Can't boot after v1.5.2 installation

[Steve_C]

Maybe I posted in the wrong thread, I've been at this for days and my eyes are shot.

I chose "Method #2, Offline registry tools and password resetter" posted by Yodama

All went well with download of offline registry tool.
When I come to-- "On the next prompt choose "9" Registry editor" it changes pages and prompts "What to do" "Simple registry editor"

I enter: cd Microsoft\Windows NT\CurrentVersion\Winlogon--just like example.

It gives back: (...)\Windows NT\CurrentVersion\Winlogon
as though it can't read it.
I have repeated 4 times.

Has anyone used this method?

Thanks for your help.

[Yodama]

I enter: cd Microsoft\Windows NT\CurrentVersion\Winlogon--just like example.

It gives back: (...)\Windows NT\CurrentVersion\Winlogon
as though it can't read it.
I have repeated 4 times.

Hello Steve_C,

your progress with this method is correct so far,
this

Code:

(...)\Windows NT\CurrentVersion\Winlogon

shows that you have navigated to the required registry key.
you just need to continue.

by entering

Code:

ls

the contents (Keys and Values) of Winlogon will then be listed.

with

Code:

cat Userinit

you can view what data is present in Userinit

with

Code:

ed Userinit

you will be able to change the data for Userinit

[walker]

....but what can be done about the two safe mode visits if the volume is "dirty"? As you know, you cannot get into safe mode. So, the software will not write to the disk...reading it as "read only". Do you have the solution to this?....or any other idea....as Method #2 was the only one for Win 2000 not on a network. I have now put approx. 20 hours into this....and still have 3 disabled machines.

By the way, I was able to get all the way through the ISO file...but it won't change the registry values as it is perceiving that it cannot write.

If you have any ideas, I'll even remove the drive from the machine and put it in the only machine that works here.

[Yodama]

....but what can be done about the two safe mode visits if the volume is "dirty"? As you know, you cannot get into safe mode. So, the software will not write to the disk...reading it as "read only". Do you have the solution to this?....or any other idea....as Method #2 was the only one for Win 2000 not on a network. I have now put approx. 20 hours into this....and still have 3 disabled machines.

By the way, I was able to get all the way through the ISO file...but it won't change the registry values as it is perceiving that it cannot write.

If you have any ideas, I'll even remove the drive from the machine and put it in the only machine that works here.

If the boot disc tells you that you will have to reboot into windows safe mode twice so it can write, then you should follow that instruction.

To get into Windows safe mode you need to press F8 after the Bios screen and before the graphical Windows boot screen.
Choose to boot into safe mode, if it is not present press F8 again.
After Windows has booted into safe mode (do not try to login), restart the computer properly:
choose to "shut down" then "restart". If you do not see the option for shutting down click the options button.
repeat this procedure, then boot from the bootcd from method 2, it is now possible to write the changes.

[walker]

I appreciate the quick answer.....but I believe a boot into safe mode is impossible with the missing file (removed by hellzlittlespy error).

If I could get into safe mode I could fix the problem.

[Yodama]

I appreciate the quick answer.....but I believe a boot into safe mode is impossible with the missing file (removed by hellzlittlespy error).

If I could get into safe mode I could fix the problem.

in this case it is not about logging in to Windows safe mode, it is sufficient to get the login screen, then shut down properly (this has to be done twice).

This is about the file system, if you restart Windows by means like the reset switch or ctrl+alt+del the file system will be flagged as "dirty" and cannot be written with the bootcd from method 2.

[walker]

in this case it is not about logging in to Windows safe mode, it is sufficient to get the login screen, then shut down properly (this has to be done twice).

This is about the file system, if you restart Windows by means like the reset switch or ctrl+alt+del the file system will be flagged as "dirty" and cannot be written with the bootcd from method 2.

Yes, but getting into Safe Mode is part of the loop...so what is considered a proper shut down?....just shutting off the power??....there is no box to check to say....Shut Down........it is going to be a hard shut down no matter what.

(I'm trying to say...you don't get a login screen because that is in the loop)

...by the way...anything here that could help?
http://www.ntfs.com/boot-disk-dos.htm

I tried this...but I can't figure out what to do. I also purchased $40 worth of a recovery program.....but the recovery points were removed by Norton....so ng.

[Steve_C]

I chose "Method #2, Offline registry tools and password resetter" posted by Yodama

Thanks again Yodama for your help and quick response.

What a relief. (so that's what my desktop looks like) What an ordeal.
You were right, I should have kept going. I couldn't read the next screen shot until you pointed it out.

It's been a long week, but I learned a lot--even learned to almost like my notebook--saved me this time.

Oh well, time to start backing up the old desktop--HO!
where have I heard that before?

Steve_C

[shame2]

ATTN Yodama
as you seem to be reading the forum now
Please correct the mistakes in your blog.
http://forums.spybot.info/blog.php?b=14
All your paths for Windows2000 are incorrect and will not work for those users.
eg
"for Windows 2000
c:\windowsnt\......."
Should be
"for Windows 2000
c:\winnt\......."

Terminator,
I didn't intend to 'slander' anyone.
'Team Members' posting 'ideas' without having first replicated the problem and then fixed it, are wasting people's time.
The blog has errors that I pointed out yesterday and that remain uncorrected today and which if followed will just waste more people's time.
Also some posters are promoting commercial $oftware here as a fix. Circling sharks? No slander. There's blood in the water.

Editing the registry from another NT(w2k,xp - vista(?)OS installation would be the quickest way for people who have a network setup or who are prepared to physically remove the affected drive and slave it to a working box.
I tried the latter after reading this page:

http://smallvoid.com/article/winnt-o...stry-edit.html

(Note: the paths to the files/registry-hives in step 4 in the above page relate to Windows2000 eg:
winnt/system32/config/software
For XP just substitute windows for winnt).

However, I didn't read step 4 properly on that page and loaded the wrong hive. Being smart I assumed (wrongly) that I should load the file/hive 'ntuser.dat' from my admin profile which I did and the key was there but the entry wasn't so I added it, put the drive back in it's own box and of course still had the logon loop so I just used my backup disk image I'd made a few hours before and moved on - problem fixed, time wasted and work lost.
In hindsight I should have loaded the hive: \system32\config\SOFTWARE (I think) and fixed the registry entry in there.
That's the extensionless file C:\Windows\system32\config\SOFTWARE <-XP
and C:\WINNT\system32\config\SOFTWARE <-Windows2000

Read the above page link and the following extra notes might help.

Start>Run and type regedt32
(Regedt32.exe is here: C:\WINDOWS\system32\regedt32.exe <-XP
and here: C:\WINNT\system32\regedt32.exe <-Windows 2000)

In Regedt32 make sure 'View' is set to 'Tree and Data' and 'Security>Permissions' has 'Read' & 'Full Control' checked.

When you have the hive loaded and named it something obvious (like STUFFUP) navigate to & highlight the key:
Software\Microsoft\Windows NT\CurrentVersion\Winlogon in the left pane
(If there's another key named WINDOWSNT, it's NOT that one, it's as above: Windows NT).
Then go to 'Edit>create new value'.
Type Userinit in the 'Name' field and make sure REG_SZ is in the 'Type' field.
Click OK and the String Editor box will open. Type or paste the path to userinit.exe in the field:
C:\Windows\system32\userinit.exe, <-XP AND don't forget the comma at the end!
C:\WINNT\system32\userinit.exe, <-Win2000 AND don't forget the comma at the end!

Unload the hive and close regedt32.
If you've jumper slaved the drive don't forget to move the drive jumper back to master before you put it back in its box.

Now, I did this in the wrong hive as I said so I haven't verified that it works. But if the value gets written then it should be good to go.

Maybe someone from Safer Networking can check these steps, make sure it works and post it as a sticky (and somehow GET it to ALL your users along with other working methods).
Those who are capable can do it themselves and those who are not could print it out and take it to their local computer mr.fixit or competent friend. Shouldn't take a few minutes to fix with the RIGHT instructions.