The case of the booting crashing rebooting Windows XP PC


Here is how I repaired and cleaned up a PC that was not functional.  It was stuck in a loop: crashing after the boot up Windows XP Home splash screen.   I tested the hard drive then used Malwarebytes (4) and Microsoft Security Essentials (5) to remove malware, re-activated Windows with Microsoft,  fixed the .exe file associations and fixed the failing Microsoft Updates.

The Process

This PC was booting up to the Windows XP Home splash screen then crashing to the POST screen in a loop.  The owner reported that the previous night the PC made an “electric noise” and the icons disappeared from the desktop.

I first suspected a hard disk problem and copied all the data from the hard disk with an Ubuntu CD and external USB disk.  Next I ran SpinRite (14 hours, no errors reported, 300GB disk) (7) but this did not fix the problem.

Memory test passed.  Restoring last known good config didn’t fix it.  Repair console crashed.  Setup Repair succeeded.  Now the PC booted to to the select user screen and after selecting a user presented a window “Windows Product Activation.  X  This copy of windows must be activated with Microsoft before you can log on.  Do you want to activate Windows now?”  Neither Yes or No worked.   Sometimes after a period of time the desktop would appear with no icons.  Booting in Safe Mode brought up the desktop with no icons.  Booting in Safe Mode with Networking brought up the activate message box.  There were no System Restore points to revert to.  In Safe Mode I was able to run a keyfinder to confirm the OEM Product Key.  Hardware Manager reported that the NVIDIA Network Bus Enumerator was not functioning which could explain Activation and Malwarebytes update failing.

I put the hard disk in a lab PC and ran Malwarebytes and Microsoft Security Essentials until they reported no malware.  Numerous malware were found (6).

Replacing the hard disk in the problem PC, it normal  booted, but the “windows must be activated” pop up was still blocking log on.  An Internet search found a suggested solution – in Safe Mode type this command to rearm activation (1)

rundll32.exe syssetup,SetupOobBnk

Now the PC booted normally, logged on normally, the user icons were present but the PC had 3 issues- it was requesting activation in 30 days, both My Computer properties and Control Panel Add Remove Programs were failing with the error message “missing rundll32.exe file,” and Microsoft Security Essentials would not successfully update.

Activating Windows failed saying it wasn’t a valid Product Key (which it was a valid OEM Product Key) so I contacted Microsoft product activation telephone support and 3 support people later I had a new Product Key which they were able to activate (36 minute phone call).

The rundll32.exe error, after an Internet search, was likely due to a broken .exe file association and a fix was offered via a .reg file (2).  I downloaded it, ran it and it worked.

Now the PC was working as before, with clean Malwarebytes and Microsoft Security Essentials (MSSE) scans,  but with one issue – Microsoft Security Essentials would not update, giving an Update Error 0x80248014.  No other Anti virus product scanners were installed.  Uninstalling/reinstalling MSSE didn’t help.

Again, an Internet search found a solution – delete the SoftwareDistribution folder (3).  This technique may solve various update problems and restore some disk space, but you will lose your update history.  The steps –

delete the windows SoftwareDistribution folder

1.  Stop the update service (XP:  Automatic Updates, 7:  Windows Update)

2.  Delete the SoftwareDistribution folder in %windir% (C:\windows\SoftwareDistribution)

3.  Start the update service or reboot

Now MSSE updates.

The PC is now cleaned, repaired and functional.  The NIC fixed itself along the way.


Although the client reported an “electric noise” before the PC was not usable, I couldn’t find any physical problems with the PC – the hard disk passes the SpinRite test (7), a physical inspection of the hardware and capacitors do not reveal any issues and all the hardware is functioning OK now.

My theory: most likely the PC was infected with various malware which caused the crashing, loss of Windows activation, loss of NIC drivers and the missing desktop icons.

Using the tools Malwarebytes and MSSE removed the malware known to their tools.  The issues of activation, file association and updates were fixed by a call to Microsoft, .reg file fix and deleting corrupt(?) SoftwareDistribution files, respectively.

Note that the only way to be sure the PC is “clean” and free of malware is to start over – format the disk, reinstall Windows and restore the data.




3. and

4.  My favorite malware removal tool is MalwareBytes

5.  Microsoft Security Essentials

6.  Malware found by Malwarebytes:

  • Spyware.zbot
  • Trojan.FakeAlert
  • Rogue.SystemTool
  • Trojan.Dropper
  • Trojan.Vundo

7.  SpinRite is a good tool for hard disk recovery and maintenance Note SpinRite is not a substitute for backup.

Leave a Reply

Your email address will not be published. Required fields are marked *