Situation: PC will allow you to log in, but immediately logs you back out.
There is a spyware application entitled "wsaupdater.exe" that replaces "userinit.exe" and modifies the registry moving "userinit.exe" to "OldUserinit" and placing itself in the normal registry location. AdAware will remove the executable, but will not correct the registry. Failure to correct the registry before a reboot leaves you unable to log into the PC, even in Safe Mode.
The most obvious solution would be to check the registry after running AdAware, but before rebooting.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
Look for key:
UserInit = C:\Windows\system32\wsaupdater.exe
Change to:
UserInit = C:\Windows\system32\userinit.exe
If you fail to check the registry, all is not lost.
There is a Linux boot CD that will allow you to edit the registry.
Check the following site and download the latest version of "Austrumi" (or see if someone already has a CD sitting around):
At the time of this writing, the latest version was v0.8.8.
Download the ISO image and burn it to a CDROM.
Insert the CD into the computer and reboot, ensuring that the CDROM is the first boot item.
When the CD boots, at the boot prompt type in "nt_pass" without the quotes.
Don't wait too long or the CD will boot into some foreign language GUI.
The boot script will stop and ask to please select the partition by number that you wish to work on, just above that is a partition list for the hard drive. With the Dell GX260, #2 is the main partition, #1 is a maintenance partition. Usually you can just hit enter, as it will pick the most likely partition to work on.
Next it will ask you for the path to the registry directory, again it will usually find the correct path on it's own, so check to be sure and if it is correct, simply hit "Enter".
Next it will ask you to select which part of the registry to load. For our purposes, we want to select option #2 "software" and hit enter.
Next we wish to use the "Registry editor" so enter option #9 and hit enter.
Now you will see a prompt as such: [1020] >
At the prompt type in the following (case sensitive):
cd Microsoft\Windows NT\CurrentVersion\Winlogon <ENTER>
***NOTE the space between Windows and NT***
You may type in "ls" (without the quotes) to view all the registry entries under "Winlogon".
Now type in (case sensitive):
cat Userinit <ENTER>
This will list the current value assigned to that registry entry.
It should read: "C:\Windows\system32\userinit.exe"
If it does not, type in (case sensitive):
ed Userinit <ENTER>
And at the prompt type in:
C:\Windows\system32\userinit.exe <ENTER>
Now type in "q" to quit and hit <ENTER>.
Now type in "q" to quit again and hit <ENTER>.
You will be asked if there is something to save, answer yes.
Now it should state "Edit Complete" and you can "try again if something failed".
The default answer is "no" (indicated by the [n]), so hit enter to quit.
Now you should be back at the "#" prompt.
Press "CTRL" + "ALT" + "DELETE" (the Windows three finger salute) to reboot and eject the CDROM.
You should now be able to log into Windows normally.
