Please Help Spybot Community Logon, Logoff Loop

[Egemna]

After running a scan on Spybot 1.3 I encountered the extremely annoying log on/off loop. Currently, I have tried nearly every solution, from Bart PE, boot up disk, and even tried to run a 'system recovery' all to no avail. Everything failed, eventually I used my other computer's hard drive to access my files and found out that I'm actually missing almost every key on the Winlogon registry tree. Now my only question is does anyone know how to recover or restore these keys?

Any other solutions aside from the ones I mentioned would also be helpful.

Operation System: Windows XP Home Edition 2002 Service Pack 3
If any other information is needed please ask

[spybotsandra]

Hello,

Please have a look at this blog we have just written about this problem:
http://forums.spybot.info/blog.php?b=14
That should help to solve it. :-)

Best regards
Sandra
Team Spybot

[Egemna]

Hi forgot to mention that I've read that entire page already, thanks anyways Sandra but I haven't been able to fix the problem with any of those solutions.

If anyone knows any place where a computer automatically backups and saves a registry, that would be extremely helpful. As I could just pop the one Winlogon keys into my registry.

[chi-va]

Hi,

do you use the same Windows system on the other working computer as well? If yes, then it is possible to just import the Winlogon key from the working computer with a slight modification.

Can you tell me which changes you have already done with which tools? Is the userinit.exe entry still missing in the damaged registry?

[Egemna]

Hi thanks for replying Chi-Va, my current operating system is Professional however, I still have access to another computer that is Home Edition.

I have 2 hard drives on this computer, a F: and C:

I have been unable to make any changes with any tools except with Regedt. In which I uploaded the old F:\ ntuser hive to my current registry. I then proceeded to restored the Userinit.exe registry key but when it didn't fix my problem I removed it.

Realizing after wards that I was missing almost every other key in the Winlogon folder, I tried importing keys from one hard drive to another but that failed for reasons now made obvious to me (Different Operating Systems).

Your help is much appreciated

[chi-va]

I'm still not sure what you have done so far. It is difficult for me to find a solution as long as I don't know if the damaged registry is still there or if you have maybe accidentally deleted the old registry.

Is F: the removed drive with the damaged registry? However editing ntuser.dat won't fix the problem. It would explain, why Winlogon was almost empty. I would
suggest to use the backups and undo everything what you have tried yet.

This would be the instruction for repairing the registry with a second working system(I would prefer to use a BartPE CD if you are able to build one with the second system).
Plug the damaged drive in the second system and boot with your working system.

1. Type "regedit" in the run prompt

2. Navigate to the path "HKEY_LOCAL_MACHINE" and Highlight/Select the line

HKEY_LOCAL_MACHINE

3. Go to menu "File - load hive..."

4. Select your damaged registry file which should be in your case:

F:\Windows\system32\config\software

(only if F: is the removed system partition of the damaged Windows XP Professional system. If you have renamed the file "software" with any of the suggested tools from the blog then you should choose the renamed file(software.bak).)

5. Windows should ask you for a name it should load the hive in your current registry. Just choose "Test". It really doesn't matter what name you choose as long as it is not already in use. We choose "Test" so that we can easily find it later. Your damaged registry should be loaded now.

6. Navigate to the new hive which should be

HKEY_LOCAL_MACHINE\Test\microsoft\windows nt\currentversion\winlogon

Each click on the "+" should open a subfolder. Open all the subfolder from "Test" to "Winlogon".

7. Search for the entry "userinit:..." and make a doubleclick with the mouse on it. If userinit is missing choose in the regedit menu "Edit->New" and select this:

String Value (Reg_SZ)

Give it the name:

Userinit

Hit "Enter"

8. Enter this line if the path for userinit.exe is wrong or missing

c:\Windows\system32\userinit.exe,

and confirm it with OK.

(Only Drive C: if C: is the original path of the Windows XP Pro system. Change the path if it is another drive letter!)

9. Now highlight/select the "Test" hive and unload it, menu "File - unload hive..." After that "...\Test\..." should be unloaded.

(10. Rename the file software.bak to software. Windows will load the registry hive which is named software not software.bak, etc.)

Shutdown the system remove the drive and put it back to the damaged system.

Edit:You cannot import the registry that easily. As written some modifications are necessary. This is not a matter of Pro or Home version.