Posted 10 November 2010 - 01:08 AM
I have a client's machine here, running xp pro 32-bit and the problem is that as soon as any user (including administrator in safe mode) clicks on their icon on the welcome screen, their profile starts to load, then they are immediately logged off.
The system is dual boot - it has an XP 64 pro instance on volume C:, but they don't use that because drivers for important bits of hardware aren't available. The 32 bit instance is on D:
They have some software installed for specific vertical applications that they're not sure they have the licence keys for still, so I'm trying to avoid wipe and reload.
I've pulled the drive out, plugged it into my machine, and run malwarebytes over it, removing 45 nasties from D:.
I've manually checked the registry by loading the software hive into regedit on the 64 bit instance, and confirmed that the HKLM\Software\Microsoft\Windows NT\Winlogin userinit points to D:\WINDOWS\System32\userinit.exe, (yes the comma is properly there!)
I can't find any instances of wsaupdater.exe in the file system, or referred to in the registry.
Does anyone have any suggestions as to what action I can take next?