Reset "Windows failed to start..."

  • Thread starter Thread starter Ron Hinds
  • Start date Start date
R

Ron Hinds

Is there a way to reset the "Windows failed to start..." message via the
Recovery console? The machine is a HP - it has a partition that has the
Rescue and Recovery files on it. the problem started with the message "the
file \Windows\System32\Config\SYSTEM is corrupt. Rerun setup and choose
Repair". Of course I didn't have a CD - they typically aren't availabe with
HPs due to the aforementioned Recovery partition. I obtained another XP SP2
CD, but it never gave me the option to repair - instead, it said another
version of Windows was already on the system. But now instead of first
prompting me to hit F11 to start the Recovery and Repair process, it gives
the "Windows failed to start..." message and, of course, will not boot in
any mode due to the SYSTEM file error. All I can do now is get to the
Recovery console.
 
I have a hard time following why you mentioned the recovery partition... Are
you attemting to state that the computer attempts to boot from the recovery
partition and you get the errors?

What happened to get you into this state in the first place?
Are you attempting to do a PC recovery?

???

--
Randem Systems
Your Installation Specialist
The Top Inno Setup Script Generator
http://www.randem.com/innoscript.html
Disk Read Error Press Ctl+Alt+Del to Restart
http://www.randem.com/discus/messages/9402/9406.html?1236319938
 
John said:
How to recover from a corrupted registry that prevents Windows XP from
starting
http://support.microsoft.com/kb/307545

John
Click to expand...

John... I have a Toshiba Qosmi F25 AV205 laptop which now gives me a:

STOP: c000021a {Fatal System Error}

Toshiba's Windows Media Center 2002 recovery disk does not allow getting
into a recovery console... only a system wipe, with restoring the
original system set up... I've done this four times in the last two and
a half weeks...


--
"Blessed is the person who has earned the love of an old dog."
- Sydney Jeanne Seward

* TagZilla 0.066-bw2
* http://tagzilla.mozdev.org... any work arounds?
 
Randem said:
I have a hard time following why you mentioned the recovery partition...
Are you attemting to state that the computer attempts to boot from the
recovery partition and you get the errors?
Click to expand...

No. It is the main partition that gives me the errors.
What happened to get you into this state in the first place?
Click to expand...

The initial error was the file \Windows\System32\Config\SYSTEM is corrupt.
Rerun setup and choose Repair.
Are you attempting to do a PC recovery?
Click to expand...

Yes I am. When a HP system is functioning normally, when it first boots it
asks you to press F11 for Rescue and Recovery, which starts the Recovery
setup from the second partition. If you don't press F11 within 3 seconds,
Windows continues with the normal boot process. However, since Windows
failed to start (I had to hard boot for some reason which escapes me now),
instead of getting the F11 message, I get the "Windows failed to start last
time..." message. I'm looking for instructions on how to "reset" Windows so
that it thinks it started normally last time so that the F11 message will
appear again and I can continue with the Resuce and Recovery, which
basically wipes the system partition and reinstalls everything with the
factory settings.

I can access the R & R partition from the XP recovery console. Is it
possible to then execute the setup program from there? That would work just
as well for me!
 
What you need to do is to boot from a utility CD then set the recovery
partition to active then restart the computer. This will boot from the
recovery partition and you will then be able to do the PC Recovery.

You can use a boot CD like the Linux System Rescue CD or any partitioning
software which allows you to boot from the CD to change partition
information.

--
Randem Systems
Your Installation Specialist
The Top Inno Setup Script Generator
http://www.randem.com/innoscript.html
Disk Read Error Press Ctl+Alt+Del to Restart
http://www.randem.com/discus/messages/9402/9406.html?1236319938
 
Great suggestion! Thanks!

Randem said:
What you need to do is to boot from a utility CD then set the recovery
partition to active then restart the computer. This will boot from the
recovery partition and you will then be able to do the PC Recovery.

You can use a boot CD like the Linux System Rescue CD or any partitioning
software which allows you to boot from the CD to change partition
information.

--
Randem Systems
Your Installation Specialist
The Top Inno Setup Script Generator
http://www.randem.com/innoscript.html
Disk Read Error Press Ctl+Alt+Del to Restart
http://www.randem.com/discus/messages/9402/9406.html?1236319938
Click to expand...
 
sean said:
John... I have a Toshiba Qosmi F25 AV205 laptop which now gives me a:

STOP: c000021a {Fatal System Error}
Click to expand...

When are you getting this error? At bootup? While you are using the
booted up computer? This could be caused by one of your user
applications, see if the information here can help:

http://support.microsoft.com/default.aspx?scid=kb;en-us;156669
http://technet.microsoft.com/en-us/library/cc939022.aspx

John
Toshiba's Windows Media Center 2002 recovery disk does not allow getting
into a recovery console... only a system wipe, with restoring the
original system set up... I've done this four times in the last two and
a half weeks...
Click to expand...

Does this start happening right after the restore, before you istall
your applications or update the machine?

John
 
John said:
When are you getting this error? At bootup? While you are using the
booted up computer? This could be caused by one of your user
applications, see if the information here can help:

http://support.microsoft.com/default.aspx?scid=kb;en-us;156669
http://technet.microsoft.com/en-us/library/cc939022.aspx

John


Does this start happening right after the restore, before you istall
your applications or update the machine?

John
Click to expand...

i had some trojan or virus or worm that kept writing multiple copies of
csrss.exe, lsass.exe, winlogon.exe so i deleted or renamed all the ones
that weren't supposed to be there... for the 4th time in two weeks...

i get this error if i reboot... can't get into windows...

so i reboot... press F8... and have tried each option... Safe mode, Safe
Mode with Networking... Safe Mode with Command Prompt... Last Known Good
Configuration... and all other options offered by Toshiba...

nothing gets me past that STOP: c000021a {Fatal System Error}

i burned a copy of System Rescue CD... but CD drive won't boot it... I
can get into the Toshiba System Recovery... but it wants to restore the
original system wiping off all of my data... for the 4th time in two
weeks... it offers no "repair option"...

neither my avg rescue cd nor the avira-antivir rescue cd boots up... i
stuck my windows 98se disk in... no boot up... just the same STOP: error...

i know my work is gone... but i really hope there's a work around that
takes me back to my otherwise finely tuned copy of WinMCE...

it just feels like i'm missing something...
 
sean said:
i had some trojan or virus or worm that kept writing multiple copies of
csrss.exe, lsass.exe, winlogon.exe so i deleted or renamed all the ones
that weren't supposed to be there... for the 4th time in two weeks...
Click to expand...

The security subsystem on your box is completely compromised, there are
6 critical Windows services and you have 3 of them that are borked! You
might get to fix this with a repair install but in my opinion you should
flatten the box and rebuild it from scratch, you won't be able to fix
the Security Subsystem when it is compromised.

If you are constantly being infected then you should take a close look
at your Anti-Virus and Anti-Spyware solutions, they aren't doing their
job very well! Or give a second thought to your surfing habits and
email practices, if you play with things like Limewire and if you open
your file and printer services to every Tom, Dick and Harry out there
you will be forever plagued with malware pests!

Flatten the box, format your hard drive and reinstall Windows cleanly.
Make sure that you disconnect the computer from the internet when you do
the reinstallation, pull the cable from the box before you begin, only
reconnect the cable once Windows is properly installed and secured.
Make sure that you have *at* *least* SP2 installed on the machine and
make sure that the firewall is started before you even plug the internet
cable to the computer! If need be download the Service Pack and burn it
to CD and install it before you plug to the internet.

John
 
John said:
The security subsystem on your box is completely compromised, there are
6 critical Windows services and you have 3 of them that are borked! You
might get to fix this with a repair install but in my opinion you should
flatten the box and rebuild it from scratch, you won't be able to fix
the Security Subsystem when it is compromised.

If you are constantly being infected then you should take a close look
at your Anti-Virus and Anti-Spyware solutions, they aren't doing their
job very well! Or give a second thought to your surfing habits and
email practices, if you play with things like Limewire and if you open
your file and printer services to every Tom, Dick and Harry out there
you will be forever plagued with malware pests!

Flatten the box, format your hard drive and reinstall Windows cleanly.
Make sure that you disconnect the computer from the internet when you do
the reinstallation, pull the cable from the box before you begin, only
reconnect the cable once Windows is properly installed and secured. Make
sure that you have *at* *least* SP2 installed on the machine and make
sure that the firewall is started before you even plug the internet
cable to the computer! If need be download the Service Pack and burn it
to CD and install it before you plug to the internet.

John
Click to expand...

i am behind a netgear router... my laptops' Win MCE had been updated to
XP service pack three... before it travelled thru an airport and worked
in a hotel wifi three weeks ago... for us, its a basic e'mail and surf
the web computer...

my main computer in the home network shows no infection... i don't play
with limewire or download music... Avira-Anti Vir helped us get rid of
the Antivirus 2009 malware last fall when Spybot, MalwareBytes and AVG
thought it was part of the security suite... so all of those are now
gone... but Avira obviously isn't working either...

Does Service Pack three introduce more copies of csrss.exe into the
system? or put it in the task manager? its my understanding its not
supposed to appear there... nor winlogon.exe... ?

at this point i'm considering replacing the hard drive... but don't
know if i should even attempt to retrieve files off the old one... i'd
thought about putting compromised one in an enclosure and using my copy
of "recover my files" on it... but don't want to retrieve the malware
which keeps reappearing somehow...

thanks for letting me sound off...

Sean

--
Few skills are so well rewarded as lawyers' ability to convince
parasites that they are victims
~ Thomas Sowell

* TagZilla 0.066-bw2
* http://tagzilla.mozdev.org
 
sean said:
i am behind a netgear router... my laptops' Win MCE had been updated to
XP service pack three... before it travelled thru an airport and worked
in a hotel wifi three weeks ago... for us, its a basic e'mail and surf
the web computer...
Click to expand...

It should have be fine behind the Netgear router, perhaps you caught
something when you traveled with it. Of course being behind a firewall
means that uninvited guest can't come in but it doesn't mean that you
can't download pests or get them in your email, the router doesn't stop
user initiated actions. You seem to be a cautious user so it might just
be bad luck that got you infected.

my main computer in the home network shows no infection... i don't play
with limewire or download music... Avira-Anti Vir helped us get rid of
the Antivirus 2009 malware last fall when Spybot, MalwareBytes and AVG
thought it was part of the security suite... so all of those are now
gone... but Avira obviously isn't working either...

Does Service Pack three introduce more copies of csrss.exe into the
system? or put it in the task manager? its my understanding its not
supposed to appear there... nor winlogon.exe... ?
Click to expand...

More copies? Meaning that you have (or had) more than one of these
showing in the Task Manager? If you have multiple instances of these
services running then you almost certainly have malware at play on your
machine.

There are six critical NT system services, Windows XP needs these
services to start and run porperly. Trying to kill these critical
services will end the Windows session:

- Csrss.exe (Client/Server Runtime Server Subsystem)
- Lsass.exe (Local Security Authority Subsystem Service)
- Smss.exe (Session Manager Subsystem)
- Winlogon.exe (Windows logon process)
- services.exe (Windows Service Controller)
- RpcSs (Remote Procedure Call Server Service)*

* Runs inside one of the SVChost.exe. RpcSs is not critical in its own
right but hardly anything runs without it.

These are the 6 critical NT processes, without these 6 items things
don't work too well! Along with that the Task Manager would show:

- System (the kernel or kernel-mode threads)
- System Idle Process (Not a process or service but a single thread that
runs on each processor, its sole task is to account for processor idle
time or time spent doing nothing.)

There you have it, the minimum 8 items that will or should always show
in the Task Manager, add the Task Manager itself to the list and it will
give you 9 processes.

at this point i'm considering replacing the hard drive... but don't
know if i should even attempt to retrieve files off the old one... i'd
thought about putting compromised one in an enclosure and using my copy
of "recover my files" on it... but don't want to retrieve the malware
which keeps reappearing somehow...
Click to expand...

If you think that the drive is faulty then go to the manufacturers web
site and download the diagnostic utility for the drive and run it.
These utilities run in DOS, you download the utility and make a DOS boot
CD (or floppy) and use it to boot the computer and test the drive. If
the diagnostic utility tells you that the drive is OK then there is
probably no need to replace the drive, you will be spending money for
nothing. The disk diagnostic utility will probably have a zero write
function, this will wipe your drive clean of any virus which may be on
the drive, after you zero write it I assure you there will be nothing
left on the drive!

You should be able to put the drive in a USB enclosure and retrieve your
personal files before you wipe it clean.

thanks for letting me sound off...
Click to expand...

You're welcome.

John
 
John said:
It should have be fine behind the Netgear router, perhaps you caught
something when you traveled with it. Of course being behind a firewall
means that uninvited guest can't come in but it doesn't mean that you
can't download pests or get them in your email, the router doesn't stop
user initiated actions. You seem to be a cautious user so it might just
be bad luck that got you infected.



More copies? Meaning that you have (or had) more than one of these
showing in the Task Manager? If you have multiple instances of these
services running then you almost certainly have malware at play on your
machine.

There are six critical NT system services, Windows XP needs these
services to start and run porperly. Trying to kill these critical
services will end the Windows session:

- Csrss.exe (Client/Server Runtime Server Subsystem)
- Lsass.exe (Local Security Authority Subsystem Service)
- Smss.exe (Session Manager Subsystem)
- Winlogon.exe (Windows logon process)
Click to expand...

not more than one copy in task manager... but more than one copy on
machine in system32 subfolder... and elsewhere which some webpages told
me was suspicious... after googling, i also read several places that
these 4 services should not appear in task manager at all... obviously
not reputable... don't recollect which place now...



as in http://www.auditmypc.com/process/csrss.asp

http://www.neuber.com/taskmanager/process/csrss.exe.html

while this one led me to rename all copies found elsewhere...

http://www.computerhope.com/issues/ch000916.htm

once all other copies were renamed... i rebooted... and have had the
STOP: error ever since
 
John said:
The security subsystem on your box is completely compromised, there are
6 critical Windows services and you have 3 of them that are borked! You
might get to fix this with a repair install but in my opinion you should
flatten the box and rebuild it from scratch, you won't be able to fix
the Security Subsystem when it is compromised.

If you are constantly being infected then you should take a close look
at your Anti-Virus and Anti-Spyware solutions, they aren't doing their
job very well! Or give a second thought to your surfing habits and
email practices, if you play with things like Limewire and if you open
your file and printer services to every Tom, Dick and Harry out there
you will be forever plagued with malware pests!

Flatten the box, format your hard drive and reinstall Windows cleanly.
Make sure that you disconnect the computer from the internet when you do
the reinstallation, pull the cable from the box before you begin, only
reconnect the cable once Windows is properly installed and secured. Make
sure that you have *at* *least* SP2 installed on the machine and make
sure that the firewall is started before you even plug the internet
cable to the computer! If need be download the Service Pack and burn it
to CD and install it before you plug to the internet.

John
Click to expand...

i managed to get ubuntu to boot so that i can attempt to retrieve files...

would i be able to repair csrss.exe?

sean
 
sean said:
i managed to get ubuntu to boot so that i can attempt to retrieve files...

would i be able to repair csrss.exe?
Click to expand...

You could try putting a new copy of it in the WINDOWS\System32 folder.
I'm not sure when the file was last revised but you should use a copy
that is the same version as the one that was deleted, try using a copy
from your \WINDOWS\ServicePackFiles\i386 folder, (if you haven't deleted
it...)

John
 
John said:
You could try putting a new copy of it in the WINDOWS\System32 folder.
I'm not sure when the file was last revised but you should use a copy
that is the same version as the one that was deleted, try using a copy
from your \WINDOWS\ServicePackFiles\i386 folder, (if you haven't deleted
it...)

John
Click to expand...

attempting as i type...

--
Heller's Law:
The first myth of management is that it exists.

Johnson's Corollary:
Nobody really knows what is going on anywhere within the
organization.

* TagZilla 0.066-bw2
* http://tagzilla.mozdev.org
 
John said:
You could try putting a new copy of it in the WINDOWS\System32 folder.
I'm not sure when the file was last revised but you should use a copy
that is the same version as the one that was deleted, try using a copy
from your \WINDOWS\ServicePackFiles\i386 folder, (if you haven't deleted
it...)

John
Click to expand...


nope no csrss to be found there... any in cab files?

--
You step in the stream,
But the water has moved on.
This page is not here.

* TagZilla 0.066-bw2
* http://tagzilla.mozdev.org
 
John said:
You could try putting a new copy of it in the WINDOWS\System32 folder.
I'm not sure when the file was last revised but you should use a copy
that is the same version as the one that was deleted, try using a copy
from your \WINDOWS\ServicePackFiles\i386 folder, (if you haven't deleted
it...)

John
Click to expand...

i managed to find the copy that i had renamed and moved... named it
back... inserted back into original folder... and voila... i'm back
online...

making backups as soon as my updated avira-antivir makes a very deep
system scan

sean bean
 
John said:
You can extract it from the XP setup cd or copy it from another
installation.

John
Click to expand...

i'm online and actually typing from the laptop in question.... thanks so
much for sticking with me...

may i ask while we're on this subject... and all of this is way to fresh
in my mind... Is there a reputable place to check which services "should
be running" in task manager...

while i know it depends which sort of programs are installed on my
toshiba laptop... there is so much conflicting information out there...

again, thanks for leading me down a happy trail...

sean
 
Back
Top