I had to fix one Windows XP computer today. The computer was in a terrible state (meak to say), the system was hanging during boot,
None of Windows recovery modes worked, except when running it through:
Windows Safe Mode (With Command Prompt) mode (pressing F8 before Windows boot with Windows flag screen).
I followed some Usual commands to repair broken Windows XP, as the system was hanging during boot there was obviously some issues with corrupt by Viruses and Malware system binary (.exe) files or some .DLL was substituted in (C:WindowsSystem32 and C:WindowsSystem32DllCacache) with a trojanned version by some "bad ware".
Thus the logical thing to do was to try:
from Safe Mode's cmd prompt. Instead of starting its work as usual System File Checker spitted an error:
Windows File Protection could not be initiate a scan of protected system files.
The specific code is 0x000006ba [The RPC Server is unavailable.]
You can guess my amazement as I see this error for a first time in my life. Actually I don't remember if I run System File Checker scan from a Safe Mode With only Command Prompt ever so I'm not sure if this error was caused by some Virus activity which broke up the Win host, or it is due to the fact RCP Services are not loaded in Safe Mode – With Command Prompt Only.
As the message implies RCP Server is not running and sfc depends on it.
The reason for the error is Windows File Protection (WFP) was disabled by some of the Spyware or Viruses which infested the poor Win PC.
As the problem consisted in unworking RPC Services I tried launching RPC manually with command:
> net start rpcss
This unfortunately did not succeeded (dunno why).
I've later seen another fix pointed on a couple of forums around, which is using Registry to enable SFC.
Re-enabling SFC is done by:
1. Launching regedit
2. Once launched go to the following reg settings (sub-values)
Use modify on it and change value to be "0"
3. Restart windows and launch again Safe Mode With (Command Prompt Only)
> sfc /purgecache
> sfc /scannow
This solves it however, as you never can be sure if the Install time .DLLs are not already rootkited by the Virus-es and Spywares which "posessed" the computer. It is generally a good idea to Launch the Windows Install CD, recovery console and launch SFC using it, or even try using the Windows CD (Repair) mode. Though this is a temporary work around, this system will need a re-install in very short future, or it will most likely came in the same broken state in a very while – I don't believe such an infested computer can be "cured" except with a clean CD Windows re-install.
If this method didn't work for you but something else worked for you, whether you had to fix a Win PC please drop a comment with the solution.
More helpful Articles
Tags: amazement, broken windows, command prompt, recovery modes, safe mode, Spyware, system file checker, time in my life, virus activity, Viruses, win pc, windows boot, windows file protection, windows recovery, windows xp
Mozilla/5.0 (X11; U; Linux x86_64; bg-bg) AppleWebKit/531.2+ (KHTML, like Gecko) Version/5.0 Safari/531.2+ Debian/squeeze (2.30.6-1) Epiphany/2.30.6
A sfcenable.reg file is here – http://www.pc-freak.nt/files/sfcenable_windows_registry_file.zip
Alternative way to enable sfc is to simply run sfcenable.reg file and restartView CommentView Comment
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:220.127.116.11) Gecko/20100401 Firefox/3.6.3
The same computer happened to have a small problem with hardware too. I removed memory from memory slot and reattached, because computer was sometimes booting and sometimes not. After it was booting every time. Eventually I re-installed the Windows, just few days later, because it was too slowly working for a normal use. (the machine is old), but it seems some kind of badware was again crawling, so I was tired of trying to work it around thus re-installed.View CommentView Comment
Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36
Hi, I have been fixing people's computers before I came into web development business. My way of approach was to just reformat the computer with a windows installation disk and run a boot time scan on other drives in most cases. If I knew a particar cure for a problem that I would have used that. Reformating is the best if the machine it fast enough it only takes an hour or so.View CommentView Comment
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
This will not offer the user any access to his data so I would be slow to classify this as “fixing people’s computer”. Indeed, they might have been able to do that themselves?View CommentView Comment
Mozilla/5.0 (Windows NT 6.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2125.104 Safari/537.36
Sorry Vikram but that is not fixing someone’s computer. A wipe of the hard drive and a fresh reinstall of windows should be the last resort, not the first.View CommentView Comment
Mozilla/5.0 (Windows NT 5.1; rv:31.0) Gecko/20100101 Firefox/31.0
Thank you for this fix!View CommentView Comment
However I can’t effectively act according to the instructions on that Winlogon.
Winlogon is a folder… ‘Use modify on it and change value to be “0” ‘ –>> which of those keys should be set to “0”?
Please see this screenshot:
To the admin: the http://www.pc-freak.nt/files/sfcenable_windows_registry_file.zip is not more available, unfortunately. Could you please restore it?
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:36.0) Gecko/20100101 Firefox/36.0
My mistake, proper download link is http://www.pc-freak.net/files/sfcenable_windows_registry_file.zip
Try to expand WinLogoan and see what there is as a possibility to check and check for something related.
I don’t remember exactly anymore ..
If you fix it drop me a comment.
GeorgiView CommentView Comment
Mozilla/5.0 (Windows NT 5.1; rv:31.0) Gecko/20100101 Firefox/31.0
Thank you for the new zip. (Please note the embodied link is still wrong, but the visible text of the link is working). PC booted in safe mode, extracted from the zip and added the registry key, rebooted again in safe mode but unfortunately the sfc /scannow command still shows that RPC server is unavailable. The registry editor key to be zeroed is the SFCScan within Winlogon that is (and was) already with 0x00000000(0) in my case; so the manual instructions are not useful.View CommentView Comment
Hope there is a solution… I have ‘your computer must be restarted. Ignore windows error recovery screen after restart’. But it’s always cycling with that message. Only way to fix it for only one boot is to enter in Safe Mode, schedule a checkdisk and at the next first restart only, Windows XP will boot. At the subsequent boot, a new ‘your computer must be restarted…’ appears. Running sfc/ scannow in Windows XP normal mode works but does not fix that message. That’s why I hope to fix this Sfc /scannow issue in Safe Mode.