1. click on your start menu and open the run dialog.
2. type "cmd" and return (note: dont enter quotes)
3. Next type "fsutil dirty query e:"
4. If the return message indicates that the volume is dirty go to step 5
5. Next type "chkdsk e: /f /x"
6. After that finshes repeat step 3.
7. If it is no longer dirty then reboot and you should notice no more
ckdisk.
If this fails to fix the problem you have to move the swap file off of the drive you are working on, (yes you can put it on a USB stick) and reboot the machine and rerun the above steps. Once the machine boots properly you can then run Defrag on the drive and once it is complete move the swap file back. This would be a perfect time for a double memory static swap file.
Thursday, February 5, 2009
Wednesday, January 7, 2009
Use this information to defrag or compress an exchange information store
http://support.microsoft.com/default.aspx?scid=kb;en-us;192185
You can use the Eseutil utility to defragment the information store and directory in Microsoft Exchange Server 5.5 and to defragment the information store in Microsoft Exchange 2000 Server and in Microsoft Exchange Server 2003. Eseutil examines the structure of the database tables and records (which can include reading, scanning, repairing, and defragmenting) the low level of the database (Ese.dll).
Eseutil is located in the Winnt\System32 folder in Exchange Server 5.5 and in the Exchsrvr/Bin folder in Exchange 2000 and in Exchange 2003. The utility can run on one database at a time from the command line.
Back to the top
MORE INFORMATIONThe defragmentation option makes used storage contiguous, eliminates unused stor...The defragmentation option makes used storage contiguous, eliminates unused storage, and compacts the database, which reduces the database's size. Eseutil copies database records to a new database. When defragmentation is complete, the original database is deleted or saved to a user-specified location, and the new version is renamed as the original. If the utility encounters a bad record, the utility stops and displays an error message.
Back to the top
Defragmenting an Exchange Server 5.5 database
Note Defragmenting a database requires free disk space equal to 110 percent of the size of the database that you want to process. To determine the actual space required, follow these steps:
Make sure that the information store service is not running.
At a command prompt, run the following command:
eseutil /ms “database.edb”
Calculate the free space by multiplying the number of free pages by 4 KB.
Subtract the figure that you obtained in step 3 from the physical size of the database.
The figure that you obtained in step 4 represents the data in the database. Multiply this figure by 110 %. The resulting figure that you obtain is the space that you need to have available to defragment the database.
Divide the figure that you obtained in step 3 by 9 GB per hour. The figure that you obtain is the approximate time that it will take to defragment the database.
Note 9 GB per hour is the speed at which the Eseutil utility runs. This number is only for reference. The exact number depends on your hardware and production environment.
To defragment the Exchange Server 5.5 database, follow these steps:
Stop the service of the database you wish to defragment by using the Services tool in Control Panel.
For the Exchange Directory database, stop the Microsoft Exchange Directory service.
For the Exchange Mailbox or Public Folder databases, stop the Microsoft Exchange Information Store service.
At the command prompt, change to the Winnt\System32 folder, and then type the eseutil /d command, a database switch, and any options that you want to use.
For example, the following command runs the standard defragmentation utility on the directory and saves the copy in the user-defined file:
C:\winnt\system32> eseutil /d /ds /tc:\dbback\tempdfrg.edb /p
Use one of the following database switches to run Eseutil on a specific database.
Option Description
----------------------------------------
/ds Directory
/ispriv Private information store
/ispub Public information store
Use one or more of the following options to specify the operations that you want to perform on the database.
Option Description
-----------------------------------------------------------------------
/b Makes a backup copy of the original uncompacted database
at the specified location.
/p Retains and preserves the original uncompacted database
in its original location and stores the new compacted
database in the default file Exchsrvr\Bin\Tempdfrg.edb.
/t Creates and renames the new compacted database in the
specified path.
/o Does not display the Microsoft Exchange Server banner.
Back to the top
Defragmenting an Exchange 2000 or Exchange 2003 database
Note Defragmenting a database requires free disk space equal to 110 percent of the size of the database being processed.
In Exchange System Manager, right-click the information store that you want to defragment, and then click Dismount Store.
At the command prompt, change to the Exchsrvr\Bin folder, and then type the eseutil /d command, a database switch, and any options that you want to use.
For example, the following command runs the standard defragmentation utility on a mailbox store database:
C:\program files\exchsrvr\bin> eseutil /d c:\progra~1\exchsrvr\mdbdata\priv1.edb
Use the following database switch to run Eseutil defragmentation on a specific database:
eseutil /d [options]
Defragmentation/Compaction
Performs off-line compaction of a database.
Syntax: eseutil /d [options]
Parameters: is the file name of the database that you want to compact.
You are not required to use any of the following options, but you can use one or more (separated by a space) to specify the operations that you want to perform on the database.
Option Description
----------------------------------------------------------------
/b Make a backup copy under the specified name
/t Set the temporary database name (the default is
Tempdfrg.edb)
/s Set the streaming file name (the default is NONE)
/f Set the temporary streaming file name (the default
is Tempdfrg.stm)
/p Preserve the temporary database (in other words,
do not instate)
/o Suppress logo
/i Do not defragment streaming file
Note If instating is disabled (for example, if you use the /p option), the original database is preserved uncompacted, and the temporary database contains the defragmented version of the database.
For more information about Exchange Server versions 4.0 and 5.0, click the following article number to view the article in the Microsoft Knowledge Base:
163627 (http://support.microsoft.com/kb/163627/ ) How to defrag an EDB file on a non-Exchange server
For more information about how to run Eseutil on a computer without Exchange Server, click the following article number to view the article in the Microsoft Knowledge Base:
244525 (http://support.microsoft.com/kb/244525/ ) How to run Eseutil on a computer without Exchange Server
The Tempdfrg.edb file is created on the logical drive from which the eseutil /d command is run unless you use the /t switch. For example, to create a Tempdfrg.edb on the root of drive D, run the following command:
D:\>eseutil /d /ispriv
You can also use the /t switch to set the name for the temp database and for a different location. For example, to create a Sample.edb on the root of drive D when you are running the eseutil command from drive C, run the following command:
C:\>eseutil /d /ispriv /td:\Sample.edb
Back to the top
--------------------------------------------------------------------------------
You can use the Eseutil utility to defragment the information store and directory in Microsoft Exchange Server 5.5 and to defragment the information store in Microsoft Exchange 2000 Server and in Microsoft Exchange Server 2003. Eseutil examines the structure of the database tables and records (which can include reading, scanning, repairing, and defragmenting) the low level of the database (Ese.dll).
Eseutil is located in the Winnt\System32 folder in Exchange Server 5.5 and in the Exchsrvr/Bin folder in Exchange 2000 and in Exchange 2003. The utility can run on one database at a time from the command line.
Back to the top
MORE INFORMATIONThe defragmentation option makes used storage contiguous, eliminates unused stor...The defragmentation option makes used storage contiguous, eliminates unused storage, and compacts the database, which reduces the database's size. Eseutil copies database records to a new database. When defragmentation is complete, the original database is deleted or saved to a user-specified location, and the new version is renamed as the original. If the utility encounters a bad record, the utility stops and displays an error message.
Back to the top
Defragmenting an Exchange Server 5.5 database
Note Defragmenting a database requires free disk space equal to 110 percent of the size of the database that you want to process. To determine the actual space required, follow these steps:
Make sure that the information store service is not running.
At a command prompt, run the following command:
eseutil /ms “database.edb”
Calculate the free space by multiplying the number of free pages by 4 KB.
Subtract the figure that you obtained in step 3 from the physical size of the database.
The figure that you obtained in step 4 represents the data in the database. Multiply this figure by 110 %. The resulting figure that you obtain is the space that you need to have available to defragment the database.
Divide the figure that you obtained in step 3 by 9 GB per hour. The figure that you obtain is the approximate time that it will take to defragment the database.
Note 9 GB per hour is the speed at which the Eseutil utility runs. This number is only for reference. The exact number depends on your hardware and production environment.
To defragment the Exchange Server 5.5 database, follow these steps:
Stop the service of the database you wish to defragment by using the Services tool in Control Panel.
For the Exchange Directory database, stop the Microsoft Exchange Directory service.
For the Exchange Mailbox or Public Folder databases, stop the Microsoft Exchange Information Store service.
At the command prompt, change to the Winnt\System32 folder, and then type the eseutil /d command, a database switch, and any options that you want to use.
For example, the following command runs the standard defragmentation utility on the directory and saves the copy in the user-defined file:
C:\winnt\system32> eseutil /d /ds /tc:\dbback\tempdfrg.edb /p
Use one of the following database switches to run Eseutil on a specific database.
Option Description
----------------------------------------
/ds Directory
/ispriv Private information store
/ispub Public information store
Use one or more of the following options to specify the operations that you want to perform on the database.
Option Description
-----------------------------------------------------------------------
/b
at the specified location.
/p Retains and preserves the original uncompacted database
in its original location and stores the new compacted
database in the default file Exchsrvr\Bin\Tempdfrg.edb.
/t
specified path.
/o Does not display the Microsoft Exchange Server banner.
Back to the top
Defragmenting an Exchange 2000 or Exchange 2003 database
Note Defragmenting a database requires free disk space equal to 110 percent of the size of the database being processed.
In Exchange System Manager, right-click the information store that you want to defragment, and then click Dismount Store.
At the command prompt, change to the Exchsrvr\Bin folder, and then type the eseutil /d command, a database switch, and any options that you want to use.
For example, the following command runs the standard defragmentation utility on a mailbox store database:
C:\program files\exchsrvr\bin> eseutil /d c:\progra~1\exchsrvr\mdbdata\priv1.edb
Use the following database switch to run Eseutil defragmentation on a specific database:
eseutil /d
Defragmentation/Compaction
Performs off-line compaction of a database.
Syntax: eseutil /d
Parameters:
You are not required to use any of the following options, but you can use one or more (separated by a space) to specify the operations that you want to perform on the database.
Option Description
----------------------------------------------------------------
/b
/t
Tempdfrg.edb)
/s
/f
is Tempdfrg.stm)
/p Preserve the temporary database (in other words,
do not instate)
/o Suppress logo
/i Do not defragment streaming file
Note If instating is disabled (for example, if you use the /p option), the original database is preserved uncompacted, and the temporary database contains the defragmented version of the database.
For more information about Exchange Server versions 4.0 and 5.0, click the following article number to view the article in the Microsoft Knowledge Base:
163627 (http://support.microsoft.com/kb/163627/ ) How to defrag an EDB file on a non-Exchange server
For more information about how to run Eseutil on a computer without Exchange Server, click the following article number to view the article in the Microsoft Knowledge Base:
244525 (http://support.microsoft.com/kb/244525/ ) How to run Eseutil on a computer without Exchange Server
The Tempdfrg.edb file is created on the logical drive from which the eseutil /d command is run unless you use the /t switch. For example, to create a Tempdfrg.edb on the root of drive D, run the following command:
D:\>eseutil /d /ispriv
You can also use the /t switch to set the name for the temp database and for a different location. For example, to create a Sample.edb on the root of drive D when you are running the eseutil command from drive C, run the following command:
C:\>eseutil /d /ispriv /td:\Sample.edb
Back to the top
--------------------------------------------------------------------------------
Use this information to defrag or compress an exchange information store
http://support.microsoft.com/default.aspx?scid=kb;en-us;192185
How to defragment with the Eseutil utility (Eseutil.exe)
var CookieDef = 'ST_GN_EN-US';function fmsLastExp(){ var visits = fetchcookieval(CookieDef); var parts = visits.split('_'); if(null == visits || parts.length != 3 || isNaN(parts[0])) { setcookieval(CookieDef, '1_0_0'); return 0; } return parseInt(parts[2]);}function fmsSurveyExpired(days){ var MiliDay = 86400000; var visits = fetchcookieval(CookieDef); var parts = visits.split('_'); if(null == visits || parts.length != 3 || isNaN(parts[0])) { setcookieval(CookieDef, '1_0_0'); return true; } var origDate = parseInt(parts[1]); var curDate = new Date(); return (curDate.getTime()/MiliDay - days) >= origDate;}function activateSiteSurvey(){ if(window.top == window && !isDomainTracking() && enableSiteSurvey && fmsSurveyExpired(fmsLastExp())) { document.write('
How to defragment with the Eseutil utility (Eseutil.exe)
Article ID: 192185 - Last Review: October 25, 2007 - Revision: 7.2 How to defragment with the Eseutil utility (Eseutil.exe)This article was previously published under Q192185 On This PageSUMMARYYou can use the Eseutil utility to defragment the information store and directory in Microsoft Exchange Server 5.5 and to defragment the information store in Microsoft Exchange 2000 Server and in Microsoft Exchange Server 2003. Eseutil examines the structure of the database tables and records (which can include reading, scanning, repairing, and defragmenting) the low level of the database (Ese.dll). Eseutil is located in the Winnt\System32 folder in Exchange Server 5.5 and in the Exchsrvr/Bin folder in Exchange 2000 and in Exchange 2003. The utility can run on one database at a time from the command line. MORE INFORMATIONThe defragmentation option makes used storage contiguous, eliminates unused storage, and compacts the database, which reduces the database's size. Eseutil copies database records to a new database. When defragmentation is complete, the original database is deleted or saved to a user-specified location, and the new version is renamed as the original. If the utility encounters a bad record, the utility stops and displays an error message. Defragmenting an Exchange Server 5.5 databaseNote Defragmenting a database requires free disk space equal to 110percent of the size of the database that you want to process. To determine the actual space required, follow these steps:
For example, the following command runs the standard defragmentation utility on the directory and saves the copy in the user-defined file: C:\winnt\system32> eseutil /d /ds /tc:\dbback\tempdfrg.edb /p Use one of the following database switches to run Eseutil on a specific database.
Use one or more of the following options to specify the operations that you want to perform on the database.
Defragmenting an Exchange 2000 or Exchange 2003 databaseNote Defragmenting a database requires free disk space equal to 110 percent of the size of the database being processed.
For example, the following command runs the standard defragmentation utility on a mailbox store database: C:\program files\exchsrvr\bin> eseutil /d c:\progra~1\exchsrvr\mdbdata\priv1.edb Use the following database switch to run Eseutil defragmentation on a specific database: eseutil /d <database_name> [options] Defragmentation/CompactionPerforms off-line compaction of a database. Syntax: eseutil /d <database_name> [options] Parameters: <database_name> is the file name of the database that you want to compact. You are not required to use any of the following options, but you can use one or more (separated by a space) to specify the operations that you want to perform on the database.
For more information about Exchange Server versions 4.0 and 5.0, click the following article number to view the article in the Microsoft Knowledge Base: 163627 (http://support.microsoft.com/kb/163627/ ) How to defrag an EDB file on a non-Exchange server For more information about how to run Eseutil on a computer without Exchange Server, click the following article number to view the article in the Microsoft Knowledge Base: 244525 (http://support.microsoft.com/kb/244525/ ) How to run Eseutil on a computer without Exchange Server The Tempdfrg.edb file is created on the logical drive from which the eseutil /d command is run unless you use the /t switch. For example, to create a Tempdfrg.edb on the root of drive D, run the following command: D:\>eseutil /d /ispriv C:\>eseutil /d /ispriv /td:\Sample.edb | Article Translations
|
Back to the top
  ©2009 Microsoft |
var CookieDef = 'ST_GN_EN-US';function fmsLastExp(){ var visits = fetchcookieval(CookieDef); var parts = visits.split('_'); if(null == visits || parts.length != 3 || isNaN(parts[0])) { setcookieval(CookieDef, '1_0_0'); return 0; } return parseInt(parts[2]);}function fmsSurveyExpired(days){ var MiliDay = 86400000; var visits = fetchcookieval(CookieDef); var parts = visits.split('_'); if(null == visits || parts.length != 3 || isNaN(parts[0])) { setcookieval(CookieDef, '1_0_0'); return true; } var origDate = parseInt(parts[1]); var curDate = new Date(); return (curDate.getTime()/MiliDay - days) >= origDate;}function activateSiteSurvey(){ if(window.top == window && !isDomainTracking() && enableSiteSurvey && fmsSurveyExpired(fmsLastExp())) { document.write('
Offsite Backup for Business
Mozy does offsite backup for 6.95 for a server license plus .50 for each gig of data
We are testing it at Select RE
We are testing it at Select RE
Tuesday, October 28, 2008
Missing security and other tabs from the properties of C drive
To fix this corruption of the OS run
At the run box or Command Prompt type "regsvr32 rshx32.dll"
At the run box or Command Prompt type "regsvr32 rshx32.dll"
Friday, October 10, 2008
Default Usernames and Password
Comcast Business Router - SMC8014
Username - cusadmin
Password - highspeed
Username - cusadmin
Password - highspeed
Friday, October 3, 2008
How to fix the logon / logoff loop problem in windows xp
I am going to copy this article from another site firstly because it is written well and secondly I don't have the time right now to write it myself. Lastly I don't want to lose the information that it holds so read on..
Gleened from http://www.logicnest.com/archives/90
I’m writing this post with the hope that it will be helpful to people who face the same computer predicament that I did a few days ago. Here’s a little bit of background information: Last Tuesday I met John Chol Daau, who is from Sudan. He grew up as one of the Lost Boys of Sudan, forced to leave his home and wander hundreds of miles through Africa to survive. If you don’t know much about this particular humanitarian issue, I suggest spending a small amount of time reading up on it. Anyway, John told me that his PC was experiencing a debilitating virus, and asked if I would look at it. I said that I would. After spending quite a bit of time reading through various website forums, here’s a short description of the problem and its solution:
Problem: The PC (which runs Windows XP with SP2) starts normally. The Windows splash screen appears correctly and then the login prompt correctly loads. You can then enter your user name and password like normal, but as soon as you try to login you are IMMEDIATELY logged back out again. The desktop doesn’t even load. It moves immediately back to the login window where you can then enter your user name and password again. No matter how many times you try to login you always experience this immediate logout. Even if you try to login to the computer in safe mode you still experience the same problem. This problem is documented on Microsoft’s website here.
Solution: I’m sure this behavior can be caused by many different problems, but the most common cause is a virus. If you’re familiar with the Windows registry, this virus changes a few registry key values that makes it impossible to login to your computer. If you’re not familiar with the registry, don’t panic. I’ll post links to a few articles that very clearly explain how to fix this problem. Basically, the virus makes two very simple changes to your computer that render it useless. In order to fix the problem, you have to change these two things back to the way they were while your computer was working.
Easy Fix: The “easy” solution to this problem can be found here. In order to use this fix you have to have your Windows XP install CD. This is the CD that contains the files necessary to install the operating system on your computer. You probably have this disk stashed in a drawer somewhere. You should note that there’s a difference between the Windows XP install CD and the recovery CD that may have shipped with your computer. It’s actually possible that when you bought your computer that it didn’t actually come with a Windows XP install CD. Sometimes computer manufacturers will only ship you a recovery disk, which is altogether different. You need your Windows XP install CD so that you can run an application called the Recovery Console. The link above should provide documentation on how to use the Recovery Console. Unfortunately, this fix didn’t work for John’s computer, but it may work for yours.
Slightly Harder Fix: This fix is the one that ended up working to fix John’s computer. A detailed explanation of this fix can be found here. It requires you to have access to another Windows PC with a CD burner (even if it’s a friend’s computer). You have to download a program called BartPE, which is one of the greatest recovery tools that exists. For this particular problem, BartPE will enable you to quickly change the two settings that the virus messed up. You may need a Windows XP install CD for this method as well. But it may be possible for the program to find what it needs from your friend’s computer without having to have access to this disk.
If you have any questions, please feel free to contact me. The above links should give you the tutorials you need to fix the problem. And if you use a PC you should use a virus protection program! If you don’t, you’re asking for trouble! Good luck!
The two sections that he links to are here.
EASY FIX
Logon - Logoff loop, also caused by BlazeFind
Another critical symptom caused by this malware: This malware modifies the Userinit area in the registry (replacing the userinit.exe with wsaupdater.exe) and Ad-Aware (with a particular definition update) removes the wsaupdater.exe file from the system, thus causing the Logon - Logoff loop. That is, when you login to Windows, the 'loading personal settings" verbose will appear, but suddenly it will logoff. This issue was documented clearly by Lavasoftusa in it's Lavahelp Knowledgebase.
Here is the solution to the logon - logoff issue in Windows XP.
Enter the Recovery Console
Boot the system using the Windows XP CD-ROM. In the first screen when the Setup begins, read the instructions press "R" (in the first screen) enter the Recovery Console. Type-in the built-in Administrator password to enter the Console. You'll see the prompt reading C:\Windows (Or any other drive-letter where you've installed XP)
Type the following command and press Enter.
CD SYSTEM32
(If that does not work, try CHDIR SYSTEM32)
COPY USERINIT.EXE WSAUPDATER.EXE
Quit Recovery Console by typing EXIT and restart Windows.
You'll be able to login successfully as you've created the wsaupdater.exe file (now, a copy of userinit.exe)
Now, change the USERINIT value in the registry (see Phase II in this page) and change it accordingly.
HARD FIX
How to edit the registry offline using BartPE boot CD ?
Published: Sep 28, 2005
Introduction
Bart's PE is a bootable live Windows CD that can be used to recover your system when in a disaster. Some situations may require you to do an offline registry editing, or modifications to the file system when you're unable to boot into Windows even from Safe Mode or Recovery Console. In such situations, BartPE boot CD is your ticket.
BartPE (Bart Preinstalled Environment) is a bootable Windows XP/Server 2003 CD-ROM, created from the original Windows installation CD. BartPE is extremely an useful tool for system maintenance and recovery. Though you may not need it immediately, create one for you and store it safely. You'll definitely need it some day or the other.
Creating a bootable CD-ROM
Visit Bart's site. See section Getting started in particular. The information given there helps you build a basic BartPE CD quickly. If you like, you can also add additional plugins (such as the ones for anti-virus, anti-spyware, disk imaging tools etc..) along with the BartPE CD.
Scenario - Incorrect registry value preventing you from logging on to your user account in Windows XP ?
In this example, a basic BartPE CD without any Plugins, has been used for illustration purposes. You may add as many Plugins as you want, depending upon your needs.
Verifying and fixing the Userinit value in the registry
If your PC is a victim of the Malware discussed in this article, and unable to login to your profile, then you'll need to fix the registry as discussed there. As you're unable to login, registry modification can only be done from a remote system, or via offline registry editing. This article discusses about offline registry editing.
Insert the BartPE CD into the drive, and boot the system from the CD. Once the file loading phase is over, the Bart PE desktop will be visible, as shown in Figure 1.
Type Regedit.exe in the prompt, and press Enter. Select the HKEY_USERS hive
From the File menu, choose the Load Hive option. Browse to your Windows installation drive, for example the following location:
C:\Windows\System32\Config\
Select the file named SOFTWARE (the file without any extensions), and click Open
Type a name for the hive that you've loaded now. (Example: MyXPHive)
Now the SOFTWARE hive is loaded, and present under the HKEY_USERS base hive.
In order to fix the Userinit value in the loaded hive, navigate to the following location:
HKEY_USERS \ MyXPHive \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon
Double-click Userinit and set it's value correctly. Example: Set it's data as follows:
C:\Windows\System32\Userinit.exe,
(Include the trailing comma also. The above assumes that Windows is installed in C:\Windows, and Userinit.exe file is actually present in the System32 folder. You may want to verify that as well.)
After entering the correct data, you MUST unload the Hive. To do so, select MyXPHive branch, and then in the File menu, choose Unload Hive. It's important to note that you'll need to select the MyXPHive branch first, before unloading it.
Quit BartPE and restart Windows. See if you're able to logon to your profile.
Credits
BartPE is an excellent recovery and maintenance utility. If this tool has helped you, you may consider a donation for their excellent work, and to support the development of PE Builder. See Donations section in their site. BartPE is Copyright (c) 2000-2005 by Bart Lagerweij.
Gleened from http://www.logicnest.com/archives/90
I’m writing this post with the hope that it will be helpful to people who face the same computer predicament that I did a few days ago. Here’s a little bit of background information: Last Tuesday I met John Chol Daau, who is from Sudan. He grew up as one of the Lost Boys of Sudan, forced to leave his home and wander hundreds of miles through Africa to survive. If you don’t know much about this particular humanitarian issue, I suggest spending a small amount of time reading up on it. Anyway, John told me that his PC was experiencing a debilitating virus, and asked if I would look at it. I said that I would. After spending quite a bit of time reading through various website forums, here’s a short description of the problem and its solution:
Problem: The PC (which runs Windows XP with SP2) starts normally. The Windows splash screen appears correctly and then the login prompt correctly loads. You can then enter your user name and password like normal, but as soon as you try to login you are IMMEDIATELY logged back out again. The desktop doesn’t even load. It moves immediately back to the login window where you can then enter your user name and password again. No matter how many times you try to login you always experience this immediate logout. Even if you try to login to the computer in safe mode you still experience the same problem. This problem is documented on Microsoft’s website here.
Solution: I’m sure this behavior can be caused by many different problems, but the most common cause is a virus. If you’re familiar with the Windows registry, this virus changes a few registry key values that makes it impossible to login to your computer. If you’re not familiar with the registry, don’t panic. I’ll post links to a few articles that very clearly explain how to fix this problem. Basically, the virus makes two very simple changes to your computer that render it useless. In order to fix the problem, you have to change these two things back to the way they were while your computer was working.
Easy Fix: The “easy” solution to this problem can be found here. In order to use this fix you have to have your Windows XP install CD. This is the CD that contains the files necessary to install the operating system on your computer. You probably have this disk stashed in a drawer somewhere. You should note that there’s a difference between the Windows XP install CD and the recovery CD that may have shipped with your computer. It’s actually possible that when you bought your computer that it didn’t actually come with a Windows XP install CD. Sometimes computer manufacturers will only ship you a recovery disk, which is altogether different. You need your Windows XP install CD so that you can run an application called the Recovery Console. The link above should provide documentation on how to use the Recovery Console. Unfortunately, this fix didn’t work for John’s computer, but it may work for yours.
Slightly Harder Fix: This fix is the one that ended up working to fix John’s computer. A detailed explanation of this fix can be found here. It requires you to have access to another Windows PC with a CD burner (even if it’s a friend’s computer). You have to download a program called BartPE, which is one of the greatest recovery tools that exists. For this particular problem, BartPE will enable you to quickly change the two settings that the virus messed up. You may need a Windows XP install CD for this method as well. But it may be possible for the program to find what it needs from your friend’s computer without having to have access to this disk.
If you have any questions, please feel free to contact me. The above links should give you the tutorials you need to fix the problem. And if you use a PC you should use a virus protection program! If you don’t, you’re asking for trouble! Good luck!
The two sections that he links to are here.
EASY FIX
Logon - Logoff loop, also caused by BlazeFind
Another critical symptom caused by this malware: This malware modifies the Userinit area in the registry (replacing the userinit.exe with wsaupdater.exe) and Ad-Aware (with a particular definition update) removes the wsaupdater.exe file from the system, thus causing the Logon - Logoff loop. That is, when you login to Windows, the 'loading personal settings" verbose will appear, but suddenly it will logoff. This issue was documented clearly by Lavasoftusa in it's Lavahelp Knowledgebase.
Here is the solution to the logon - logoff issue in Windows XP.
Enter the Recovery Console
Boot the system using the Windows XP CD-ROM. In the first screen when the Setup begins, read the instructions press "R" (in the first screen) enter the Recovery Console. Type-in the built-in Administrator password to enter the Console. You'll see the prompt reading C:\Windows (Or any other drive-letter where you've installed XP)
Type the following command and press Enter.
CD SYSTEM32
(If that does not work, try CHDIR SYSTEM32)
COPY USERINIT.EXE WSAUPDATER.EXE
Quit Recovery Console by typing EXIT and restart Windows.
You'll be able to login successfully as you've created the wsaupdater.exe file (now, a copy of userinit.exe)
Now, change the USERINIT value in the registry (see Phase II in this page) and change it accordingly.
HARD FIX
How to edit the registry offline using BartPE boot CD ?
Published: Sep 28, 2005
Introduction
Bart's PE is a bootable live Windows CD that can be used to recover your system when in a disaster. Some situations may require you to do an offline registry editing, or modifications to the file system when you're unable to boot into Windows even from Safe Mode or Recovery Console. In such situations, BartPE boot CD is your ticket.
BartPE (Bart Preinstalled Environment) is a bootable Windows XP/Server 2003 CD-ROM, created from the original Windows installation CD. BartPE is extremely an useful tool for system maintenance and recovery. Though you may not need it immediately, create one for you and store it safely. You'll definitely need it some day or the other.
Creating a bootable CD-ROM
Visit Bart's site. See section Getting started in particular. The information given there helps you build a basic BartPE CD quickly. If you like, you can also add additional plugins (such as the ones for anti-virus, anti-spyware, disk imaging tools etc..) along with the BartPE CD.
Scenario - Incorrect registry value preventing you from logging on to your user account in Windows XP ?
In this example, a basic BartPE CD without any Plugins, has been used for illustration purposes. You may add as many Plugins as you want, depending upon your needs.
Verifying and fixing the Userinit value in the registry
If your PC is a victim of the Malware discussed in this article, and unable to login to your profile, then you'll need to fix the registry as discussed there. As you're unable to login, registry modification can only be done from a remote system, or via offline registry editing. This article discusses about offline registry editing.
Insert the BartPE CD into the drive, and boot the system from the CD. Once the file loading phase is over, the Bart PE desktop will be visible, as shown in Figure 1.
Type Regedit.exe in the prompt, and press Enter. Select the HKEY_USERS hive
From the File menu, choose the Load Hive option. Browse to your Windows installation drive, for example the following location:
C:\Windows\System32\Config\
Select the file named SOFTWARE (the file without any extensions), and click Open
Type a name for the hive that you've loaded now. (Example: MyXPHive)
Now the SOFTWARE hive is loaded, and present under the HKEY_USERS base hive.
In order to fix the Userinit value in the loaded hive, navigate to the following location:
HKEY_USERS \ MyXPHive \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon
Double-click Userinit and set it's value correctly. Example: Set it's data as follows:
C:\Windows\System32\Userinit.exe,
(Include the trailing comma also. The above assumes that Windows is installed in C:\Windows, and Userinit.exe file is actually present in the System32 folder. You may want to verify that as well.)
After entering the correct data, you MUST unload the Hive. To do so, select MyXPHive branch, and then in the File menu, choose Unload Hive. It's important to note that you'll need to select the MyXPHive branch first, before unloading it.
Quit BartPE and restart Windows. See if you're able to logon to your profile.
Credits
BartPE is an excellent recovery and maintenance utility. If this tool has helped you, you may consider a donation for their excellent work, and to support the development of PE Builder. See Donations section in their site. BartPE is Copyright (c) 2000-2005 by Bart Lagerweij.
Subscribe to:
Posts (Atom)