Yesterday when my daughter powered up a family computer she received an error message related to userinit.exe. She also received a message from Spybot's Teatimer asking her to allow or deny a registry change.

She (arrgghhh!) allowed the registry change and now our Windows user logins have been hijacked.

Apparently, from my research, this is because of an Ad-Aware removal of some portion of a Search Assistant/Blazefind thing and my userinit.exe has supposedly been replaced by wsaupdater.exe.

I tried microsoft's fix for the login problem which was to go into the Windows recovery console and "copy userinit.exe wsaupdater.exe".

This was SUPPOSED to restore my login capability from which I would be able to do a registry repair. I still cannot log on to windows from any of the user accounts, even in safe mode.

I would appreciate any advice you can give me. We just loaded a lot of the family photos (college graduation) into this computer and had not yet had a chance to burn them to CD, we are pretty scared!

Hello

I have asked for the thread to be moved to HJT forum where one of the trained helpers will be able to advise on the next course of action

Cudni

I strongly recommend that you follow CastleCops' Malware Removal and Prevention procedure, a system CastleCops devised to enable users to either partially, or fully clean their systems without the direct aid of an expert.

Please read these instructions carefully. You will find the Malware Removal and Prevention Procedure here:

http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction

If that doesn't fix the problem, then go to this Forum, read the instructions at the top of the page carefully:

/f67-Hijackthis_Spyware_Viruses_Worms_Trojans_Oh_My.html

Follow these instructions:

/t102301-Hijackthis_Guidelines_Read_Before_Posting.html

and one of CC's trained 1st Responders or Security Experts will help you.

Note to everyone: You must be a CastleCops member to post for help in the HJT forum. Do not post a HJT log anywhere other than in our HJT forum. If you post them here or in other forums, they will be deleted or ignored.

Thanks for your reply, PCBruiser.

I tried the "wiki" link, it won't load from your link OR from the side-bar link.

I have read the HJT guidelines, have no p2p software but cannot run HJT because I cannot get into windows. For the same reason, I cannot run any other malware cleaners, online scanners, etc.

If I could get past the login problem, I would have no problem cleaning up my registry, etc. I have successfully cleaned other machines without help.

It's sounding more and more like I just need to nuke my drive and re-pave it. Took the hard drive and attached it to another machine, I'm pulling off the files that mean anything and just going to re-load Windows.