hello here is the look.txt


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\_REMOTE_SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
ShowLogonOptions REG_DWORD 0x0


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\_REMOTE_SOFTWARE\Microsoft\Windows\CurrentVersion\Setup
DriverCachePath REG_EXPAND_SZ %SystemRoot%\Driver Cache
BootDir REG_SZ C:\
PrivateHash REG_BINARY 6F1E5F262D4244136B16D3FE9FF58088
Installation Sources REG_SZ C:
SourcePath REG_SZ C:\WINDOWS
ServicePackSourcePath REG_SZ c:\windows\ServicePackFiles
CDInstall REG_DWORD 0x0
LogLevel REG_DWORD 0x0
ServicePackCachePath REG_SZ c:\windows\ServicePackFiles\ServicePackCache

HKEY_LOCAL_MACHINE\_REMOTE_SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\BaseWinOptions

HKEY_LOCAL_MACHINE\_REMOTE_SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents

HKEY_LOCAL_MACHINE\_REMOTE_SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Migration DLLs

HKEY_LOCAL_MACHINE\_REMOTE_SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Oc Manager

HKEY_LOCAL_MACHINE\_REMOTE_SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\OOBE

HKEY_LOCAL_MACHINE\_REMOTE_SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\OptionalComponents

HKEY_LOCAL_MACHINE\_REMOTE_SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\WindowsFeatures

Volume in drive C is system
Volume Serial Number is 4C24-1144

Directory of c:\05680d73bf944828f163c4fc37c5

08/06/2009 12:56 PM <DIR> i386
0 File(s) 0 bytes

Directory of c:\Program Files\APC\PowerChute Business Edition\jre142_11\lib

07/13/2008 04:14 PM <DIR> i386
0 File(s) 0 bytes

Directory of c:\Program Files\Java\jre1.5.0_06\lib

03/18/2006 01:08 PM <DIR> i386
0 File(s) 0 bytes

Directory of c:\Program Files\Java\jre1.6.0_03\lib

12/19/2007 06:36 PM <DIR> i386
0 File(s) 0 bytes

Directory of c:\Program Files\Java\jre6\lib

02/12/2009 10:13 PM <DIR> i386
0 File(s) 0 bytes

Directory of c:\WINDOWS

11/24/2004 02:53 PM <DIR> I386
0 File(s) 0 bytes

Directory of c:\WINDOWS\Driver Cache

08/06/2009 12:56 PM <DIR> i386
0 File(s) 0 bytes

Directory of c:\WINDOWS\ServicePackFiles

09/17/2008 07:51 PM <DIR> i386
0 File(s) 0 bytes

Directory of c:\WINDOWS\ServicePackFiles\ServicePackCache

09/17/2008 07:51 PM <DIR> i386
0 File(s) 0 bytes

Directory of c:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles

08/25/2007 05:39 PM <DIR> i386
0 File(s) 0 bytes

Directory of c:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles

07/13/2008 04:13 PM <DIR> i386
0 File(s) 0 bytes

Directory of c:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles

09/17/2008 07:42 PM <DIR> i386
0 File(s) 0 bytes

Directory of c:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles

09/17/2008 07:42 PM <DIR> i386
0 File(s) 0 bytes

Directory of c:\WINDOWS\system32\spool\XPSEP

08/06/2009 12:56 PM <DIR> i386
0 File(s) 0 bytes

Directory of c:\WINDOWS\system32\spool\XPSEP\i386

08/06/2009 12:56 PM <DIR> i386
0 File(s) 0 bytes

Total Files Listed:
0 File(s) 0 bytes
15 Dir(s) 139312013312 bytes free

Volume in drive X is MiniXP
Volume Serial Number is CC91-18C3

Sorry, I need you to load Registry Editor PE once more for another export.
Copy the contents of the code box below and paste it into a command window while the editor is open and minimized.



Post the new log that opens.

This post has been edited by noahdfear: Nov 5 2009, 04:23 PM

no problem


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\_REMOTE_SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
LogonType REG_DWORD 0x1


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\_REMOTE_SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Background REG_SZ 0 0 0

The previous exports were to;

1. determine if the system would look for replacements on the drive or prompt you for the XP cd when the System File Checker is run
2. determine the method used to logon to your user account

What I propose to do next is attempt to force Windows to run a System File Check on startup by merging a reg file.
If corrupted system files are found they should be automatically replaced with good copies found on the drive.
I also intend to enable the Windows Classic Logon dialog to help verify the bootup process (tells me bootup goes at least to the logon stage).
If you do not use a password to logon, you need only hit Enter or click OK to logon.
The System File Checker should start and be visible after logon, if successful, even if the screen remains in the same state it has been in on previous attempts to logon.
Be patient - it may take quite a while to complete.
You may need to restart the computer when the scan completes to verify any changes.

* The following will create backups of the affected registry keys prior to making any changes and save them to the hard drive*

With Registry Editor PE loaded and minimized, copy the contents of the code box below and paste it into a command window.



When the command window closes, close the editor and wait for the All Finished message, then restart and boot the hard drive.
Let me know the results.

hello
I followed your last instruction,I hope!
tried boot up goes to win xp logo with strobing light, then to the black screen with mouse cursor. left it running for about an hour befor replyng
no change sorry.

Boot to MiniXP and click Start>Programs>ERD System Restore
In the opening dialog expand My Computer and click (C:) Local Disk to select it, then click OK.
Click Next then select 'Roll back to an existing restore point' and click Next again.
This should bring up a calendar which you need to look for and select days bolded.
If one is located, select it in the right pane then click next.
The next screen will show you what files will be affected.
Click Next
When it completes, restart and try a normal boot.

*Note - in my testing, I was often told that no restore points existed in the disk I selected. I canceled out and ran it again, this time selecting the C:\Windows folder, which gave me the same message. I then ran it once more, this time selecting Local Disk C: again and it was able to find restore points. In other words, if unsuccessful on the first run, try it a few times, changing locations to look and finally going back to C:

** I previously had you do a search for registry hives in the system restore folder which came up blank, so I'm not extremely hopeful that a restore point will be found.

hello
I tried your last sugestion in as many ways icould think of and several times and i kept getting the no system restore points exist
Maybee the only sollution is to re- format ?? is there any way of saving anything with the mini xp system?
many thanks for your effort.

Hi arfon,

Sorry for the late reply!

I should have suggested this before - please disconnect all unnecessary peripherals, such as speakers, printers, cameras or any other usb devices. If it's within your means, I would also suggest physically removing any pci devices if they exist, that the computer does not need to boot, such as a network card, modem or add-on graphics/sound card. If there is no change in behavior, I do have one or two other things we can maybe try if you're game. That said;

formatting is an option, though if you prefer to try avoiding a complete re-install of all your programs, you could attempt a repair installation of Windows, provided you have a Windows XP Operating System disc as opposed to a Recovery cd. A repair installation leaves the current file system intact, meaning if the repair is successful, the system will still require cleansing of malware.

You can backup files from within the MiniXP environment. You can burn cds, attach usb hard drive or another physical internal hard drive to be used for data storage.

Hi Dave
I disconected all components you sugested including the sound card but made no differance.
maybe we can try the one or two other things you have in mind .

In MiniXP, download Regmon from the following link and save it to the desktop.

http://download.cnet.com/RegMon/3000-2094_4-10020841.html

Right click the Regmon.zip file and select 7-zip>Extract to "\Regmon".
Open the Regmon folder and double click regmon.exe
Agree to the license.
When regmon opens, click the magnifying glass icon on the toolbar to stop the screen capture.
Click Options>Log Boot then click OK on the message box that opens.
Close regmon and the regmon folder.

Start Registry Editor PE, no user hive necessary, then minimize it to the taskbar.
Highlight and copy to text the contents of the code box below.



Open a command window and paste the copied text in.
Exit Registry Editor PE and restart the computer, allowing it to boot from the hard drive.
Once the boot process goes as far as it will, restart back into MiniXP and locate C:\Windows\regmon.log
Right click the log and select 7zip>Add to "Regmon.zip"
It will create the regmon.zip file in C:\Windows
Open a browser and go to my submission channel, then browse to and upload the regmon.zip file.
Close all Explorer windows.

Open a command prompt and type chkdsk /r c: then hit Enter.
Do not access the C: drive while checkdisk is running.
When checkdisk completes, restart and see if the computer will boot properly.

Was the operating system pre-installed from the factory on this computer?

Hello
I have downloaded regmon and ran it .
then tried opening registry editor pe but it wont open with the message ( sam file not found please verify the correct file name was given )
not sure how to proceed .

Did it appear to look in the C:\Windows\system32\config folder, where all of the other hive files are located? When asked for the SAM hive, do you see it in the browse window?

I go to hirens boot cd win tools. select menu- registry-registry editor pe,( browse for folder box opens) Iselect C system then click ok, then another box opens (select the remote sam hive!) opens . with desktop ini in the top corner i click open and get the fail mesage. i also tried changing the desktop ini to c in the drop down menu and get the fail mesage

You need to select the C:\Windows folder.

Just received the file. It's going to take me a while to analyze and I'd like another log to compare.
If you would please, delete the regmon log and regmon zip file in C:\Windows, restart to the hard drive once more and this time leave it sit for at least 10 minutes on the gray screen.
Go back to MiniXP, and zip the log again, then submit it as well.

If the log is not created, let me know and I'll post instructions for repeating the procedure (it will be slightly different than the first time).