1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

XP Repair Install gone to hell...

Discussion in 'Windows XP' started by noeticsage, 2007/04/11.

  1. 2007/04/29
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    If you don't mind, would you zip and send me a copy of C:\Hives\Windows1\system.old, C:\Hives\Windows3\system and C:\Windows\system32\config\system

    noahdfear@msn.com
     
  2. 2007/04/29
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Would you also try to start the Windows1 OS using 'Enable VGA Mode' please.
     

  3. to hide this advert.

  4. 2007/04/29
    noeticsage

    noeticsage Inactive Thread Starter

    Joined:
    2007/04/08
    Messages:
    48
    Likes Received:
    0
    No luck. The repair install never even started after the initial extraction of files.
     
  5. 2007/04/29
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    I have finally just found where the certificate(s) and certificate information is stored. I'll play with it some to see if I can find a way to put it to use for resolving your encryption problem. May be a few days ;)
     
  6. 2007/04/29
    Rockster2U

    Rockster2U Geek Member

    Joined:
    2002/04/01
    Messages:
    3,181
    Likes Received:
    9
    Another Comment from the Gallery ..... How come this doesn't surprise me?
    The New Bremen Bulldog has an insatiable appetite. Nice work Dave - a real pleasure following this thread.

    ;)
     
  7. 2007/04/30
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    ROFLMAO :D

    Thanks Rockster :cool:
     
  8. 2007/05/06
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    I've been unable to find a viable solution to removing the encryption on a file from another operating system/user account. :(

    I'm also doubting that it would work after using the System hive in the way that we previously did. I do think that the problem booting the original system, even after a repair install, is driver related, and I would be happy to customize a copy of the original System hive for you in an attempt to get it working again, which is what I had in mind when I asked you to send me copies of the hives. I can only assume, since I didn't receive them, that you are unwilling to send me those files, and if so, I can detail what I had in mind to try, and you can take it from there. ;)
     
  9. 2007/05/06
    noeticsage

    noeticsage Inactive Thread Starter

    Joined:
    2007/04/08
    Messages:
    48
    Likes Received:
    0
    I must have missed the part where you asked me to send you the hives. I can send them over, as I'm not sure there's any legitimate security threat posed by you ;) If it's pretty easy for me to customize the system hive I can do that, otherwise let me know where to send them to you. Also, I'm not sure if we could try to get Windows 1 to boot again normally instead of using safe mode, because I think there may have been something prohibiting me using encryption in safe mode. Since I was unable to encrypt a new file using safe mode this would make sense. Let me know what you suggest.

    Thanks again for all your diligence!:D
     
  10. 2007/05/06
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Mailto info
    http://www.windowsbbs.com/showpost.php?p=344477&postcount=81

    I think that if you replace all of the files in the Windows folder, the Windows\system32 folder, and the Windows\system32\drivers folder (after making backups of course) with copies from the Windows3 directory, then use the ControlSet info from System hive 3 in the System hive 1, you may get a successful normal boot. There may be considerable editing to do in the hives, as well as looking for other possible files to copy over.

    As mentioned, I don't think decrypting is possible even if we got a normal boot while using the edited System 3 hive. Remember that you also had to use the Sam and Security hives? Those hives contain user and system information that is very particular to the installation, and despite being able to edit your way into logging onto the original Sage profile, I believe that the user ID will still be tied to the Windows3 operating system.
     
  11. 2007/05/06
    noeticsage

    noeticsage Inactive Thread Starter

    Joined:
    2007/04/08
    Messages:
    48
    Likes Received:
    0
    OK. If a normal boot won't help then should we just focus on the SAM and SECURITY files? I couldn't boot to Windows 1 after I made all of the SYSTEM file changes until I copied the SAM and SECURITY files over. I really don't care if I can boot to Windows 1 anymore unless it helps me decrypt that file. Would you like me to send those files over still, or what can we do with SAM and SECURITY?

    ALSO: Before I did the repair install just a few days ago I did a complete registry backup of Windows 1. I know this isn't in the same format as the registry hives, but if there's any way I can just import that back in to get Windows 1 to the state it was before the repair install attempt let me know.
     
    Last edited: 2007/05/06
  12. 2007/05/06
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Send the files. Nothing we can do with the Sam and Security files. The originals need to be used, which means using the bulk of the original System hive, editing only the services loaded, path of files linked to and files used, etc.

    I don't know if you've tried yet, but you cannot see anything within the Sam or Security hives when you load them, no more than you can when viewing the Sam and Security keys under HKLM. You need system permissions to even see what's in those keys, much less edit them. There's an entire hierarchy of subkeys and values. Below is a glimpse. ;)

    HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Builtin\Aliases\Names\Administrators
    HKEY_LOCAL_MACHINE\SECURITY\SAM\Domains\Account\Users\Names\Administrator

    Once I get the hives edited, I'll send them back along with more specific instructions pertaining to what changes need to be made in the Windows file system.
     
  13. 2007/05/06
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Boot to Windows2.
    Rename C:\Windows folder to C:\Windowsold. Create a new folder named C:\Windows.
    Open C:\Windows3, click Edit>Select All then Edit>Copy.
    Open the new empty C:\Windows folder and paste.
    Open the C:\Windows\system32 folder and delete the config folder.
    Open C:\Windowsold\system32, right click and copy the config folder.
    Open C:\Windows\system32 and paste the config folder. Open the config folder and delete all files, leaving only the systemprofile folder.
    Open C:\Hives\Windows1 and copy all but the System and System.sav files, then paste them into the C:\Windows\system32\config folder.
    Copy the System and System.sav files I sent from the C:\Hives folder to the C:\Windows\system32\config folder.
    If you have the original wpa.dbl and wpa.bak files from Windows1, delete the ones in C:\Windows\system32 and replace them, else restore the originals from the recycle bin. If you don't have the originals at all, then just delete the current ones from C:\Windows\system32. At most, it should only prompt you to re-activate the installation upon bootup.
    Create a new empty text file in C:\Windows named test.

    Reboot and attempt to logon to Windows1. If successful, verify by clicking Start>Run, then type %systemroot% and hit enter. See if the test.txt file is present. Verify that you are logged onto the original profile as well. Try to decrypt.
     
  14. 2007/05/06
    noeticsage

    noeticsage Inactive Thread Starter

    Joined:
    2007/04/08
    Messages:
    48
    Likes Received:
    0
    No go. The system boots to a black screen with a pointer again, and automatically restarts in about 5-10 seconds. I made sure I did every step correctly, so hopefully I did. I used the wpa.dbl from the recycle bin which was still there from deleting it before the repair install attempted last week.
     
  15. 2007/05/07
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Try using an F8 bootup to Windows1, selecting 'Disable Automatic Restart' to see if you can get a blue screen error.

    Would you also send me a copy of the Software hive from C:\Hives\Windows1? There are a few keys I'd like to inspect.
     
  16. 2007/05/08
    noeticsage

    noeticsage Inactive Thread Starter

    Joined:
    2007/04/08
    Messages:
    48
    Likes Received:
    0
    The F8 Menu no longer gives me the option to "Disable Automatic Restart." I tried to boot Windows 1 to Safe Mode and that didn't work either - same result as a regular boot.
     
  17. 2007/05/08
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Please load the C:\Windows\system32\config\System hive in HKLM under a key named test. Navigate to the following key.

    HKEY_LOCAL_MACHINE\test\ControlSet001\Control\CrashControl

    Double click the value AutoReboot and set it to 0 (Zero). Unload the test hive and reboot. Try to logon to Windows1 and let me know the result. If you blue screen/error, write down the exact message and post it.

    Also, please send C:\Hives\Windows3\Software
     
  18. 2007/05/10
    noeticsage

    noeticsage Inactive Thread Starter

    Joined:
    2007/04/08
    Messages:
    48
    Likes Received:
    0
    I changed the AutoReboot key like you said but still got no blue screen - the system still automatically restarted after about 5 seconds. Also, I sent you the Windows 3 software hive.
     
  19. 2007/05/19
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Please save the service.zip file I sent to the desktop, then extract the REGSYS701.SYS and service.reg files there. Copy the REGSYS701.SYS file to C:\Windows\system32\drivers. Load the System hive from C:\Windows\system32\config folder in HKLM under a key named test. Verify that the registry path HKEY_LOCAL_MACHINE\test\ControlSet001 exists (very important), then double click the service.reg file on the desktop to merge it into the registry. It will create a key named REGMON701 under HKEY_LOCAL_MACHINE\test\ControlSet001\Services. Unload the hive and reboot. Attempt to logon to Windows1. This will (should) create Regmon.log located in C:\Windows.

    Download Regmon from the following link (bottom of the page).
    http://www.microsoft.com/technet/sysinternals/utilities/regmon.mspx

    Extract and run the program. Click Options>Log Boot on the menu and close. Reboot. As soon as you logon, run Regmon again to stop the logging process. It will have created a Regmon.log at C:\Windows3.

    Rename the logs Regmon1.log and Regmon3.log, then put both in a zip file and send to me.
     

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.