Re: unable to login into WinXP HE

From: Malke (notreally_at_invalid.com)
Date: 09/18/05


Date: Sun, 18 Sep 2005 11:16:13 -0700

Duggles wrote:

> Hi, I don't relly know if I'm posting in the right area but anyway...I
> was getting rid of viruses/sayware off my computer and MS GIANT found
> 3 viruses, a trojan, a mediaticket and a 180 solutions. I was akedto
> reboot my PC due because one of the viruses was running so I did. When
> I had rebooted I tryed to log into my useer but it immediately logged
> me out...I have tried safe mode and other users but all unsuccessful.
> Is there a way to open msconfig, command prompt (safe mode with prompt
> doesn't work) without logging into a user.
>
> Yours,
> Duggles

You may have run afoul of the wsaupdater problem. Here is MVP Rick
Roger's summation (with solutions):

The userinit value may have been corrupted by the removal of Blazefind.
It adds wsaupdater.exe to the logon value in the system registry,
sometimes appending it, sometimes replacing it. Running Adaware or
other cleaners detects and removes wsaupdater.exe, but doesn't correct
the registry damage. If this is the case, then you may need to load the
registry hive from another installation and change it. This is the key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

Userinit string value should be:

C:\WINDOWS\system32\userinit.exe,

On the damaged installations it's one of these:

C:\WINDOWS\system32\wsaupdater.exe,
C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wsaupdater.exe,

Note the trailing comma, which should be there.

Another "quickie" method of resolution is to load the Recovery Console,
copy userinit.exe as wsaupdater.exe from the command prompt, then
restart normally. Once in, go and change the registry value back to
what it's supposed to be and delete the copied file by doing:

cd system32 [Enter]
copy userinit.exe wsaupdater.exe [Enter]
exit [Enter]

Then boot the system and edit the Registry and then rename the System32
wsaupdater.exe back to userinit.exe.

You can also put the affected hard drive as a slave in a working XP box
and put a good userinit.exe in the sick driver's System32 folder,
rename it to wsaupdater.exe and then put the sick drive back in its
box. Start the system and make the changes in the Registry and rename
wsaupdater back to userinit.exe.

HTH,

Malke

-- 
MS-MVP Windows User/Shell
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic"


Relevant Pages

  • Re: Unused default user folders - problem solved
    ... What was happening was, when I rebooted, a new All Users folder was created, ... which of course I couldn't delete or rename, ... the registry value to "Copy of All Users", ... Did you reboot the system after updating the registry value? ...
    (microsoft.public.windowsxp.general)
  • Re: My Document folder
    ... it sounds like you have a permissions problem in your registry. ... you rename My Computer and have it stick through a reboot? ... Best regards, ...
    (microsoft.public.windowsxp.security_admin)
  • sndcompat.exe????????????
    ... I get a message during start-up that c:\widows\system32 ... in the registry, please rename, or delete. ... I can't reboot ...
    (microsoft.public.windowsxp.perform_maintain)
  • RE: sndcompat.exe????????????
    ... > in the registry, please rename, or delete. ... I can't reboot ... please advise, Tim ...
    (microsoft.public.windowsxp.perform_maintain)
  • RE: FTPD and Telnet password lost when ethernet cable detached
    ... credentials also if they are saved into the hive registry. ... You might check, then, calling GetCurrentUserExin both cases, network ... and FTP works fine and I never lost password after reboot also with cable ... RemoteAdmin interface use different password to login than ftp and telnet? ...
    (microsoft.public.windowsce.platbuilder)