Trouble navigating through registry editor.

Try looking for help here if you are having problems with the Ultimate Boot CD.

Moderators: Icecube, StopSpazzing

Locked
Message
Author
Tofu777
Posts: 4
Joined: Mon Feb 16, 2009 6:28 am

Trouble navigating through registry editor.

#1 Post by Tofu777 » Mon Feb 16, 2009 6:41 am

Hey guys, I am having the problem explained here

http://www.hmtech.ca/xp-logs-login/

How exactly do I "navigate to the Userinit key"?

Thanks in advance :D

Icecube
Posts: 1278
Joined: Fri Jan 11, 2008 2:52 pm
Contact:

#2 Post by Icecube » Mon Feb 16, 2009 8:08 am

Use Offline password and registry editor on UBCD to edit or view the registry.
Download Ultimate Boot CD v5.0: http://www.ultimatebootcd.com/download.html
Use Parted Magic for handling all partitioning task: http://partedmagic.com/

Tofu777
Posts: 4
Joined: Mon Feb 16, 2009 6:28 am

#3 Post by Tofu777 » Mon Feb 16, 2009 8:31 am

Yeah I will get that far but then locating that file is where I get lost

Icecube
Posts: 1278
Joined: Fri Jan 11, 2008 2:52 pm
Contact:

#4 Post by Icecube » Mon Feb 16, 2009 8:56 am

Run the registry editor of Offline password and registry editor.
Look at: http://www.governmentsecurity.org/articles/WindowsNTRegistryTutorial.php to see which hive file you need to load.

I your case you need to view HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit, which is located in the %systemroot%\SYSTEM32\CONFIG\SOFTWARE hive file.

I just searched a little bit on the internet to find it :wink: .
Download Ultimate Boot CD v5.0: http://www.ultimatebootcd.com/download.html
Use Parted Magic for handling all partitioning task: http://partedmagic.com/

Tofu777
Posts: 4
Joined: Mon Feb 16, 2009 6:28 am

#5 Post by Tofu777 » Wed Feb 18, 2009 7:22 am

Thank you for your time and patience, this is really confusing for me :) but I'm not exactly sure how to even navigate that far, I pressed enter a few times to get past the first few questions then I press 9 to get to the registry editor, at least I'm guessing that's where I need to be to do all this. Sorry that It's taking me so long to understand all this!

Icecube
Posts: 1278
Joined: Fri Jan 11, 2008 2:52 pm
Contact:

#6 Post by Icecube » Wed Feb 18, 2009 9:20 am

Select the right hard drive.
Select which part of the registry to load, ...:
[1]: software

9 Registry editor, now with full write support.
What to do? [1] -> 9

> cd Microsoft
\Microsoft> cd Windows NT
\Microsoft\Windows NT> cd CurrentVersion
\Microsoft\Windows NT\CurrentVersion> cd Winlogon
(..)\Windows NT\CurrentVersion\Winlogon> cat Userinit
Value <Userinit> of type REG_SZ, data length 68 [0x44]
C:\WINDOWS\system32\userinit.exe,


If the value of Userinit didn't change, you just have to replace the file 'C:\WINDOWS\system32\userinit.exe' with a virus free copy (recovery console).
If it did change from name
You can type

Code: Select all

ed Userinit

to set the value to:

Code: Select all

C:\WINDOWS\system32\userinit.exe,


Press ? if you need any help for the commands.
ls will display subkeys & values
cat will show the value of a key
ed allows you to edit a value of a key
cd will change the current key (cd .. will bring you back a level higher)
Download Ultimate Boot CD v5.0: http://www.ultimatebootcd.com/download.html
Use Parted Magic for handling all partitioning task: http://partedmagic.com/

Tofu777
Posts: 4
Joined: Mon Feb 16, 2009 6:28 am

#7 Post by Tofu777 » Wed Feb 18, 2009 6:33 pm

Thanks a TON! :D

Locked