Windows XP FAQs

From Knowledge Base
Jump to: navigation, search

Beep.sys BSoD

Symptom: System crashing to blue screen shortly after logon with a STOP 0x00000050 page fault, listing 'BEEP.SYS' as the culprit

Problem: System is infected with a poorly written piece of malware trying to imitate one of the legitimate drivers in Windows XP, resulting in a blue screen.


  1. Boot from a Linux Live CD (with NTFS write ability if neccessary)
  2. Find your Windows XP install's root directory
  3. Navigate to \Windows\system32 or \Windows\system32\drivers
  4. Remove the file 'beep.sys'. The file size should be around 15KB, as opposed to the one shipped with XP which is around 5 KB
  5. Shutdown and restart from your XP installation, and scan the system with MalwareBytes or another good anti-malware program

Repeated prompt to install Security Update for Windows XP Service Pack 3 (KB 952069)

Symptom: Uncertain, seems to be some sort of corruption with Windows Media Player or associated libraries.

Resolution: Download and install/reinstall the latest version of Windows Media Player

Unable to log on

Symptom: Immediately logging off prior to reaching the desktop

Problem: Registry corruption as a result of a malware infection


  1. Using an offline registry editor, navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
  2. Edit the Userinit key to display %System32Path%\userinit.exe, otherwise create the string.

You need to replace %System32Path% with the system32 path, typically C:\Windows\System32

Windows shell not loading

Symptom: Upon logging into Windows, the taskbar and desktop icons don't appear.

Problem: Userinit.exe is corrupt

Resolution: Either run sfc.exe /scannow (you will need a Windows CD to replace the file) or replace the userinit executable with a known good one.

How to remotely uninstall software

Using WMIC, it is possible to remotely uninstall software across a network.

  1. Launch a command prompt with permission to uninstall software on the target PC
    This may be done by right clicking on a command prompt shortcut and selecting Run as... or by using the runas command (runas /user:[email protected] cmd).
  2. Start WMIC
    Easy step, just type wmic at the command prompt
  3. Check the product's name and confirm installation
    Just to make sure the program is installed, use the command /node:computername product get name,vendor. This will display a list, assuming that the target computer is accessible, of all the software installed (and hence uninstallable).
  4. Start the uninstallation
    Now the know the product is installed and the name is it shown as, we can remove it. The command /node:computername product where name="productname" call uninstall - you'll need to enter the product name exactly as shown in the previous step. It will then ask you to confirm the execution of the uninstall, to which you have to press y. After the uninstallation is completed, you'll get the message "Method execution successful", but you can re-run step 3 in order to confirm the software has been removed.

How to remotely create a service

Use the command sc \\pcname create servicename binpath= path\to\file, where pcname is the name of the remote computer, servicename is an identifiable name for the service and path\to\file is the location of the executable on the remote computer.

Change active window on mouseover

By default, the active window in XP is the Window last clicked on/typed in. Using TweakUI, Windows XP can be changed so that the active window focus follows the cursor. In order to do so:

  1. Download and install TweakUI from Microsoft's website
  2. Open TweakUI and select 'Mouse', then 'X-Mouse'
  3. Tick the 'Activation follows mouse (X-mouse)' box
  4. (Optionally) set the activation delay so that the focus does not change immediately.

Note: This breaks the symbol selection dialogue in Word, as you are no longer able to click to select symbols.