Stuck in Windows loop

[md usa spybot fan]

... I'm not sure what version of Spybot (should have been the latest since I did the update on Monday). I uninstalled Spybot last night. ...

Look in the Checks.yymmdd-hhmm.log or Fixes.yymmdd-hhmm.log and find out.

By default here are two Checks.yymmdd-hhmm.log files produced during a scan. The second Checks.yymmdd-hhmm.log has the details of what the scan found. A Fixes.yymmdd-hhmm.log file is produced if you fix or attempt to fix something.

If you did a "Fix selected problems" than look in the Fixes.yymmdd-hhmm.log. If not there shouldn't be a problem.
The Checks.yymmdd-hhmm.log and Fixes.yymmdd-hhmm.log files are stored in the following folder:

• Windows Vista:
  C:\ProgramData\Spybot - Search & Destroy\Logs

I looked in the Vista comparable folders & couldn't find anything close to what you said.

Please explain. I listed registry entries not folders.

Should I try a system restore?

If you are running an old version, delected HellzLittleSpy and did a fix, I suggest that you do not attempt a system restore.

 

[SlmJon]

Look in the Checks.yymmdd-hhmm.log or Fixes.yymmdd-hhmm.log and find out.

By default here are two Checks.yymmdd-hhmm.log files produced during a scan. The second Checks.yymmdd-hhmm.log has the details of what the scan found. A Fixes.yymmdd-hhmm.log file is produced if you fix or attempt to fix something.

If you did a "Fix selected problems" than look in the Fixes.yymmdd-hhmm.log. If not there shouldn't be a problem.
The Checks.yymmdd-hhmm.log and Fixes.yymmdd-hhmm.log files are stored in the following folder:

• Windows Vista:
  C:\ProgramData\Spybot - Search & Destroy\Logs

The checks log & the fixes log are both dated Jul 02 2008

Please explain. I listed registry entries not folders.

There was no winlogon (Would it be called that in Vista??)

 

[md usa spybot fan]

SlmJon:

Please post the Fixes.yymmdd-hhmm.log so that I see what version of Spybot you were running an what was fixed.

 

[rvnmaniac]

@SlmJon

If the restore point is not damaged then you can fix this problem with the restore point as well. I don't understand the benefit for you using the software Fix It because you have the Windows XP CD, don't you?

Here is an instruction for using the Windows recovery console:
http://www.housing.hawaii.edu/resources/support/restore-point.htm

Before you can boot from CD it maybe necessary to change the BIOS settings. Here are some examples how you can do this:
http://www.hiren.info/pages/bios-boot-cdrom

Do you have fixed HellzLittleSpy with Spybot 1.3 in your Vista system as well or do you have used another version. Please don't turn off your Vista system yet. It should be easy to confirm if it is corrupted or not.

I srewed up. I was following the instructions in:

http://www.housing.hawaii.edu/resources/support/restore-point.htm

Got as far as:

2. Change directory to the configuration folder to the c:\windows\system32\config folder. type: cd system32\config

3. If you have backed up the current registry you may skip this. Otherwise backup the current configuration by renaming 5 registry files. Type in the following commands (no particular order):

type: rename default default.bak
type: rename sam sam.bak
type: rename system system.bak
type: rename software software.bak
type: rename security security.bak

This will backup the current registry settings.

4. Switch to the repair folder.
type: cd\


Everytime i typed cd\ i got message like command not recognized so i typed exit to get out. I now realize that i should have had a space between cd and \ i.e. cd \

The problem now is when i went back in to do it right. I boot up to the CD enter 1 to get to the windows installation. Then it asks for administrator password. Before there was none and i would just hit enter and could continue what i was trying to do.......NOW after performing the above changes:
type: rename default default.bak
type: rename sam sam.bak
type: rename system system.bak
type: rename software software.bak
type: rename security security.bak

The computer is asking for a Adm. password and just hitting enter is not working, it continues to ask for a password......I'm screwed if i can't get inside to fix things..What could be the password now....HELP

 

[SlmJon]

I Am SOOOOO Confused Now!

Thanks, guys, for the responses. I've read so much on here & at the MS website that I'm totally confused & out of my element.

I tried the "Method 2".....didn't work.

I went out & bought Fix-It Utilities. It says I don't have any Windows partitions to work with. I know they're there somewhere cause I'm still in the logon loop (it knows my name, my computer name, shows my desktop---albeit briefly).

I really need the stuff on this computer but I'm at a loss!! I think my brain is finally pickled over all this!

Can anyone tell me something to do?????:hair:

 

[chi-va]

@rvnmaniac

It needs a password because you have change the current registry. Now the recovery console try to load a default registry which needs a password that no one knows.

In this case, we have to use another tool. Please take a look here:
http://forums.spybot.info/blog.php?b=14

We'll need "Method 4" now. Please download the neccessary software and burn them on a CD. In the meantime, I will change the steps for you and post them here.(to be continued)

@all
Be aware, these instructions from me are only for rvnmaniac. General instructions are mentioned in the blog from yodama.

 

[chi-va]

@SlmJon
Did you tried to repair your Windows XP system? How far have you come with "Method 2". Any error messages? I will stay here a few hours so that we can go through this step by step if neccessary.

 

[chi-va]

@rvnmaniac

You are using Windows XP, right?

 

[SlmJon]

When I boot to the CD, it goes through it's initial stuff then stops asking for "select partition by number". The above "list" says:
Disks:
Disk /dev/sda: 60.0 GB, 60011642880 bytes

Candidate Windows partitions found:

Then there's nothing there....the next thing is "Please select...."

@SlmJon
Did you tried to repair your Windows XP system? How far have you come with "Method 2". Any error messages? I will stay here a few hours so that we can go through this step by step if neccessary.

 

[chi-va]

@rvnmaniac

Method 4:

This Method can be used in conjunction with Method 2 to restore login. The main issue with Method 2 is that it does not work if the NTFS file system is flagged as "dirty". Method 4 will remove this:
This option is valid for both Windows 2000 and Windows XP, only paths differ on both systems.

Requirements:

* NTFS capable boot disk like NTFS4Dos
* Offline Rcovery tool from Method 2
* both tools can be found on the Ultimate Boot CD: Filesystem tools - NTFS Tools


Overview of steps:

1. Start NTFS4Dos
2. Copy and Backup of Software registry key (note: it is possible to end here)
3. reboot and shut down properly
4. restore latest Software registry key
5. reboot directly to bootcd and apply method 2


Detailed description:

1. Start NTFS4Dos
If you start NTFS4Dos from the Ultimate BootCD (~115 MB download will require CD) you will find it in Filesystem Tools - NTFS Tools
Once started you will be required to enter "yes" to confirm that you use it for personal use only.

NTFS4Dos is owned by Avira and can also be downloaded from Aviras (~1.2 MB download, will require floppy disk)website.

2. Copy and Backup of Software registry key
What you need to do here is to backup the current software registry key and copy the backup software registry key.
Enter the lines in code according to your OS.

Just follow the above steps and then we have to change something because you already have made the backups.

Windows XP:

cd c:\Winnt\system32\config                     (enter)
copy c:\Windows\repair\software software   (enter)
copy c:\Windows\repair\default default        (enter)
copy c:\Windows\repair\sam sam                (enter)
copy c:\Windows\repair\system system        (enter)
copy c:\Windows\repair\software software    (enter)
copy c:\Windows\repair\security security      (enter)

The above commands should copy the default registry from the day you have installed your Windows in the current registry. After that you should be able to boot in Windows safe mode again. From there you can either use the Windows restore point feature or proceed with editing the damage registry manually. If you want to use the second way then please tell me so that I can guide you if you like.

 

[chi-va]

@SlmJon

So this was displayed:

Disk /dev/sda: 60.0 GB, 60011642880 bytes

Have you then entered "1" and confirmed it with (enter)?

After that, "Step 2" should be displayed with the default directory:

[Windows/system32/config]

If yes, just hit the "enter" key.

Or wasn't there a default directory? Has it change to "Step 2" after finishing "Step 1"?

 

[SlmJon]

Yes, that's what was displayed. There wasn't a "1" to select but I did enter "1" anyway. It just comes back like I didn't enter anything.

@SlmJon

So this was displayed:


Have you then entered "1" and confirmed it with (enter)?

After that, "Step 2" should be displayed with the default directory:

[Windows/system32/config]

If yes, just hit the "enter" key.

Or wasn't there a default directory? Has it change to "Step 2" after finishing "Step 1"?

 

[chi-va]

@SlmJon

This is bad. So this:

Candidate Windows partitions found:

was empty, right? This means that the boot sector couldn't be found and you won't be able to use this method as well. Please tell me what you have done until now because I need to know what could have damage the boot sector. Are you sure that you can still boot Windows except of the login?

 

[SlmJon]

Yes, it's empty.

I'm guessing Windows is still there because it will boot to login then logout. If I leave it sitting at the login screen it goes to the screensaver. If I leave it too long on the DOS screen, it also goes to screensaver. Windows must be doing something?????

What I've done is:

Tried to run this #2:
Somewhere in the instructions, it said to change the boot order to use the CD. I had been using F12 to pick boot from CD. I went into setup and changed the boot order to CD first. That was OK except it warned that changing the order might change the drive letters so I changed it back & continued using F12 to boot from CD.

I tried to use Fix-It Utilities:
Booted from CD, the opening screen came up & I chose Recovery Commander. It came up with an empty directory, telling me to choose which Windows partition I wanted to use. There were none to choose.

That's all I've done. I can't get anywhere to try anything else.

I haven't started planning suicide yet since the login screen, desktop picture, screensaver seem to be working. They're controlled by Windows, right??

@SlmJon

This is bad. So this:



was empty, right? This means that the boot sector couldn't be found and you won't be able to use this method as well. Please tell me what you have done until now because I need to know what could have damage the boot sector. Are you sure that you can still boot Windows except of the login?

 

[chi-va]

Yes, Windows seems to be still there. Could it be possible that you use a Dell Computer? Anyway, if it cannot find the boot sector we won't be able to proceed with "Method 2" but we can still use "Method 4".

You have downloaded the ultimate boot CD, right? Before we are going on you should try the tool "File Maven" from the CD(File tools) in order to check if your files are still there. If you have the necessary cable you can also make a backup of your files. Are the files there? If yes, just exit "File Maven" if you don't have the cable for the backup. Tell me then you are ready to go on with "Method 4".

 

[SlmJon]

Yes, It's a Dell Inspiron 8600 running XP.

I think the program I downloaded is called Windows Registry Edit Utility Floppy. It was from the thread that had Method 1, Method2, etc. Is that the Ultimate Boot CD?

Yes, Windows seems to be still there. Could it be possible that you use a Dell Computer? Anyway, if it cannot find the boot sector we won't be able to proceed with "Method 2" but we can still use "Method 4".

You have downloaded the ultimate boot CD, right? Before we are going on you should try the tool "File Maven" from the CD(File tools) in order to check if your files are still there. If you have the necessary cable you can also make a backup of your files. Are the files there? If yes, just exit "File Maven" if you don't have the cable for the backup. Tell me then you are ready to go on with "Method 4".

 

[chi-va]

No. It was a small download file and the ultimat boot cd has a file size about 115 MB. Do you want to download the boot CD and burn it? Here is the download link:
http://www.majorgeeks.com/Ultimate_Boot_CD_d4019.html

It is not really necessary for "Method 4" because you can also only download NTFS4Dos from here:
http://www.free-av.com/en/tools/11/avira_ntfs4dos_personal.html

It would be good to have it in order to make backups.

By the way, there are other methods with user interface(knoppix) where you can connect your damage system to the network and then make a backup. Or we can just proceed with NTFS4Dos. Just tell me what you want to do.

 

[SlmJon]

Ok, you're saying I don't need the Ultimate Boot CD - just the NTFS4Dos???

Also, I'm confused about what you're saying about the backup. My network isn't recognizing the Inspiron.

No. It was a small download file and the ultimat boot cd has a file size about 115 MB. Do you want to download the boot CD and burn it? Here is the download link:
http://www.majorgeeks.com/Ultimate_Boot_CD_d4019.html

It is not really necessary for "Method 4" because you can also only download NTFS4Dos from here:
http://www.free-av.com/en/tools/11/avira_ntfs4dos_personal.html

It would be good to have it in order to make backups.

By the way, there are other methods with user interface(knoppix) where you can connect your damage system to the network and then make a backup. Or we can just proceed with NTFS4Dos. Just tell me what you want to do.

 

[md usa spybot fan]

SlmJon:
chi-va:

There are some details missing the chronology of fix attempts. There was this post in:

• Hellzlittlespy (great work guys)
  http://forums.spybot.info/showthread.php?t=30424

Thanks for the input. I tried the blog suggestions. Method 1 requires that the "dead" XP computer shows up on the network. It doesn't since I can't log in. Method 2 went OK until it got to "registry path"...then the program hung & would go no further. After quitting & restarting a couple of times, then it said it couldn't find a HD that had a Windows OS. That scared me enough that I stopped and have done nothing further. …

I believe that may be relivent to the problem that now exits.

 

[rvnmaniac]

@rvnmaniac

You are using Windows XP, right?

Yes Windows XP