Lexington Computer Repair Blog

My customer was trying to install TurboTax 2011 on his Windows 7 x64 install and got into an endless loop where TurboTax wants to install or “correct” some issue with Microsoft .NET 4. Alas, allowing the software to do this just results in the computer re-booting over and over again, hopelessly trying to do something with .NET 4. If you look under covers, you’ll see you’re getting an error 0×80070643.

Looking at Intuit’s site, it appears that their ultimate fix for this is to recommend abandoning their product and using the online version <shrug>. Here is what I did to fix the problem.

1. Uninstall Microsoft .NET 4 using the control panel and add/remove programs
2. For good measure, you might want to disable your antivirus program, I did, but I doubt this was necessary
3. Download the .NET clean-up tool from the second part of this Microsoft kb article and clean-up .NET 4
4. Go to C:\Windows\Microsoft.NET and change the name of the folder called “assembly” to “assumbly2″ as described in this brilliant solution by irarab.
5. Reboot
6. Download the .NET 4.0 installer from here and run it, .NET 4.0 should now install successfully.
7. Try your TurboTax installation disc now

If this works for you, please leave a comment below. Also contact Intuit and tell them they owe me a commission for fixing their customers’ problem for them.

I have a number of tools to fix registry problems here for various operating systems. However, I got a Windows XP machine in today that had been screwed up so bad none of them worked. Normally, a quick run of my registry fixer does the trick but neither it, nor the one recommended on the Malwarebytes site, nor Malwarebytes solved the problem. This computer had Pareto Logic’s File Cure program on it; a program, since it has no actual value, that must be evil and I suspect contributed to this problem.

Finally, I found a more complete .EXE registry fix file that did the trick. I downloaded the one for XP and it worked like a charm.

A customer brought me a brand new Acer desktop computer and wanted me to fix a borked install of Microsoft Office 2000. When he opened the Task Manager, he saw that the machine was (seemed to be) stuck at near 100% CPU usage.

When I opened Task Manager, the first think I noticed was that the CPU usage was indeed at 100%, but that it also never changed. If I went to the processes tab, the individual processes never changed the amount of memory they used or CPU. How could Task Manager be broken?

Well, the fix was easy (as they all are once you know the trick). Somehow, the updating of task manager had been set to “Paused”. To fix the problem, I went to View–>Update Speed and changed it from “Paused” to “High”. Problem Solved.

UPDATE 21 Jan 2012:  If you are missing just BFE, the information below should be helpful. However, if you are missing BFE, Windows Firewall, Security Center and a couple of other services after a virus infection, you are going to need a more comprehensive security services fix. The second post by Farstrider (that starts “you can also try this:” works great. After getting the Norton 5013,3 error on yet another customer computer, I found this solution fixed the Norton problem without requiring me to reinstall the OS. HOWEVER, even still the Security Center service was still not starting, fixing that required me to download and run the Security Center registry entry from here (reboot afterward). Good Luck.

It looks like there is a virus now that can take out the Base Filtering Engine Service in Windows 7, and I suppose then in Vista and XP as well. I noticed this problem on a computer that I removed a virus from. Everything looked fine until I went to install Norton Antivirus and it barfed with an error message about Error “5013,3″. The instructions to fix the problem included restarting the Base Filtering Engine Service but oops, it wasn’t even there. As it turns out, the fix for this is easier than you might think.

The fix I used was to recreate the BFE service entry in the registry, which had been deleted. The registry entry that needs to be recreated is:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE

According to this Microsoft Technet article, you can just export the key from a working machine of the same OS and import it (just double click on the exported and moved .reg file) into the problem machine. I can tell you this absolutely worked like a charm for me.

WordPress won’t let me attach a copy of my Windows 7 x64 BFE entry, but if you need one, this link should work, otherwise leave a comment and I’ll try and mail it to you..

I have two Windows 7 computers in for repair right now with the same bootkit virus. Kaspersky’s TDSSKiller identifies it as Rootkit.Boot.SST.b. This is a bootkit virus that I found was impossible to remove with the host disk in the machine, it has to be mounted externally and slaved. After removing the virus however, both machines refused to boot and returned an 0x7b BSOD.

After a bit of flailing about, I found that in both cases the proper boot partition was not listed as “Active”, on at least one of them, the recovery partition was set to active, the other one I did not check. To fix the problem, I did the following:

• Set the Windows partition to Active using Diskpart from the repair console (WARNING: if you use F8 to get to the repair console, make sure you have a Windows 7 boot disc around because this procedure could leave you unable to get back to repair console using F8, instead returning “BOOTMGR Missing”. If you get to that point without a bootable Windows 7 disc or Windows 7 repair disc, you are totally screwed as far as I know)
• Run Bootrec /FixMBR and Bootrec /Fixboot
• Reboot.
• If you still have issues, reboot to the repair console and have it do a start-up repair (I had to do this twice on both machine)

OK, that’s how I fixed it. Good luck.

My customer needed his computer repaired. It was a Dell Latitude e6400 that had the following weird symptoms:

• Power button does not work – The power button would not turn the computer on or off
• Computer boots into Diagnostic mode – Every time the computer starts up, it would say “Diagnostic Boot Selected” and try to run through its diagnostics

The only way to turn the computer on and off was to unplug it.

After removing the hard drive, RAM sticks and keyboard then unplugging the CMOS battery, the computer still did the same thing. As it turned out the simplest fix worked.

Let the diagnostics start, hit escape when it’s available and tell the computer to reboot, quickly start hitting the F2 key to get into BIOS setup. Once in BIOS, click the “Load Defaults” button, Apply, exit, reboot. This fixed my problem, I hope it fixes yours.

Update 21 Jan 2012: I have noticed that this consrv.dll virus is back again this week. It also seems to have some friends, make sure you do a scan with TDSSKiller and, once you’re up and running, that your Base Filter Engine Service, Windows Firewall Service and Security Center Service are running. If they aren’t, take a look at my blog entry on fixing a missing BFE in Windows 7.

This was a Windows 7 machine that had caught a virus. The virus was removed while the drive was out of the machine but upon subsequent boot to either safe mode or normal mode, the blue screen error “STOP: C0000135 The program can’t start because %hs is missing. Try resintalling the program” would appear. No error logs and no help on The Google (the computer does not have AVG installed).

The fix for this problem requires a registry edit to remove a reference to the consrv.dll file that was a virus and was removed. Using regedit from the repair console, the following keys required editting:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\SubSystems

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Session Manager\SubSystems

Under theses keys, edit the data in the Value Name “Windows”, changing the text “consrv” to “winsrv”. This is a long string so just parse through it and make the one change, here is what a good entry looks like:

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

I have bolded the entry that previously said “consrv”.

Alas, there are apparently (many?) other reasons for this error, if this doesn’t fix yours, you may want to give up early and reinstall because there do not appear to be any other solutions out there.

I have a customer, a senior, who is reluctantly upgrading her ancient XP computer to a spanking new Dell All-in-One. She has a bunch of games, online and offline, and other programs, e.g., Netscape 7, that she absolutely must have on the new machine and no longer has the discs (floppies in some cases). I accidentally mention PCMover to her and to my dismay she asked me to try it.

Most of the reviews for this software are negative and the whole concept of moving applications like this doesn’t set well with me, especially since Microsoft doesn’t support it (there must me a reason). However, I roped myself into this so…

Anyway, I purchased PCMover Professional from their website, getting the professional version because it would transfer files from an image and I felt this would be a much faster and surer way to do the job. Reading some review about how people have had a lot of problems with network transfers and using Laplink’s special transfer cable, I think I made the right decision.

I started by trying to make an image of the source drive using Laplink’s software, as it turns out, this is not possible, if you want to use a disk image, you have to use your own to create it on the source machine and read/mount it on the receiving machine. This, I felt, would be too much hassle. Instead, after removing the hard drive from here old computer, I made an image of the source drive just in case things went terribly wrong. I then used an IDE-to-USB converter to hook the old source drive up to the new computer (on which I had already installed the PCMover software). The old/source drive appeared now in the Windows 7 system as the E: drive.

Since the Windows 7 machine was new, I refrained from installing any new software on it, especially antivirus, prior to attempting this “upgrade” (in fact I uninstalled the pre-installed version of that awful McAfee software). From the desktop icon, I started PCMover and followed the instructions, “work from image”, “identify the image/drive” and then let it find the applications which took about 10 minutes.

The PCMover documentation claims it does not try to move system or computer-specific programs like antivirus, printers or other utilities, this isn’t true. When I was presented with the list of applications to move, PCMover tried to move Microsoft Security Essentials, all the HP printer software and driver, and a number of other junky things that I felt would have messed-up the transfer, like C++ libraries and .NET updates. I also clicked on the “Show unregistered program” and found that it wanted to transfer a bunch of other HP printer junk and other flotsam, I unchecked all of these until I was down to programs that I was relatively sure were just the ones I wanted, maybe 30 or 40 of them.

In the next step, PCMover finds (hopefully) all the programs, parts of programs and user files and settings on the source drive and moves them to the new host. This process took about 35 minutes with my set-up. There was not a single hiccup and the program ended.

After that I rebooted, looked at the items that PCMover though I might want in my startups (I didn’t select any of them – they are deselect by default) and presto, the machine was transferred.

As far as I can tell, and to my amazement, almost everything works. Her background, favourites, homepage, etc. all came over and her games and even Netscape 7 work. The only thing I’ve found so far that doesn’t run is her copy of Quicken 2002. I notice that PCMover never saw that even as a program that was on the computer, it just moved its files across.

I haven’t tested everything, I’m sure there will be some glitches that my client finds, but generally I am impressed with the operation and the performance of this product. One bit of advice I would give, READ THE MANUAL. The process I followed required the 30-page PCMover Quick Start guide (really? 30-pages?!?) and the equally verbose, er I mean detailed, PCMover Image Assistant User Guide. It’s tempting to plug forward, but there are so many users who report relative disaster in attempting to use this software, my guess is you really need to stick close to the instructions.

EDIT 7 Nov 2011: Before getting into this item, let me warn you about a couple things NOT to do that I see a lot of customers trying:

• DO NOT go out and buy an antivirus program in hopes that it will get rid of your virus. Normally, trying to install an antivirus program on an already virused computer is going to be ineffective. The viruses have defenses and they are going to bork your install when they see it coming. If you really want to try this, do it with a free antivirus so you don’t waste your money (the paid ones aren’t going to install any better than the free ones). You could try Avast or even the trial version of Norton I suppose. Having said this, if you follow the instructions below, they should get you to the point where you can install an A/V
• DO NOT install a second antivirus in addition to your current one, this will make your problem worse. I get a lot of machines in here with 2 antiviruses and a flock of viruses as well. Normally, the 2 antiviruses will stop the computer from booting and many times will damage the system to the point we need to reinstall the operating system. You can try another A/V but you need to have enough control of your computer to uninstall the current one first.

This is an update to my previous post on this topic aimed at customers who want to try and remove a virus themselves.

I get many calls from customers who want me to remove viruses and repair their computer. During a large-scale outbreak we can get 3-4 a day for weeks on end. Often the callers will have done some homework and identified the name of the particular infection they have. This is often interesting, but unneeded information as my virus removal system here is not virus-specific, but rather a general process that removes all types of viruses from the system. I mention this because that is the kind of advice I will be giving below. I think this is a better strategy as computers seldom have just a single virus and so fixing just the one you have identified could easily leave you still infected with another you did not.

We use about a dozen or so tools here to clean up viruses but I am just going to recommend two or three here that I think should be sufficient to clear up most infections. To perform these steps you will need the following:

• 1 infected computer
• 1 non-infected computer
• 1 jump drive (flash drive, pen drive, whatever you call it)

On the non-infected machine, download Malwarebytes from www.malwarebytes.org

1. Install Malwarebytes on the non-infected computer
2. Copy the Malwarebytes installation file (that you just used to install MWB on the non-infected computer) to your jump drive. Leave the jump drive in the non-infected computer, noting the drive letter.
3. Run Malwarebytes on the non-infected computer and make sure that you update it to the current virus definitions
4. Go to Start/Accessories
5. For Vista or Windows 7, right-click on “Command Prompt” and select “Run as Administrator”
   1. Type “cd\programdata\Malwarebytes\Malwarebytes’ Anti-Malware” (note the ‘ and – are critical to make this command work)
6. For XP, just click on “Command Prompt”
   1. Type “cd\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes’ Anti-Malware“
7. Now type “Copy <drive:>rules.ref” where <drive> is the letter for your jump drive
8. Close the command prompt box, then pull the flash drive
9. Turn on the infected computer and start hitting the F8 key about 3-times per second until a black and white text menu appears asking you how to start Windows (if the graphic Windows logo starts to appear, you’ve done this wrong, hit the power switch or pull the plug and start again)
10. Select “Safe Mode” and hit Enter. Log into Windows in Safe Mode just as you do in normal mode
11. After the desktop appears, insert your jump drive and wait about 10 seconds, then open “My Computer” and select your jump drive (note the drive letter)
12. Copy the Malwarebytes program and rules.ref to your desktop (you should be able to drag and drop them)
13. Double-click the Malwarebytes installation program and install Malwarebytes. When it gets toward the end and asks you to update and run the program, DESELECT THESE CHOICES. Malwarebytes will close.
14. Go to Start/Accessories
15. For Vista or Windows 7, right-click on “Command Prompt” and select “Run as Administrator”
    1. Type “cd\programdata\Malwarebytes\Malwarebytes’ Anti-Malware” (note the ‘ and – are critical to make this command work)
16. For XP, just click on “Command Prompt”
    1. Type “cd\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes’ Anti-Malware“
17. Now type “Copy <drive:>rules.ref” where <drive> is the letter for your jump drive. This will overwrite the version of this file that is already in that folder
18. From the desktop, double-click Malwarebytes to run it
19. Select “Perform Quick Scan” and run the scan
20. This should take no more than 10-15 minutes, when it complete follow the prompts to see what viruses MWB has found and then remove them.
21. Reboot the computer

My expectation is that by this point, we’ve got rid of the worst of the virus. Chances are that your previous antivirus program is broken, either prior to or by the attacking virus. My preference is to now uninstall this program – if it was any good you wouldn’t have this problem.

Go to www.surfright.nl and download Hitman Pro (note there are different versions depending on whether you are running 32-bit Vista/Windows 7 or 64-bit)

1. Install and run Hitman Pro, if it finds viruses you can select to activate a 30-day trial at the end of the scan and it will clean them up.
2. Finally, AFTER UNINSTALLING YOUR PREVIOUS ANTIVIRUS, download and install a decent one. At the time of this writing the following would be in this category:

• Avast
• Norton Antivirus 2011
• G-Data

Here are some programs I WOULD NOT recommend:

• McAfee
• CA
• Trend
• Stopzilla
• Anything by Iolo

Install the new Antivirus and run it, clean-up any additional viruses it finds. Add a comment to this message or send me an email and let me know how it went.

Note that this procedure will clear up many (not all) infections. It will not fix problems left behind by the virus such as missing programs and files or broken internet and Windows Updates. However, it should get you to a point where you can use your computer again and start fixing those problems.

One day soon, all of the computer running Windows Vista will finally be disposed of by their frustrated owners, until that time though we’ll need to keep sorting through ways to solve its ridiculous problems. I encountered one such problem today with a customer’s HP desktop computer.

This computer actually was in for a change of capacitors as about 10 popped caps had…well, incapacitated it. When it rebooted after the fix, I noticed that it couldn’t properly find it’s hard drives, CD ROM or the new mouse and keyboard that were attached to the USB ports. Neither could it “load the drivers” for any USB flash drive I put in it. In each case, even when I told it to look in the C:\Windows\System32 folder and it’s subdirectories, it would come back and say that it could find the drivers but (mysteriously) could not install them. No further help on this error was provided either on screen or in the event logs.

I suspect that this problem is the result of a permissions problem in the Windows\inf folder. If that’s correct, there is probably a more elegant fix that the one below, but this one completely worked for me. It comes from Alan via http://answers.microsoft.com/en-us/windows/forum/windows_vista-hardware/new-usb-devices-will-not-install-on-windows-vista/d5b5000f-e2e2-4531-938b-bc013b8faac6. His instructions are:

1) I created a directory on the trouble machine called INFB under c:\Windows

2) Copied another Vista SP2 machines entire C:\WINDOWS\INF contents into the INFB folder. (My new devices worked on this machine)
3) Rebooted into Safe Mode and went to directory
4) renamed the INF directory to INF.old
5) renamed the INFB directory to INF
6) Reboot
7) Plug and play USB returns!

The above can also be done, as I did, by booting the machine using an Ubuntu live CD (or your other favourite Linux flavour) and making the changes all at once.

If you don’t have a second working Vista installation to work from, you could try copying, then recreating the inf folder and repopulating it, perhaps that would work as well.