[JSntgRvr]

You seem to have searched for all items. Read the instructions. Each item is a command line in the Terminal Window. Also, make sure you download the Query.exe directly to the USB drive, then double click on it. That should extract the query.sh file and the chntpw folder.

Please tray again, then after running these commands, reboot back to xPUD. That usually helps to keep the files saved in the drive.

[Advertisements]

I did it again, but still can only get the file find file.

Attached Files

•  filefind.txt   11.07KB   529 downloads

[hknh]

I did it again, but still can only get the file find file.

Attached Files

•  filefind.txt   11.07KB   529 downloads

[hknh]

I tried again - I don't know what else to do.

Attached Files

•  filefind.txt   3.48KB   453 downloads
•  RegReport.txt   6.17KB   679 downloads
•  report.txt   93.12KB   446 downloads

[JSntgRvr]

There are drivers in two locations, mnt/sda2/Windows/System32 and mnt/sda3/Windows/System32. Browsing these locations, are you able to tell which location is the System Drive? You may be able to do so by browsing to the mnt/sda2/Users or mnt/sda3/Users and see your username.

[hknh]

I don't know how to tell ... I checked mnt/sda2/Users or mnt/sda3/Users and under sda3 Heidi is a folder. That is my username.

[JSntgRvr]

I believe is sda3 also.

Seems that there is an issue with the registry. No user accounts are found. Lets take a look at what may be available as a backup.

Please delete the current filefind.txt file from the USB drive.

Boot to xPUD

• Expand mnt
• sda1,2...usually corresponds to your HDD
• sdb1 is likely your USB
• Click on the folder that represents your USB drive (sdb1 ?)
• Confirm that you see driver.sh that you downloaded there
• Press Tool at the top
• Choose Open Terminal
• Then type bash driver.sh -af
• Press Enter
• You will be prompted to input a filename.
• Type the following:
  
  

  SAM

• Press Enter
• If successful, the script will search for this file.
• After it has completed the search enter the next file to be searched
• Type the following:
  
  

  DEFAULT

• Press Enter
• If successful, the script will search for this file.
• After it has completed the search enter the next file to be searched
• Type the following:
  
  

  SYSTEM

• Press Enter
• If successful, the script will search for this file.
• After it has completed the search enter the next file to be searched
• Type the following:
  
  

  SECURITY

• Press Enter
• After it has completed the search enter the next file to be searched
• Type the following:
  
  
  

  SOFTWARE

• Press Enter
• After it has completed the search enter the next file to be searched
• Type the following:
  
  

  XBURDERWHJWA.EXE

• Press Enter
• After the search is completed type Exit and press Enter.
• After it has finished a report will be located in the USB drive as filefind.txt

Please post the filefind.txt on your next reply.

[hknh]

 filefind.txt   14.94KB   456 downloads

[JSntgRvr]

It is a little bit confusing as it looks as if you have two hard drives with a Windows installation.

Lets attempt this manually. There is no automatic way to do this throughout xPUD.

Boot to xPUD.

First browse to /mnt/sda3/ProgramData and rename the file xBuRdeRWhJWa.exe to xBuRdeRWhJWa.exe.vir

Second, browse to /mnt/sda3/Windows/System32/config and rename the file sam to sam.123

Then browse to /mnt/sda3/Windows/System32/config/RegBack, right click on the file SAM and select Copy. Browse back to /mnt/sda3/Windows/System32/config, right click on an empty space and select Paste. That should copy the file SAM from the RegBack to the config folder after being renamed.

If successful, attempt to reboot into Normal Mode and let me know the outcome.

[hknh]

When I tried to start windows normally, it looped me back to the start screen and asked if I wanted to started windows normally or repair. Then it automatically went to the repair option and then to the wondows screen with otheruser. I click on other user and go to the username and password page, which won't let me in.

[JSntgRvr]

If you select "Repair my computer" in the Advanced Menu, wouldn't that let you in? How about typing your username and password?

[hknh]

I don't have a username and password - If I click on repair, it goes to that screen - if I click on run normal, it loops back to tht page

[JSntgRvr]

If you can't get to a command prompt throughout the Repair Console, lets try another application:

You will need a CD to burn and a flash drive to move information from the troubled computer to a working computer. It is the only way we can see the progress of our actions. Save these instructions in your flash drive as a text file (use notepad) so you can have access to these while in an external environment (PE).

Here is what you need to do.

• Download OTLPEStd.exe to your desktop. NOTE: This file is 93.5MB in size so it may take some time to download.
• Once downloaded, insert a blank CD in your burner and click on OTLPEStd.exe.The executable includes the OTLPE_New_Std.iso and a copy of imgburn, a program to burn .iso files. When executed, the application will extract both and start the burning process automatically.
• Once the CD is burned, boot the Non working computer using the boot CD you just created.
• In order to do so, the computer must be set to boot from the CD first
  Note : For information click here
  
• Your system should now display a REATOGO-X-PE desktop.
• Double-click on the OTLPE icon.
• When asked "Do you wish to load the remote registry", select Yes
• When asked "Do you wish to load remote user profile(s) for scanning", select Yes
• Ensure the box "Automatically Load All Remaining Users" is checked and press OK
• OTL should now start. Change the following settings
  
  • Change Drivers to All
  • Change Standard Registry to All
• Press Run Scan to start the scan.
• When finished, the file will be saved in the root directory of your hard drive, usually C:\.
• Copy this file to your USB drive.
• Please post the contents of this file in your reply.

[JSntgRvr]

According to xPUD, your username is Heidi. Try that one. If you do not have a password, leave it in blank.

[hknh]

I tried and nothing - the specified domain either does not exist or could not be contacted -

[hknh]

what do I chose for windows directory after double clicking otlpe?