I encountered a Windows 7 computer that would only boot to a black screen. The only thing I saw was a mouse arrow. At first I suspected the hard drive was corrupt, so I cloned the hard drive. But the problem still existed. With this computer I still had reason to believe the hard drive was bad. Next I scanned for a virus in Windows directory and the only that was discovered was one of those junk free programs that deliver pop-up ads.
It was at this point that I decided to try an easy solution. Since this was Windows 7 there would a good copy of the registry files at %windir%\system32\config\RegBack\. So after making a backup of the current registry files, I copied the good registry over the current ones. With this computer, some of the current registry files were twice as big as the good copies, which is why I think something was wrong with the old hard drive. After I did this, the computer booted fine.
Some other suggestions included running System Restore. I was lazy in this instance and didn’t try that. But I did increase the System Restore capacity once I got back into Windows. If you are still using Windows XP, you can always find the registry files under the \System Volume Information\ folder. Some other suggestions are that certain key folders have been corrupted or have corrupt permissions. Check the Windows folder, the Program Files folders, and the Recycle Bin folder.
Another old problem I had noted. I cleaned a computer that was infected with two rootkits, one in the Master Boot Record (MBR) and the other that dread UAC rootkit. These rootkits were modifying files as they were executed or when the file performed some action it did not like. For example, on this person’s computer, the rootkits corrupted McAfee files and would corrupt anti-malware scanners like HijackThis when it tried to scan. The MBR rootkit was very nasty. When you have a rootkit that corrupts anti-malware files, you will need to change the file name to something random (provided your file is not corrupted) or use the Windows disc to rebuild the MBR and manually remove the files or both.
This is an old problem I noted a long time ago. While working on a computer, I encountered a computer that would exhibit the STOP 0x0000008E blue screen but only just after I told Windows to restart. A quick Google search revealed that STOP 0x0000008E is a very common problem. In fact, Microsoft had three articles about this very STOP code. Most blue screens of death also have some text in all capital letters which is very helpful when cross-referencing this STOP code. STOP 0x0000008E is supposed to have the text KERNEL_MODE_EXCEPTION_NOT_HANDLED.
Sometimes in Windows when you log in, you will get this message: “Windows cannot load the user’s profile but has logged you on with the default profile for the system”. The cause of this message is one of the user specific files has become corrupted. Chances are good that user’s registry hive is corrupted. There are several hidden files in the folder c:\users\[username]\ folder (Windows Vista and later) or c:\documents and settings\[username]\ folder (Windows XP and earlier). Hereafter in this blog post we will call these directories [old user].
Chances are good you won’t be able to fix this problem.
- Try System Restore first, but be sure to choose a restore point several days before the problem occurred.
- If that does not work, try your backup next, if you have one.
- If that does not work, then you will need to create a new user. Below are the steps you need to take to migrate to a new user.
- Create a new user and log in to that new user. Do not open any programs just yet. And do not delete your old profile until you are absolutely sure everything has been copied.
- Browse to the new user’s folders, c:\users\[new user]\ or c:\documents and settings\[new user]\, hereafter called just [new user].
- Copy all the non-hidden files and folders from [old user] to [new user].
- After that finishes, browse to [old user]\appdata\local\ (Windows Vista or later) or [old user]\local settings (Windows XP or earlier). If you want, you can copy everything from this folder to the corresponding folder in your new user profile. It probably is a good idea only to copy folders from Microsoft or programs you currently have installed.
- Next browse to [old user]\appdata\roaming\ or [old user]\local settings\application data\ and copy those folders to the corresponding folder in your new profile.
- Log off and then log back in.
- See if your settings transferred. You might have to set up your email again. And that means you will might need to Google the location of the old email files and how to import them.
Here is an interesting problem in Windows XP. When you click the start button, the entire start menu was corrupted. You click on the All Programs link and nothing happens. You click on the My Computer link and nothing happens. In fact, the icons on the control panel were corrupted. When you go to the Control Panel and attempt to edit user accounts, you get a message “The specified module could not be found”. You couldn’t modify the services. And a whole lot of other weirdness was going on.
Do yourself a favor. If a lot of weird things are going on, go ahead and do an in-place upgrade, aka a repair installation. I spent several hours trying to fix these problems one at a time and could not. The only thing that worked was an in-place upgrade.
So what did I did. Well naturally I wanted to start with the System File Checker. That did not fix anything. I tried using Dial-a-Fix to repair Windows. Even the advanced options it had did not fix the problem. I didn’t want to do an in-place upgrade because of the slight risk of failure. Although to be fair, I’ve only seen a failed in-place upgrade on Windows Vista, which it recovered from. The way the Windows XP in-place upgrade works sometimes it will not let you. After much frustration, I finally went ahead with the in-place upgrade. Which worked, although it had its share of problems.
After the installation process prompts the user for the last time, it copies several more files. The problem was it kept prompting me to find a file that it could not find, except that it did find it but never copied the file. I tried a different CD drive, same thing. I tried a different disc, same thing. After a while I began to examine the files the program would not copy and the files it was attempting to replace where the same size but a date a few days in the future. I decided to manually attempt to expand these files from the CD to Windows. But after about 20 with no end in sight, I stopped. I was using the Dell XP Home SP2 CD anyway (it was a Dell laptop) so I figured between installing SP3 and all the Windows updates I would be okay. And I was. Windows installed properly, the updates and service pack installed properly. All the problems were fixed.
So, as another note, if Windows is not expanding a file from the CD or DVD and if the file exists, ignore the problem. Chances are good a security update will overwrite the file anyway.
If the Master Boot Record (MBR) or partition information has been damaged by a virus, Windows will not boot. Variants of the TDSS rootkit, for instance, will infect the MBR and remove the system and active flags on all partitions. The purpose of that is to make sure the boot process must active the TDSS rootkit. You’ll know this has happened when all you get is a flashing cursor when attempting to boot from the primary hard drive. It can be easily fixed with the Windows 7 DVD. This process is easier with the Windows 7 DVD than with the Windows 8 or Windows Vista DVD. This solution only works if the hard drive has a MBR. The MBR replacement, GUID Partition Table (GPT), requires a computer with the UEFI instead of the BIOS. GPT is more secure than the MBR.
- Boot into the Windows 7 DVD and choose Repair Your Computer.
- Startup Repair may run, if it does, let it fix the problem. If it doesn’t, then run startup repair immediately. Then immediately reboot back into the Windows 7 DVD.
- Open a command prompt.
- If using Windows Vista or later, run the following commands:
chkdsk c: /f /x (NOTE: The Windows DVD may have the Windows partition another drive letter. Make sure you use that drive letter.)
bootsect /nt60 sys /force /mbr
bcdboot c:\windows /s c: (NOTE: The Windows DVD may have assigned the Windows partition another letter. Use the drive letter Windows assigned for c:\windows.)
select disk # (use the list disk command to get a list of drives and use the # of the boot drive.)
select partition # (use the list partition command to get a list of partitions on this drive and choose the partition with Windows on it, likely the largest.)
- If using Windows XP or earlier, use the same commands except replace /nt60 with /nt52 in the bootsect command and do not use bcdboot.
- Reboot and run TDSSKiller.
I came across a Windows XP computer that was missing its taskbar. Upon further investigation I found out that many other things were not working right either. When I opened the management console, there were several services that would not start. I would get “access denied” error messages when attempting to start them manually and when I viewed the service dependencies I got the error message “Win32: Access is denied”. Since the sound was not working I also attempted to pull up the properties of the sound card driver, and nothing happened when I double-clicked the driver. Also on the management console, the buttons for the disk derangementer did nothing.
Here is how to fix all these problems in Windows XP; perform these steps in this order to save time:
- Using the Dial-a-Fix program, check every box except the ones under the Prep group and except for the Explorer/IE/OE/shell/WMP button. Then start that repair process. This may take some time.
- While that is running, you can clean up temporary files to help any antimalware scan later. You can also check for the TDSS rootkit using TDSSKiller.
- After Dial-a-Fix finishes what it was doing, click the hammer icon to bring up more options.
- First, scroll to the bottom of the list and choose Reset WMI/WBEM. If that gives an error, then choose Reinstall WMI/WBEM and after that finishes try again to reset.
- After that finishes, choose all of the Reinstall options except Reinstall options except Reinstall WMI/WBEM.
- After that finishes, choose Repair permissions.
- While waiting for that, open a command prompt and run the System File Checker: sfc /scannow.
- When all that is finished, then open the management console and then find the Remote Procedure Call (RPC) service. Open its properties and click the Logon tab. Make sure the service is set to log on Local System account. (Please note: the default setting is to not be logged in as Local System account.)
- After Windows comes back, you it would be a good idea to scan for viruses and malware.
So here is a problem I encountered. A computer would not connect to the internet. The first thing I do is, of course, run the ipconfig command. This showed that it wasn’t getting an IP address from the router. So I tried to open the command prompt as an administrator, but all I got was a message saying “The specified service does not exist as an installed service” along with something else below it related to the action I was trying to perform. Whenever I tried to run anything as an administrator, I got this same message: “The specified service does not exist as an installed service“. Continue reading