Had a PC I couldn’t get into.

XP starts normally, until I’m presented with a few login icons.

I click on a user icon, and it shows “loading user preferences” and soon afterwords “saving user settings”, it never actually leaves the login screen…

Hmmm, I try safe mode, but no go. I try administrator in safe mode, but it makes no difference. I try BartPE, and it starts, I try a virus scan, but it fails at the 20% mark.

I find a forum thread that talks about the problem: http://www.geekstogo.com/forum/lofiversion/index.php/t15771.html.

However, the system doesn’t have a wsaupdater.exe file, so its obviously a similar problem. Maybe a slight variation on the blazefind spyware with a different file substituted for the userinit.exe file… but which one? there are thousands of files in the system32 folder…

Somewhere on the same forum, I find a reference to a complicated solution at microsoft (http://support.microsoft.com/kb/307545) but by reading between the lines, I find I can scale it back to a simpler solution (by using the drive as a secondary drive on another PC, with a correctly functioning windows XP):

– attach drive to another PC

– backup, then delete reg files (eg c:windowssystem32configsystem, etc).

– copy the system restore files (from a few days prior to when I was called out… from X:System Volume Information) to a temp area. I needed to add the Administrator user to the security tab of “properties” for the SVI folder… and then give Administrator full control of the system volume information folder.

– rename files and copy them to c:windowssystem32config folder.

– shutdown, then attach drive to original PC

– happily boot  PC as usual.

This is really a registry restore (by using the system restore facilities), for when you cannot start XP to do a system restore.