Solved Owner's profile hosed, all roads to repair blocked

6ofTentacles

New Member
Messages
9
Hi, all!

I have had my boss's daughter's laptop at my house all weekend, hoping to solve a bizarre problem I have never seen before for them. Windows 8.0 (I think, I'll get to that later!), HP Pavilion g7 notebook (64 bit, AMD.)

The main symptom is that when the daughter logs in her desktop comes all the way up, wallpaper and tiles and all, and then a second or two later POOF it's gone. Then it reappears, doing the fade-in number as if she had just logged in. Then POOF, gone. Rinse, repeat, as many times as you care to wait for. BUT her husband's login is fine (or so they tell me.) They are both admins.

Difficulty: No desktop for me to work from. Dad only brought me her password, not husband's also. Whole family is gone on vacation, two weeks.

Difficulty 2: first time I have ever touched Win 8.<anything>. My own main machine is Win 7/Mint Linux. Also have what you might call vast experience with XP due to having been an IT guy the last 15 years at a hospital that was basically wall to wall XP (and Dell) on the client side. I have an MSCE cert but it's in XP and Server 2003, and that's increasingly not relevant to anything. And no Win 8 until now.


My first thought was that Windows was probably barfing on something that's loaded at login for her profile but not his. So, safe mode! See if her login is stable with only the minimum loaded. And (since hers is an admin login) also run chkdsk, sfc /scannow, all the usual, with elevated privileges. OK..... MICROSOFT, Where-T-F HAVE YOU PUT SAFE MODE?

Well, I know where it is now but still haven't gotten there. I've found two working ways to an elevated command prompt and made it as far as \windows\system32\ and tried bcdedit. HP's recommended command there is BCDEDIT /SET {DEFAULT} BOOTMENUPOLICY LEGACY and reboot. All that gets me is

"The requested system device cannot be found."

I've also read the eightforums tutorials on bcdedit, every one I can find. While I was in ~\system32\ I wrote down that long identfier string but I haven't dared to try any commands that use it, because of

Difficulty 3: I can't back the system up before I take any chances with it, and I'm very nervous working without that safety net. No access to a working desktop, so I can't use Windows' own backup or make recovery media. (Owners did not make any recovery media, naturally.) I found and downloaded Wolfgang's WinPE Macrium Reflect 5.2 boot CD (large hat tip!) and thrashed around in the BIOS some until I got the system to boot from the CD drive. That's very familiar to me because I've used an earlier Macrium boot CD many times to image my Win7 box. Everything looks right except... It doesn't recognize either of my USB external hard drives so I've got nowhere to put the image. Also tried UBCD4WIN, which I have used hundreds of times to image XP systems. It bluescreens during bootup.

What will recognize my external drives is a Clonezilla Live CD, freshly downloaded, the Ubuntu-based one for AMD64 systems using UEFI boot mode. I thought that was a breakthrough, but it tells me two of the five partitions are marked dirty and won't image them until that's fixed. I have run the Automatic System Repair four times now. Twice it has reached the point where it checks the disk, and then it went on ahead to the login prompt. The other two times it reported "Windows cannot repair your PC." In all cases Clonezilla still says those two partitions are marked dirty and it won't proceed.


Suggestions? Please! If you were me what would you try next? (I've already thought of "Go out for a 12-pack". And I may!)

Thanks very much!
 

My Computer

System One

  • OS
    many, Apple II DOS through Mint Linux
    Computer type
    PC/Desktop
    System Manufacturer/Model
    many, all homebuilt
    CPU
    Athlon 64 FX
    Motherboard
    asus m2n-mx se
    Memory
    4GB
    Graphics Card(s)
    GeForce6
    Browser
    firefox
    Antivirus
    MS security essentials
Sounds to me that her machine is infected.
 

My Computer

System One

  • OS
    Linux Mint 17.2
    Computer type
    Laptop
    System Manufacturer/Model
    Toshiba Satellite C850D-st3nx1
    CPU
    AMD E1-1200 APU with Radeon (tm) HD Graphics 1.40 GHZ
    Memory
    12GB
    Graphics Card(s)
    AMD Radeon™ HD 7310 Graphics
    Sound Card
    Realtek HD
    Monitor(s) Displays
    LCD
    Screen Resolution
    1366 x 768
    Hard Drives
    Crucial M500 240GB SSD
    Mouse
    Logitech M525
    Internet Speed
    45/6 - ATT U-Verse
    Browser
    Google Chrome
    Antivirus
    None needed. It is Linux.
    Other Info
    Arris NVG589 Gateway; Router - Cisco RV320; Switch - Netgear GS108 8-Port Switch & Trendnet TEG-S50g 5-Port Switch; Access Points - Engenius ECB350, Trendnet TEW-638APB; NAS - Lenovo ix2-4; Printer - Brother HL-2280DW; Air Print Server - Lantronix XPrintServer

    A/V UPS - Tripp-Lite Smart 1500LCD 1500 Va/900 W.
Hope not but we'll see. I did find a long, wiggly route through the boot menus to safe mode and logged on as boss's daughter. In safe mode her login is fine. I'm running chkdsk now. maybe that will get the drives marked clean and make clonezilla happy and I'll get my safety image. But then now that I'm on I can do a Windows system image and make recovery media and all. If all that goes OK I'll download Malwarebytes and do a scan.

Honestly, Microsoft. If there's one thing I wish you would learn it's not to move all the standard tools around and put them in different places. Every new version of Windows (or Office) is like getting a new car and discovering (after MUCH research) that the spare tire in now stored in the radio.
 

My Computer

System One

  • OS
    many, Apple II DOS through Mint Linux
    Computer type
    PC/Desktop
    System Manufacturer/Model
    many, all homebuilt
    CPU
    Athlon 64 FX
    Motherboard
    asus m2n-mx se
    Memory
    4GB
    Graphics Card(s)
    GeForce6
    Browser
    firefox
    Antivirus
    MS security essentials
How do you know that it is not. Have you gone through the steps that are spelled out at READ & RUN ME FIRST Malware Removal Guide (incl. spyware, virus, trojan, hijacker) - MajorGeeks Support Forums to make sure? As for Windows along with Office looking new and fresh for each new version. That is how Microsoft makes their money.

Right now everything is using the same kernel for 7 & 8. Same with Office 2010 & 2013. Only difference is the cover/gui, along with some other items that were added from Open Source products.
 

My Computer

System One

  • OS
    Linux Mint 17.2
    Computer type
    Laptop
    System Manufacturer/Model
    Toshiba Satellite C850D-st3nx1
    CPU
    AMD E1-1200 APU with Radeon (tm) HD Graphics 1.40 GHZ
    Memory
    12GB
    Graphics Card(s)
    AMD Radeon™ HD 7310 Graphics
    Sound Card
    Realtek HD
    Monitor(s) Displays
    LCD
    Screen Resolution
    1366 x 768
    Hard Drives
    Crucial M500 240GB SSD
    Mouse
    Logitech M525
    Internet Speed
    45/6 - ATT U-Verse
    Browser
    Google Chrome
    Antivirus
    None needed. It is Linux.
    Other Info
    Arris NVG589 Gateway; Router - Cisco RV320; Switch - Netgear GS108 8-Port Switch & Trendnet TEG-S50g 5-Port Switch; Access Points - Engenius ECB350, Trendnet TEW-638APB; NAS - Lenovo ix2-4; Printer - Brother HL-2280DW; Air Print Server - Lantronix XPrintServer

    A/V UPS - Tripp-Lite Smart 1500LCD 1500 Va/900 W.
Didn't say I knew, just that I hoped. I'll install and run Malwarebytes at some point and maybe do a couple of the online scanners. First priority, though, is to get a system image backup in the exact state the owners gave it to me, malware (if any) and all. Which is proving problematic. As I mentioned above, the Macrium Reflect CD doesn't recognize either of my external USB drives. The clonezilla live CD sees them but won't back up partitions with the dirty bit set. Chkdsk ran all night and C: is clean now but the little fat32 EFI partition is also marked dirty and it has no drive letter so there's no way to run chkdsk on it. If it were my own machine I'd just use a track/sector/byte/bit editor and change that 01 to 00 on the disk directly, but it isn't mine. And I just discovered Windows won't let me make a system backup in safe mode. Maybe I can do it in powershell, that's the next thing I'm going to try.
 

My Computer

System One

  • OS
    many, Apple II DOS through Mint Linux
    Computer type
    PC/Desktop
    System Manufacturer/Model
    many, all homebuilt
    CPU
    Athlon 64 FX
    Motherboard
    asus m2n-mx se
    Memory
    4GB
    Graphics Card(s)
    GeForce6
    Browser
    firefox
    Antivirus
    MS security essentials
You might try wxHexEditor in a recent Parted Magic distribution. I used it a couple of weeks ago to image a 20 y/o drive for use in an emulator for an obscure OS. It just copied the raw data and didn't make any attempt to interpret it.
 

My Computer

System One

  • OS
    Windows 8.1 Pro with Media Center
he Macrium Reflect CD doesn't recognize either of my external USB drives.

If i assumed correctly, your "Macrium" might be based on "WinPE 3.1" ( Windows 7 PE ) which won't support "USB 3.0" out of the box. You can create your own Macrium PE with either "WinPE 4.0" or "WinPE 5.0" as the base ( both supports USB 3 out of the box ).

Macrium Reflect FREE Edition - Information and download

Create a Windows PE Rescue Environment

Make sure to select the "PE Architecture" as "x64" which is required for UEFI-Secureboot.

You can also open a command prompt from the PE which can be used to run CHKDSK.

pedos.png


To run CHKDSK on the "EFI System Partition" from "Macrium PE 4.0/5.0 x64" , first mount it and assign a drive letter. To do that simply enter the below command.

Mountvol S: /s

This will mount the ESP and assign letter "S" to it. Now simply run CHKDSK.
 

My Computer

System One

  • OS
    Windows 7
crawfish and Anshad Edavana, I'll reply at length when I've figured out why the message editor is chopping out all my line and paragraph breaks and trying to post one great big ugly lump of text. It didn't do that to my first post (which was also prepared in a separate editor window and pasted in.) Apologies.
 

My Computer

System One

  • OS
    many, Apple II DOS through Mint Linux
    Computer type
    PC/Desktop
    System Manufacturer/Model
    many, all homebuilt
    CPU
    Athlon 64 FX
    Motherboard
    asus m2n-mx se
    Memory
    4GB
    Graphics Card(s)
    GeForce6
    Browser
    firefox
    Antivirus
    MS security essentials
Ha, found it. It was because I had javascript blocked.

> If i assumed correctly, your "Macrium" might be based on "WinPE 3.1" ( Windows 7 PE ) which won't
> support "USB 3.0" out of the box.

It's the one built and maintained by eightforums senior member whs. Can't say which version of WinPE it's built with. (Note, I am NOT complaining about this disk or looking this particular gift horse in the mouth. It didn't work for me this time but I'm very glad it's there and I'll certainly have a use for it another day.)

> Mountvol S: /s
>
> This will mount the ESP and assign letter "S" to it.

Now THAT'S my idea of a power user! Hats off to your knowlegeability, Anshad Edavana. For anyone else who's interested, it works fine. Afterward the note "The EFI System Partition is mounted at S:\" appears in the output of "mountvol" with no parameters or switches. S: is also now visible in explorer as a local drive. (Interestingly, the EFI System Partition is still shown in diskmgmt without a letter, even after refresh and rescan.) The instant I assigned the letter to the partition Windows gave me a purple "There is a problem with the drive, scan it now" popup.

> Now simply run CHKDSK.

chkdsk ran fine and reported no problems. (But that contradicts the purple popup.)


chkdsk /f was too scary to run. Windows sez

> Chkdsk cannot run because the volume is in use by another process.
> Chkdsk may run if this volume is dismounted. ALL OPENED HANDLES TO
> THIS VOLUME WOULD THEN BE INVALID. Would you like to force a dismount
> on this volume? (y/n)

Force a dismount of the EFI System Partition? Pretty sure we don't want to do that. Then it goes on

> Chkdsk cannot run because the volume is in use by another process.
> Would you like to schedule this volume to be checked the next time
> the system restarts? (y/n)

I said y to that, of course, and rebooted. But chkdsk did not run and the mapping of the partition to the drive letter didn't survive reboot. Checking the mountvol page on technet I see there's an /e switch ("Re-enables automatic mounting of new basic volumes") which I guess is what preserves it across reboots. I'll try it that way later on.

Thanks for your help!

Thanks to you also, crawfish, for pointing out wxHexEditor. I'll remember it.
 

My Computer

System One

  • OS
    many, Apple II DOS through Mint Linux
    Computer type
    PC/Desktop
    System Manufacturer/Model
    many, all homebuilt
    CPU
    Athlon 64 FX
    Motherboard
    asus m2n-mx se
    Memory
    4GB
    Graphics Card(s)
    GeForce6
    Browser
    firefox
    Antivirus
    MS security essentials

My Computer

System One

  • OS
    Windows 8.1 Pro WMC
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Home built
    CPU
    Q9650 @ 4.05 GHz
    Motherboard
    Gforce 780i SLI FTW
    Memory
    8GB Gskill DDR2 1200Mhz
    Graphics Card(s)
    GTX-480
    Sound Card
    Asus D2 Xonar
    Monitor(s) Displays
    HannsG
    Screen Resolution
    1680x1050
    Hard Drives
    Gskill 120GB SSD
    PSU
    Thermal Take 1000watts
    Case
    Thermal Take Xtreme
    Cooling
    9 fans air cooled
    Keyboard
    G15 logitech
    Mouse
    G9 logitech
    Internet Speed
    50mbps
Can't say which version of WinPE it's built with.

If it is based on "WinPE 4", you will see the new blue color ugly logo of Windows when the PE is loading. If it is based on "WinPE 3.1" ,you will see either "Win 7" logo or "Vista" loading bar.

Besides that, "WinPE 4 x64" is "SecureBoot" compatible so it will boot fine without enabling legacy/CSM mode in BIOS.

Checking the mountvol page on technet I see there's an /e switch ("Re-enables automatic mounting of new basic volumes") which I guess is what preserves it across reboots. I'll try it that way later on.

I never used the "e" switch before so i am too waiting for the result. Usually i always use "WinPE 4" to do this type of work. As "WinPE" is not accessing the contents of ESP, you won't face any issues in running CHKDSK ( i even managed to format the ESP from a "WinPE" ).


You can obtain a "WinPE 4" easily by one of the below methods ( without downloading WAIK or ADK ).

- Run Macrium PE builder and create a PE media with "WinPE x64" as base.

- Create a "System Repair Disc" or "Recovery Drive" (USB ) from a working "Windows 8" machine.

- Run SIW2's "Simple Winpe Maker" ( x64 ) from a working "Windows 8" machine and it will create a special version of "System Repair Disc". In addition to standard Microsoft tools included in the "Recovery Environment" , this tool will add "Macrium Free" , "Partition Wizard" etc to the recovery disc if any of the tools are found installed on the build machine.

new versions of simple winpe maker - Windows 7 Help Forums

Btw, if memory serves correctly, you should boot the PE in "UEFI" mode to mount the ESP and work with it.
 

My Computer

System One

  • OS
    Windows 7
Department of long-winded updates:

This sure has been one of those damned learning experiences that I try so hard to avoid :)

I did at last get a safety backup of the laptop in its initial state. What it has is Windows 8.0 which is still, according to several tutorials I found, supposed to have Win 7 (and earlier) style Windows Backup and Restore. In 8.0 it's supposed to be called "Windows 7 File Recovery" on the theory that people will need it to migrate files backed up on Win 7 systems to Win 8. It's supposed to appear down in the lower left corner of the Control Panel>System and Security>File History page.

Only it wasn't there, which is why I originally tried to do my safety image with that Macrium Reflect boot CD (WinPE) and then a Clonezilla Live CD (Linux) and ran into various problems. So I revisited Win 8 File History. It's turned off by default and that's the way I found it. So, thinks I, if I act like a good compliant citizen and turn File History on the way MS clearly thinks I should, will they in return give me Windows 7 File Recovery? I can always turn it off again afterward (crafty chuckle). So I did, and it worked, there's Windows 7 File Recovery where the tuts said it was, and I got my system image on external USB HD. And turned File History off again. What's more, Windows 7 File Recovery is still there now even though File History is off. I'll mention File History to the laptop owners because it does seem like a good idea, but it requires that an external HD be plugged in most of the time as space for the ongoing backups, and they can't have mine. It's not even their birthday.

Re. Clonezilla, the brick wall there was that (in basic mode, anyway) it would not image partitions with the dirty bit set. On this laptop it was the EFI System Partition (which has no drive letter) that was marked dirty. And you absolutely do want to include that partition in any Win 8 system image. And there doesn't seem to be any way to unset the dirty bit in Windows except to run chkdsk. Which would have to run as a scheduled chkdsk at bootup because that volume is locked up tight while Windows is running (see earlier messages for scary warnings). No drive letter, no chkdsk. No drive letter that persists across reboots, no scheduled chkdsk. For folks who are eager to use clonezilla in this situation I did find a note dated 2007 in the clonezilla changelog and saying "now it's possible to force to save ntfs filesystem even if it's dirty if user want to do that." But I can't tell you how to do it; plus if it's the EFI System Partition that's dirty, as in my case, that's not ntfs, it's FAT32 (known as vfat in the Linux world) and the note doesn't promise to image dirty vfat filesystems. Just sayin'.

I did not attempt giving the drive a letter in diskmgmt.msc or in diskpart. With no system backup at that point I was very reluctant to experiment. Though with Anshad Edavana looking on benevolently I did try assigning a letter with mountvol. Here's the skinny on that.

mountvol usually wants that long volume GUID (e.g. \\?\Volume{5d9c5bee-6134-11e3-90d5-806d6172696f}\) as an argument, but the EFI System Partition is a special case. You can just do "mountvol S: /s" as Anshad said, and you get "The EFI System Partition is mounted as S:" as output. Special notes:

1. mountvol run without any arguments prints out the short help text and also lists the GUIDS of all the drives you have on the system. Including the hidden ones without letters, like the little WinRE recovery partition on Win 8 systems. EXCEPT, it does NOT print out the GUID of the EFI System Partition, which is nowhere to be found in the list. Maybe that's because in a GUID partition table that partition always has the same GUID, namely C12A7328-F81F-11D2-BA4B-00A0C93EC93B. But see 3. below

2. A drive letter assigned to the EFI partition by mountvol does NOT persist across reboots. When the system comes back up the drive letter is gone. It's lost at once on shutdown, which means it's not there when a scheduled chkdsk is supposed to run, which means no scheduled chkdsk. This seems to make the EFI partition a special case because letters assigned to ordinary drives DO persist. (mountvol wouldn't be too much use on servers if they didn't, would it?) There isn't any switch to force it to persist, either. (Anshad, /e doesn't do it.)

3. mountvol S: /s did not work for me when issued from an elevated command prompt, if that command prompt was started using a boot CD (like the Macrium Reflect WinPE bootdisk mentioned earlier, which offers both a command prompt and Explorer (otherwise very useful and I'll remember they're there.) In that kind of command window mountvol S: /s just returns an error ("The parameter is incorrect.") The other mountvol systax, using the GUID string of the EFI partition, returns the same error.

>mountvol S: \\?\Volume{C12A7328-F81F-11D2-BA4B-00A0C93EC93B}\
The parameter is incorrect.

It makes sense that the /s switch would not work, since the partition I wanted to mount is not "the" EFI partition of the CURRENT system, as booted from CD. OTOH all the other GUIDs reported by mountvol are exactly the same whether it's run from a boot CD command window or from native Win 8. So the fact that you can't use mountvol with the invariant EFI partition GUID as argument was a surprise. This little (but critical) volume appears to be all kinds of a special case annoyance.


At any rate I have my safety image courtesy of Windows Backup (which is not at all snobbish about filesystem dirty bits, it's apparently willing to back up any old sh*t the user feeds it. That IMHO is correct behavior for a backup program. Warn as much as you like, but don't just barf and refuse.) And all my other partitions are chkdsk'd and clean. Time to try to make the complaining user a new profile that looks as much like her old profile as I can make it.

Chev65, your link to the profile-copying tutorial popped up at just the right moment. Thanks very much.


tl;dr version of the mywindows8.org fix-a-profile tutorial:

= On as an administrative account
= set Windows to show all files and hide none
= create <newuser> account
= go to <olduser>'s profile folder
= copy everything EXCEPT Ntuser.*
= paste all that into <newuser>'s profile folder, C:\Users\<newuser>\.
= delete <olduser>

To that I would add only to remember that there won't be any C:\Users\<newuser>\ folder until <newuser> has logged in at least once. Then it will exist but also will be full of all the default profile stuff given to every new user.

(Note, there is a Microsoft page at Fix a corrupted user profile - Microsoft Windows Help that says almost exactly the same thing, but it's for Win 7.)


That's great as far as it goes but many of the things in <olduser>'s profile will NOT copy cleanly. I am logged in as the hidden Administrator user, which I have activated, and in Safe Mode. Detailed blow-by-blow follows.

1. <olduser> has what looks like a shortcut to \All Users\. This didn't copy like an ordinary shortcut. I believe it's one of those Windows namespace funnyfiles that are not what you think they are, and do funny things. When I tried pasting it into <newuser>'s profile I got "...copying 11,545 items..." What <newuser> was getting was not a shortcut but an actual copy of \All Users\. And after a while I got a warning "The destination already contains a folder named 'All Users.' Do you want..." OMG we're in some kind of recursive loop, CANCEL CANCEL CANCEL before I blow up the master file table. I deleted this and felt lucky to be able to do so. <olduser> may have a copy of \All Users\ but <newuser> isn't getting one.

2. \AppData\ -- this is created in everybody's default profile so I guess it's OK. Copying and pasting resulted in bunches of warnings, though. "The destination path is too long" for some files (Hey here we are in 2014 and explorer apparently still has the same-old same-old 254-character path+filename limit. Not surprised.) "You need permission from the computer's administrator to make changes to this file." (For DF0ABiFC44CC5EAC77.TMP, size 0 bytes, and lots of others like it.) So it went. Skipped copying all of these, checked [x] do the same for all. And even with the skipped files, <olduser>'s \AppData\ is 1.09 GB but <newuser>'s copy has grown to 1.28 GB.

3. \Application Data\ -- "You need permission from NTAUTHORITY\SYSTEM to make changes to this folder." Would not copy.

4. Contacts -- "Already exists in destination, do you want to merge?" No, I want to completely overwrite. Not an offered choice, though. OK, go ahead.

5. Cookies -- one of those apparent shortcuts that aren't. In this case upon pasting nothing happened at all, not even an "already exists" warning, just nothing.

6. Desktop -- "already exists" warning, appeared to copy OK other than that

7. Favorites -- "already exists" warning, appeared to copy OK

8. Links -- "already exists" warning, appeared to copy OK

9. Local Settings -- an apparent shortcut. Upon pasting, no "already exists" warning, no visible action

10. My Documents -- "already exists" warning, appeared to copy OK

11. My Music -- "already exists" warning, appeared to copy OK. Lots of .m4a files copied, I suppose it's iTunes. Good, my user won't want to lose 'em.

12. My Pictures -- warning "replace desktop.ini?" Sure, shoot it dead.

13 My Videos -- warning "replace desktop.ini?" OK

14. Nethood -- an apparent shortcut. No "already exists" warning, no paste.

15. Printhood -- an apparent shortcut. No "exists" warning, no paste.

16. Recent -- an apparent shortcut. No "exists" warning, no paste.

17. Saved Games -- "replace desktop.ini?" OK

18 Searches -- "replace desktop.ini?" OK

19. Send To -- an apparent shortcut. No "exists" warning, no paste.

20. Start Menu -- an apparent shortcut. No "exists" warning, no paste.

21. Templates -- an apparent shortcut. No "exists" warning, no paste.


Now were down to NTUSER.DAT and friends, including a bunch of the form NTUSER.DAT{alphanumeric gibble-gabble}.regtrans-ms and, ones that are similar except with the extension .blf. Left these babies behind also. Ew.


OK, now can we log in as <newuser> and does she still have her stuff? YESSS! and YESSS! iTunes files are there, family photographs are there. At this point all I can do is give the box back to the owners and ask them to notice if anything obvious is missing. For the time being I'm going to just hide the old user with the corrupted profile instead of removing her completely. And disable the Administrator user again. And, oh yeah, return to the BIOS and disable the legacy stuff and re-enable UEFI and Secure Boot. Wipe down all surfaces and cover my tracks everywhere.


THANK YOU!! everybody who kicked in with the very useful suggestions.

-6ofTentacles


P.S. broe23:

> Only difference is the cover/gui

You do seem to be pretty much right about that. I found trying to work through the Win 8 GUI to be hideously inconvenient and limiting, but once I gave that up as a bad job and dropped back to the command line everything I reached for did seem to be there and working as usual. NB, did run the scans as I promised. Microsoft one-shot security scanner says clean, Malwarebytes says clean.

-6oT
 
Last edited:

My Computer

System One

  • OS
    many, Apple II DOS through Mint Linux
    Computer type
    PC/Desktop
    System Manufacturer/Model
    many, all homebuilt
    CPU
    Athlon 64 FX
    Motherboard
    asus m2n-mx se
    Memory
    4GB
    Graphics Card(s)
    GeForce6
    Browser
    firefox
    Antivirus
    MS security essentials
One last point, about the new user I created. When she signs in Windows goes straight to the old-fashioned desktop instead of the Start Screen. (Windows 8.0 isn't even supposed to be able to do that.) The owner had it going to the Start Screen and I'd like to restore that behavior if I can. But everybody else in the universe who is running 8.x on something that isn't a touchscreen seems to want to skip the Start Screen (I would too), and that's what all the tips and tutorials I can find are about. But just this once the salmon needs to swim in the other direction. Does anyone have any thoughts about re-setting it to look the way MS thought it should to begin with? Re-emphasize, this is 8.0 and not 8.1. Thanks!
 

My Computer

System One

  • OS
    many, Apple II DOS through Mint Linux
    Computer type
    PC/Desktop
    System Manufacturer/Model
    many, all homebuilt
    CPU
    Athlon 64 FX
    Motherboard
    asus m2n-mx se
    Memory
    4GB
    Graphics Card(s)
    GeForce6
    Browser
    firefox
    Antivirus
    MS security essentials
Install Classic Shell . . . makes it easier to find things
Classic Shell - Start menu and other Windows enhancements

Go to: Programs / Administrative Tools / Computer Management
. . . Performance / Reports / System / System Diagnostics / click on the computer name in that folder
. . . arrows on the right expand and collapse the sections
. . . look under Diagnostic Results / Warnings . . . see if there are any clues there
 

My Computer

System One

  • OS
    Windows 8.1 Pro 32-bit
    Computer type
    PC/Desktop
    System Manufacturer/Model
    HP Compaq DC7600 Convertible Minitower
    CPU
    Intel Pentium 4 521, Prescott 90nm Technology
    Motherboard
    Hewlett-Packard 09F0h (XU1 PROCESSOR)
    Memory
    2.00GB Dual-Channel DDR2 @ 332MHz (5-5-5-15)
    Graphics Card(s)
    512MB NVIDIA GeForce 8600 GT
    Sound Card
    Realtek High Definition Audio
    Monitor(s) Displays
    HP 2311
    Screen Resolution
    1920x1080@60Hz
    Hard Drives
    149GB SAMSUNG HD160JJ ATA Device (SATA)
    233GB Maxtor 7L250S0 ATA Device (SATA)
    Keyboard
    Logitech K120
    Mouse
    Kensington Expert Mouse K64325
    Internet Speed
    1.5MB DSL
    Browser
    Firefox
    Antivirus
    Avast, Malwarebytes
Great to hear that you managed to fix the corrupted profile :thumbsup:.


Regarding the error you encountered when trying to mount ESP from a WinPE, i think the problem lies here :

And, oh yeah, return to the BIOS and disable the legacy stuff and re-enable UEFI and Secure Boot.

If you disabled UEFI and boot WinPE in "Legacy/CSM" mode, "mountvol" may probably fail. Try booting from a "WinPE 4.0 x64" with UEFI and "SecureBoot" enabled and then run the mountvol command. Although this is not necessary as you managed to backup the hard drive, you may find it useful in some day.
 

My Computer

System One

  • OS
    Windows 7
> If you disabled UEFI and boot WinPE in "Legacy/CSM" mode, "mountvol" may probably fail. Try booting from a "WinPE 4.0 x64"
> with UEFI and "SecureBoot" enabled and then run the mountvol command.

Thanks, Anshad. I'll try it your way next time this comes up.
 

My Computer

System One

  • OS
    many, Apple II DOS through Mint Linux
    Computer type
    PC/Desktop
    System Manufacturer/Model
    many, all homebuilt
    CPU
    Athlon 64 FX
    Motherboard
    asus m2n-mx se
    Memory
    4GB
    Graphics Card(s)
    GeForce6
    Browser
    firefox
    Antivirus
    MS security essentials
Chev65, your link to the profile-copying tutorial popped up at just the right moment. Thanks very much.

Glad I could help, often times it's easier to simply create a new user account and move all the files to the new account rather than trying to fix a corrupted user account which can very time consuming or not even possible.
 

My Computer

System One

  • OS
    Windows 8.1 Pro WMC
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Home built
    CPU
    Q9650 @ 4.05 GHz
    Motherboard
    Gforce 780i SLI FTW
    Memory
    8GB Gskill DDR2 1200Mhz
    Graphics Card(s)
    GTX-480
    Sound Card
    Asus D2 Xonar
    Monitor(s) Displays
    HannsG
    Screen Resolution
    1680x1050
    Hard Drives
    Gskill 120GB SSD
    PSU
    Thermal Take 1000watts
    Case
    Thermal Take Xtreme
    Cooling
    9 fans air cooled
    Keyboard
    G15 logitech
    Mouse
    G9 logitech
    Internet Speed
    50mbps
Regarding profile copying, what is the reason for unhiding the hidden and system files? It does not seem like there would be anything hidden that would be needed to be copied into the new profile. Thanks
 

My Computer

System One

  • OS
    Windows 8 Pro
Vincenzo,

There are some hidden files and some system files down in there. I gave that laptop back yesterday so I'm back to my previous I-have-no-Windows-8-in-the-house state. In Win 7 you can inventory all the hidden files in a profile and all the subdirectories beneath it easily. Go to somebody's profile (like your own), open a command window, and do

dir /s /a:h >hidden.txt

When the command finishes you can read hidden.txt and see what-all you've got that has the hidden bit set. (Setting explorer to show all files doesn't change this.)

Also works for /a:s (system files) and /a:a (archive attribute set, which has been useful since forever for folks who write executable [DEL].bat[/DEL] I MEAN .cmd files to locate everything that's changed recently and needs to be backed up.)

Just how critical these hidden and system things are to the functioning of the new user's profile you just copied (or didn't copy) them to would be a matter for experiment. My guess would be, heh, it varies.

-6oT
 
Last edited:

My Computer

System One

  • OS
    many, Apple II DOS through Mint Linux
    Computer type
    PC/Desktop
    System Manufacturer/Model
    many, all homebuilt
    CPU
    Athlon 64 FX
    Motherboard
    asus m2n-mx se
    Memory
    4GB
    Graphics Card(s)
    GeForce6
    Browser
    firefox
    Antivirus
    MS security essentials
With the exception of older versions of Outlook (and possibly Windows Live Mail), I've never seen an application that had any hidden files that I needed. But I do wonder about it sometimes when moving data from an old computer to a new one. Thanks
 

My Computer

System One

  • OS
    Windows 8 Pro
Back
Top