WinLogon Loop...possible to run recovery console from usb thumb drive?

Ok, so I royally messed up! I had a small virus called info.exe and did a manual removal per instructions on the trendmicro site. evrything went ok except when using regedit. I was instructed to do the following:

HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Winlogon
In the right panel, locate the entry:
Userinit = "userinit.exe, %Windows%\system\svchost.exe
Right-click on the value name and choose Modify. Change the value data of this entry to:
%System%\userinit.exe

Heres where evrything went crazy. Like the true noobie I am I wrote exactly %system%\userinit.exe in regedit rather that \windows\system32\userinit.exe. Now when I start windows, I get to the LogOn screen, hit enter, cuz I dont have a password, and it starts to load saying "loading your personal settings", then it imediately says "logging off", and takes me back to the LogOn screen. I tryed logging on as administrator in normal mode and safe mode, tryed last known good config, everything, but nothing works. So my next step is recovery console and regedit in dos right? OK, heres were it gets even more tricky. My computer is a mini laptop and only has a 4gb ssd drive. No dvd drive. So running recovery console isnt so easy. Ive seen instructions on how install windows from a usb thumb drive, but I dont know if recovery console will work from a usb drive. Does anyone know? Is there such thing as a third party dos registry editor? Anyway to force windows to logon, bypassing the logon screen?  Anyone, anyone? I really dont wanna reinstall windows, so now Im looking to the experts for any other options. PLease Help!!!!!!

vinscuzzyAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
johnb6767Connect With a Mentor Commented:
This is a saved thread that I reference for people that need to do somehting similar, in terms of a manual registry recovery....

Take a look at buring one of these below tools (UBCD4WIN is ready to burn once it is downloaded). It gives you a Windows Graphical environment to make these changes...

Bart's Preinstalled Environment (BartPE) bootable live windows CD/DVD
http://www.nu2.nu/pebuilder/

UBCD4Win
http://www.ubcd4win.com

Boot to one of those utilites above, and go to the a43 Explorer utility. Navigate to the "C:\Windows\System32\Config" directory.

Rename the following files....DO NOT DELETE THEM....

Rename system to system.old
Rename software to software.old
Rename sam to sam.old
Rename security to security.old
Rename default to default.old

Go into the "System_Volume_Information" folder (if you get a "Access Denied", right click the folder and select the Security Tab, and once you highlight Everyone at teh top, select "Full Control" in the bottom. )
Select the "Restore Folder"
Then you will see folders with RP50, RP51 etc... Look for the highest number, as it is the newest one. Go into that folder and copy the following files to the "C:\Windows\System32\Config" directory.

registry_machine_system
registry_machine_software
registry_machine_security
registry_machine_sam
registry_user_.default

Now, go back to the "C:\Windows\System32\Config" directory.

Remove the "registry_machine_" from the 5 files you just copied.

Restart the machine, and remove the bootable disc you were using....

If it boots successfully, go to "System Restore" in the Help menu, and do a full restore to a few days back.... This will ensure that all of the files are restored to the proper restore point, not just the registry files you fixed....

Of course, if you just want to go through this process with just the SYSTEM file, you can do it by itself if you want. If you still get the error, or a Blue Screen of Death upon the next boot, simply go back and redo the other 4 files....
0
 
Cro0707Commented:
You can easly solve problem if your computer is on network (lan, wan).
Simply go to some other computer, run registry and go to File|Connect network registry... Point to your computer and correct problem!

Another way is that you create bootable media (you can also put this on USB drive) with BartPE: http://www.nu2.nu/pebuilder/ BartPE will give u Windows enviroment but from CD/USB where you can work with files, command prompt, etc...

Hope this help!
0
 
johnb6767Commented:
The userinit value should read.....

%systemroot%\system32\userinit,         <~~~~ notice the comma.....

If the remote registry above doesnt work, then you can use the BartPE/UBCD to get into the drive, and load the registry hive that way for a modification....

0
Receive 1:1 tech help

Solve your biggest tech problems alongside global tech experts with 1:1 help.

 
johnb6767Commented:
How to edit the registry offline using BartPE boot CD ?
http://windowsxp.mvps.org/peboot.htm

Just follow the directions in the article, about loading the SYSTEM hive, and navigate to the key and see if you can delete it that way....

You can do it either way, with BartPE, or UBCD4Win (I prefer UBCD4Windows, as it is based on BartPE, but a heck of a lot more tools on it's base image...)

Or simply slave this drive into another workstation....

What is the Ultimate Boot CD for Windows?
http://www.ubcd4win.com/

Bart's Preinstalled Environment (BartPE) bootable live windows CD/DVD
See link above......
0
 
johnb6767Commented:
"see if you can delete it that way...."

should read

"see if you can change it that way...."
0
 
vinscuzzyAuthor Commented:
ok, heres where im at now. I tried the network solution by loading regedit on another computer but my computer with the registry problems didnt show up in the network. Then I tried UBCD. I found really easy installation instructions for running off a USB thumb drive, but realized after installing on my usb card that I probably needed to get UBCD4win. I decided to try out UBCD, I finally got UBCD to boot up from the usb and was really excited when I found the Offline NT Password & Registry Editor. I thought, this was gonna be it! Until I ran it. Not the most userfriendly app in the world, but after a while, I got it to work, and actually found the userinit.exe key in the registry. I was beside myself, UNTIL.... I went to commit my changes (write them to the disk) and I got an error saying the disk was read-only!!! arrrrrrrrgh!!! So then, I started looking into UBCD4win, but got really confused with the whole building the iso with plugins, got a whole bunch of errors, and finally gave up. Its 4:30 and Im tired. Anyway, Does anyone know why UBCD wont let me write to the disk? Is there another app I have to run to unlock my drive? Thank you sooo much for all the help!!!!!!!
0
 
johnb6767Commented:
Might be best to slave this drive into another computer, if you have one, and follow the directions for reg hive loading...
0
 
vinscuzzyAuthor Commented:
johnb6767,is slaving possible if the drive is an SSD drive that it not removable? The messed up computer is a eeepc 701. One other question, is it possible to copy the software.sav file in \system32\config and rename it to software just to get winows to boot? Heres what Im thinking:
boot to UBCD and run NTFS4DOS
navigate to \windows\system32\config
copy "software" to a temp directory
rename software.sav to software
reboot?
wont doing this reinstall a copy of my registry from the 1st time I installed windows? If so, atleast the computer will start(hopefully). After this will it be possible to reimport my regisrty that I backed to the temp directory?

Again thankyou so much for all the help!!!
0
 
johnb6767Commented:
Yes, thats a possibilty....

But if using BartOPE, or UBCD4Win, you shouldnt need NTFS4DOS. They ahve builtin NTFS support, as they are based on Windows....

You might need to take ownership of the files from within the booted OS, to be able to write to them....

Think you can do that from Bart/UBCD4Win?..?..?
0
 
Computer101Commented:
Forced accept.

Computer101
EE Admin
0
All Courses

From novice to tech pro — start learning today.