Ran AdAware, now I can't get past "user profile screen"

[Ryan]

Ran AdAware on my buddy's computer because it was infested
with spyware, rebooted and now I cannot get past
the "Welcome to Windows" screen where you pick your
profile. This is Windows XP home I'm guessing, although
I'm not sure. When I select the user profile, it acts
like it's going to let me in, then it returns to that
screen. Please help.

 

[Guest]

Ran AdAware on my buddy's computer because it was infested
with spyware, rebooted and now I cannot get past
the "Welcome to Windows" screen where you pick your
profile. This is Windows XP home I'm guessing, although
I'm not sure. When I select the user profile, it acts
like it's going to let me in, then it returns to that
screen. Please help.

http://www.lavasofthelp.com/articles/v6/04/06/0901.html

 

[Torgeir Bakken \(MVP\)]

Ran AdAware on my buddy's computer because it was infested
with spyware, rebooted and now I cannot get past
the "Welcome to Windows" screen where you pick your
profile. This is Windows XP home I'm guessing, although
I'm not sure. When I select the user profile, it acts
like it's going to let me in, then it returns to that
screen. Please help.

Hi

Unable to Log On To Windows XP After Removing wsaupdater.exe
http://www.lavasofthelp.com/articles/v6/04/06/0901.html

More here:
http://groups.google.com/groups?hl=...rosoft.public.windowsxp.*&as_qdr=&btnG=Search

 

[Guest]

reboot in safemode

 

[Malke]

reboot in safemode

Please quote some of the original question for clarity. Because you
didn't and the original posts aren't available for me, I can't go back
and check what the Original Poster said. However, from the subject line
I'm going to guess what happened - and rebooting into Safe Mode will
not help him/her.

Credit and thanks to MVP Rick Rogers:

The userinit value may have been corrupted by the removal of Blazefind.
It adds wsaupdater.exe to the logon value in the system registry,
sometimes appending it, sometimes replacing it. Running Adaware or
other cleaners detects and removes wsaupdater.exe, but doesn't correct
the registry damage. If this is the case, then you may need to load the
registry hive from another installation and change it. This is the key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

Userinit string value should be:

C:\WINDOWS\system32\userinit.exe,

On the damaged installations it's one of these:

C:\WINDOWS\system32\wsaupdater.exe,
C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wsaupdater.exe,

Note the trailing comma, which should be there.

Another "quickie" method of resolution is to load the Recovery Console,
copy userinit.exe as wsaupdater.exe from the command prompt, then
restart normally. Once in, go and change the registry value back to
what it's supposed to be and delete the copied file by doing:

cd system32 [Enter]
copy userinit.exe wsaupdater.exe [Enter]
exit [Enter]

Then boot the system and edit the Registry and then rename the System32
wsaupdater.exe back to userinit.exe.

This can also be done by using the 6 disk boot floppy set mentioned in
the above article, as it loads enough of the Recovery Console so that
you can copy the file. This is particularly useful if you have an OEM
installation that includes only a Restore CD, or no disk at all.

You can also put the affected hard drive as a slave in a working XP box
and put a good userinit.exe in the sick driver's System32 folder,
rename it to wsaupdater.exe and then put the sick drive back in its
box. Start the system and make the changes in the Registry and rename
wsaupdater back to userinit.exe.

Lavasoft article:
http://www.lavasofthelp.com/articles/v6/04/06/0901.html

Malke