Looking to edit registry on 2nd hdd/win install ...

Basically, I'm helping recover a friend's stuff. She got severely infected (her hdd is XP Home) with spyware, etc. Another friend helped to clean it off, but then it wouldn't boot. Booting to SM hangs on mup.sys (which I found elsewhere may be a BIOS fix, but I'm still looking for her BIOS update info) -- so that's a nogo.
I couldn't load Recovery Console -- something keeps changing the Administrator password (even tho I keep resetting it with lovely lovely Linux based programs) ... I tried (the times that I COULD get in) some manual recovery console stuff (which normally works for me) ... I'd get an error about lsass.exe not being able to change a password.

At that point, I temporarily switched gears. (I'm not really looking for help on the above issues ... but if you know of them ... I'm all ears! I am fairly proficient at getting rid of the Spyware ... once I can get into the OS! lol)

I threw a hdd with XP Pro loaded into the system ... I can access the original hdd.

What I'm hoping to do is find a way to edit the XP HOME registry ... the one on the "D" drive ... instead of the XP PRO on C ...

I found 1 program (for purchase) that flat out STATES it can do this ... Resplendent Registrar 3.30 ...

I'm currently drilling through the list of Freeware Registry Editors listed on the main site -- hoping that they will say if the can or cannot accomplish such a thing.

If anyone knows of one off the cuff, I'd appreciate it. Or ... just a way to do it with plain RegEdit &/or RegEdt32 ... I found a suggestion on something ALMOST right, but not quite ... I don't know (yet) if it'll work on a registry on a separate harddrive.

Any help is appreciated!!!!

 

MUP.SYS is just the last driver being loaded before the rest of the booting process is performed. I think the problem lies in the remaining booting process.

The Administrator-account is only available when booting in safemode when using WinXP Home, where it by default has a blank password.

You can use regedit in Windows to edit offline registry-files:

http://snakefoot.fateback.com/tweak/winnt/install.html#OFFLINE_REGEDIT

I would probably try to do an "inplace upgrade"/"repair install" of the existing WinXP install.

 

Yeah ... the mup.sys means that the next driver is hanging ... I've also had it suggested that it has to do with ACPI BIOS issues & that to resolve, to try flashing the BIOS. I just haven't had a chance to try that yet.

I can't do a repair install ... I don't have her restore CD's & I don't have a copy of XP Home, nor any of the drivers (yet) for her system. (I could possibly download most of those ... but from my own experience with a dif computer from the same mfr ... that's not always the best of choices! lol) (I'll also be a little more willing to try "drastic measures" once I get her restore media!!!!)

I am aware that Administrator is only avail in SM in XPH ... I actually do phone tech support, so all the "easy" answers are already tried! hehe (Thanks very much for the suggestion, tho! That one confused me until I found that out a few months back ...)

I've used this app ( http://home.eunet.no/~pnordahl/ntpasswd/ ) to change the password ... I've used it in the past to recover access to my own machine. The odd thing is ... it'll work once, but not a second time. SOMETHING in the load up of the XPH hdd is changing passwords & permissions at a very low level.

I'm someone who LOVES digging in the registry ... that's why I'd like to be able to take a look into "hers" while running the OS on mine. I can see things there that I'd otherwise miss. That's why I'm looking for another offline reg editor. (The one that comes with the above tool runs pre-OS (so I'd have to boot to HER hdd) & currently has rather dire warnings about using the registry editing functions of the program!! lol)

At any rate ... I'll check out the tool suggested so far! Thanks again for any suggestions.

(Oh yeah ... I've booted to Knoppix once, but was unable to edit/move files ... which is why I threw in the 2nd drive. Still looking into what I have set wrong on that as well ...)

(Linux ... a Windows Admin's Best Friend!! hehe All the best Windows recovery tools seem to be Linux-based somehow ...)

 

quick update ... that's more or less what I was looking for so far! THANKS!

Found the registry entries from before it was "fixed" ... so I'm on the right track for getting it into an OS ... then I get to have fun removing Spyware!!!

(yes -- I ACTUALLY do think that's kinda fun ... as long as it isn't on MY machine!)