to the entire config folder....of which the three files are included
(also when trying from C:\winnt\system32\config
on the NTFS disk.....I get the following;
rename software software.oldbackup (not enough memory)
rename software.bak software (file not found)
Last edited:
Thanks.......
100% software.bak is gone.....I looked at it from the individual folder in
"My Computer" also.
Last edited:
This is bad because it seems that you have overwritten your old damaged registry. "Method 4" is too difficult. My fault, I shouldn't have let you trying this instead of using my first suggestion to unplug the drive. There is still hope for this system. One recovery should be still there. Do you have used the registry backup option in Spybot when you have installed the software? If yes, then there should be still a backup for you. I have to search the path because I didn't have Spybot installed.
Last edited:
Found it. Here is the FAQ containing the information for the registry backup:
http://www.safer-networking.org/en/howto/backup.html
http://www.safer-networking.org/en/howto/backup.html
I have to agree with you on this...it certainly looks like the registry was overwritten. I have tried to load all three options and they are all basically toasted old registries.
I'll look through Spybot also...but I am getting doubtful that this is ever going to resolve. I do appreciate your help though.
I have found the reason why you have accidentally overwritten your original damaged registry. "Method 4" implies that you execute the command lines in a chronological order and only once.
....it figures....don't take this the wrong way...I appreciate all you have tried to do and the time spent......the NTFS disk is also a quirky piece of shit. If you download the disk from the Avira site and boot to floppy in your Win 2000 machine, you will see what I mean. It does not go directly to the "yes" in reference to using for private use. It has a whole bunch of other stuff going on....prompts written in German......requiring what???...I don't know...it freezes....it asks over 20 bootup questions....all this is not mentioned by anyone...making me believe that no one actually looked at the disk from the download. When you try to change the directory, the original poster had a lot of mistakes in the coding......just the windows/winnt stuff was posted wrong......then we get to the A prompt and the difficulty in changing the directory in the first place. So, I probably did do something wrong........the original instructions posted were horrible...it implied that the user knows how to use dos commands....and again, the software is all f'ed up.
So, it figures that in the back-up folder of spybot nothing exists. I did get to the last folder by unchecking the boxes to see the hidden folders...nothing there.
We are both spending too much time on this......thank you for all you tried to do.
My feeling about Spybot have not changed.....nice hobbyist software for computer geeks who are into the computer as a hobby and as an educational "experience". I never should have used the software in the first place......freeware is not supported usually....it's a kid somewhere who writes some code and gets it onto the net. Spybot is a bit different because of their commercial enterprise, but the forum is not watched properly and the software is buggy to say the least.
This entire go around about going with a newer version is silly, stupid and childish. If I have working software that is continually updated...with no mention of upgrades in pop ups....why would i go out and try to get a newer version...which usually has a ton of bugs and problems and forums and questions and disasters?....I stay with what works.....v. 1.3 worked up until the update containing the malicious code......and it was malicious code, no matter what Pepi and the crew want to go with. For an update to toast a registry by removing a line that gets you into windows....that is malicious.
I am done....I will take my lumps and move on. The drive will be wiped clean and i will spend the hours necessary to get this going. No files are lost as I have access to the drive.....but Spybot you certainly Suck the big bannana!!
Chi-va...thanks for everything.....I really mean it.
Last edited:
I gonna get some sleep. It is really late over here. I hope you was able to find the registry backups. If not, whatever. Your system is at least running. Just install all the drivers, software and updates again. I know, it will take several hours again but at least you really have a good reason to be angry, spending over 48 hours with repairing the system.
Have a good night and at least a wonderful sunday!
P.S.: Wonderful, no backups.. Please don't forget to make a backup of your data before you wipe out the disk. I'm sorry that I wasn't helpful at all. In the next life we will just try it with unplugging the hard disk. It is much easier because you don't have to use command lines.
Have a good night and at least a wonderful sunday!
P.S.: Wonderful, no backups.
. Please don't forget to make a backup of your data before you wipe out the disk. I'm sorry that I wasn't helpful at all. In the next life we will just try it with unplugging the hard disk. It is much easier because you don't have to use command lines.