I just had the most exciting hours of the year. My wife’s computer (Windows 98) is acting up. I did a couple of checks to see what exactly was wrong but it’s definitely in Explorer: Explorer randomly hangs when she clicks on folders in the tree list. I haven’t found out why it hangs, but I’m sure it’s related to something that was installed without her knowledge. It’s a typical shell32.dll error pointing to address 015f.7fce23b3.
Anyways, I made changes to the Registry to see if that helped. No avail. Then I was smart enough to let the System File Checker figure out what was wrong. The SFC readily and happily mentioned that 4-6 files were ‘corrupt’ and I allowed it to restore those files. This is where the dark clouds started to gather: After the required restart, the computer kept on restarting. This was bad. Secondly, the computer even didn’t want to enter ‘Safe Mode’ , which is really bad: ‘as in *really really bad*.
I had two things to check in to: first the changes to the Registry I had made. If you don’t have ‘scanregw’ running at start-up you’re almost screwed. Here’s the story on Windows 98 computers: normally Windows 98 makes a backup of registry files. You can find them in C:\Windows\Sysbckup. In my case I was out of luck: the last registry backup was from 2002. The good part was that I was sure that most of the changes I made to the registry were around the devilish CurrentVersion/Run Keys. A 2002 copy would have the original entries to bootstrap the programs that address and setup the hardware at start-up.
This is what I did: I renamed the original user.dat and system.dat (the registry files) and started the scanregw program with parameter /restore. In the next screen I chose the most recent entry and restarted. Naturally I forced it into DOS [do not attempt to let it start into Windows], once again (use F8!).
The next step was to extract the right keys from the old registry. You can do it easily with the command ‘regedit /e filename.txt “YOUR_FRIGGING_REGISTRY_KEY”. I needed a couple of registry keys, so I made a batch file and ran it.
Since most of the data needed to be imported in the original registry files, I copied the renamed files back to their original names (don’t forget to use attrib -r -h -s on those files). Once I again I ran the batchfile, which gave me the corrupted registry entries. Using ‘Edit’, I was able to copy most of the missing entries to where they belonged.
The next step was to look for the replaced system files. Remember that I ran System File Checker? It always makes a backup of files that were replaced. You can find them in the directory C:\windows\helpdesk\sfc. A simple file comparison with the files in the system directory revealed that a crucial file (USER.EXE) was replaced by a ‘restored’ version. The ‘replaced’ version was over 500 K while the restored one only was 257 KB. I wonder why it was ‘restored’.
Anyways: when these things happen, don’t panic. Don’t grab out the Windows disks and start ‘formatting’ the drive (and lose all your data). You may not even need to do this if you can remember what may have changed. And even under these rudimentary circumstances (not being able to log into Windows), things can be fixed under DOS. It’s just that you have to look for the right commandline parameters. Crappy software.