Professional Documents
Culture Documents
Geek Squad Handbook
Geek Squad Handbook
MISSION OBJECTIVES
Understand new ways to check in clients and manage their expectations Understand new diagnostic processes and tools Tr o u b l e s h o o t a n d e r a d i c a t e v i r u s e s e f f e c t i v e l y Understand what Adware/Spyware are and how to eradicate them L e a r n n e w, b a s i c , a n d l o w l e v e l t r o u b l e s h o o t i n g p r o c e d u r e s Learn more effective ways of resolving advanced operating system issues, NOT just restoring Resolve advanced Winsock/Dial-up Networking issues
Check For Dust The following are problems that can and will be caused by dust: Static Electricity Heat Fan malfunction System board shorts
Ty p i c a l l y, y o u c a n u s e s o m e t y p e o f p r e s s u r e d a i r t a n k ( l i k e t h e o n e u s e d i n M o b i l e I n s t a l l ) t o effectively clean out computers. Because of the chemical residue that may accumulate on the system board, canned air is not recommended for performing this. Get authorization from the client for a System Cleaning before performing this task. Distended Capacitors A D i s t e n d e d C a p a c i t o r i s a n i m m e d i a t e s e r v i c e d i s q u a l i f i e r. W h e n a d i s t e n d e d c a p a c i t o r i s f o u n d , y o u c a n d e e m t h e c o m p u t e r to h a v e a d e f e c t i v e s y s t e m b o a r d . L o o k f o r e i t h e r a b u l g e o n t h e t o p s i d e o f t h e c a p a c i t o r o r a n a c i d - l i k e m a r k o n t h e t o p o r t h e b o t t o m o f t h e c a p a c i t o r.
Data collection points include C l i e n t s p e r s o n a l : n a m e , a d d r es s , p h o n e , c o m p u t e r h a b i t s C l i e n t s c o m p u t e r i n f o r m a t i o n : O S v e r s i o n , C P U , R A M , H D P r e -O p c h e c kl i t s Customer feedback information Debriefing and Recommendations: recommendations of what should/might be done to computer
Ta c t i c a l C a s e R e p o r t
Te c h n i c i a n s n o t e s e c t i o n Te c h n i c i a n w i l l d o c u m e n t A L L w o r k p e r f o r m e d a n d t h e r e s u l t s h e r e This will be shown to the client when they pick their machine up A d d i t i o n a l n o t e s a b o u t t h e c l i e n t s c o m p u t e r Payment due
D o c u m e n t A L L L e v e l 2 d i a g n o s t i c f in d i n g s . T h e r e a r e a p p r o p r i a t e s e c t i o n s o n t h e I n - S t o r e Ta c t i c a l A n a l y s i s f o r m f o r a l l o f t h e L e v e l 1 a n d L e v e l 2 D i a g n o s t i c t e s t s u n d e r t h e s e c t i o n labeled System Diagnosis. I f p o s s i b l e h a r d d r i v e f a i l u r e i s p r e s e n t , I M M E D I AT E LY S T O P w o r k i n g o n t h e c l i e n t s m a c h i n e and contact them with findings/solutions. Once your Level 2 diagnostics are completed, stop working on the machine and contact the client for approval.
The program will ask you to select the tests to be run and then prompt you to this screen to confirm (this will also give you any special instructions for each test) Te s t i n g w i l l c o m m e n c e a n d r e c o r d p a r a m e t e r s a n d s t a t u s Note: Some tests (mouse, graphics, keyboard) will require interaction. Once again this will be noted as special instructions before the testing starts. Once testing is completed the results will be posted to view applicable issues. The details tab will also drill down into more information about each test.
This software package runs only one Hard Drive at a time. Start testing one of the drives.
If the hard drive tests complete successfully the results screen will display with a green background. If the background color is red, the hard drive has failed a test. Proceed to match up the error code from t h e l i s t t h a t c a n b e f o u n d o n p a g e 3 2 o f t h e f o l l o w i n g P D F. M o s t o f t h e t i m e w h e n t h i s t e s t f a i l s t h e hard drive needs to be replaced. h t t p : / / w w w. h g s t . c o m / h d d / s u p p o r t / d f t 3 2 _ u s e r g u i d e . p d f
REPLACE HD (Usually these codes mean HD replacement is necessary) -----------------------------------------------------------------0x42 Drive temperature problem 0 x 7 0 C o r r u p t S e c t o r [ A g e n e r a l h a r d d i s k p r o b l e m w a s d e t e c t e d . Yo u c a n r u n t h e E r a s e D i s k u t i l i t y. I f a subsequent test fails again, the drive is defective and should be replaced. 0 x 7 2 D e v i c e S . M . A . R . T. E r r o r 0x73 Device damaged by shock 0 x 7 4 S . M . A . R . T. S e l f - t e s t f a i l e d [ A n e r r o r w a s d e t e c t e d d u r i n g S . M . A . R . T. s e l f - t e s t . Yo u c a n r u n t h e E r a s e D i s k u t i l i t y o f D F T. I F a s u b s e q u e n t t e s t f a i l s a g a i n , t h e d r i v e i s d e f e c t i v e a n d s h o u l d b e replaced. 0x75 Defective Hard Disk Drive Component OTHER ERROR CODES ----------------0x00 No Error 0 x 1 0 Te s t a b o r t e d b y u s e r 0x20 Selected drive not present 0 x 2 1 ATA M a s t e r d e v i c e n o t p r e s e n t 0x22 Device protected 0x23 Format Degraded 0x30 Out of Memory 0x31 Wrong Parameter 0x33 Function cannot be executed on this device 0 x 4 0 S y s t e m i n t e r r u p t s t h e c u r r e n t o p e r a t i o n [ s m a r t d r v. e x e c a n c a u s e t h i s e r r o r ] 0x41 Bad Cable 0x43 Pending SCSI request 0 x 4 4 S y s t e m Vi b r a t i o n 0x45 Low System Performance 0x71 Device not ready
Note: If Win ME, perform the following command * It may be easier to remove temp/restore files from within Windows
4.3 - Windows NT / 2000 / XP - (NTFS) E a c h o f t h e s e o p e r a t i n g s y s t e m s h a v e t h e a b i l i t y t o r u n o n t h e N e w Te c h n o l o g y F i l e S y s t e m s (N T F S ) w h i c h c a n n o t b e a c c e s s e d f r o m a s t a n d a r d b o o t d i s k . Yo u f i r s t n e e d t o b o o t i n t o W i n d o w s Safe Mode. Then follow these instructions: Open the run command Ty p e c m d o r c o m m a n d C o m m a n d P r o m p t w i l l o p e n Go to CD drive and type in the following commands:
W h e n r u n n i n g a s c a n w i t h i n W i n d o w s N T / 2 k / X P y o u m a y g e t a n e r r o r. C l i c k I g n o r e a n d continue the scan process. This will not damage any files.
NOTE: If a virus is found, first, contact the client and approve (if not previously approved) the cost for removing a virus. T h i s i s a s o f t w a r e i s s u e a n d i t i s n o t c o v e r e d u n d e r a n y w a r r a n t y o r P S P. This is also a great time to up-sell the installation of new anti-virus software if n e c e s s a r y.
Commonly Used Switches: /adl = all drives local /all = all files / r e p o r t c : \ < f i l e n a m e > = c re a t e a r e p o r t f i l e /append = appends report /clean = clean /? = help scanpm /? = help
Te s t p o w e r s u p p l y a n d C M O S b a t t e r y w i t h a v o l t m e t e r.
NOTE: Settings will need to be entered in the BIOS afterwards If power supply is functioning: Check all cables Pull/Reseat all cards, memory and processor I f t h a t d o e s n t w o r k , i t i s p r o ba b l y a b a d m o t h e r b o a r d If power supply is not functioning: Tr y a d i f f e r e n t p o w e r s u p p l y Pull all cards except video card and one stick of RAM If the computer turns on, use process of elimination to find out which card is preventing the computer from powering on. Tr y a t e s t s w i t c h o r j u m p m o t h e r b o a r d Lookup Beep Codes if you hear any: R e f e r e n c e : h t t p : / / w w w. c o m p u t e r h o p e . c o m / b e e p . h t m
6.2 - BIOS Errors Keyboard Errors: Check for stuck keys Try different keyboard otherwise it is probably a defective port Try another keyboard type (USB/PS2) Checksum Error: Reboot system If it recurs verify settings in BIOS (system clock) If it recurs pull battery and power cable for 30 seconds If it recurs replace CMOS battery If it recurs re-flash CMOS using jumper on motherboard If it recurs it is a defective motherboard No Hard Drive Recognized: Check all cables See if the Hard Drive is even spinning Volt-test the power cable to the hard drive Check IDE settings in the BIOS (Auto) Try different IDE cable and power cable Try other IDE channel (Secondary) Try clients Hard Drive in test computer Try different Hard Drive in clients computer
If this does not resolve the problem proceed to a Soft Install of Windows. Windows XP B o o t o f f t h e c l i e n t s O R I G I N A L W i n d o w s X P C D Run the recovery console, command prompt run the commands: * If the admin password is not available or working, boot off a Win2k CD C:\>chkdsk /r C:\>fixboot
V I R U S E R A D I C AT I O N A LT E R N AT I V E S U s e f i x / r e m o v a l t o o l s l o c a t e d o n M R I \ . \ Vi r u s R e m o v a l To o l s If tool is not available/out-dated for specific virus you may download Symantec removal t o o l s a t h t t p : / / w w w. s y m a n t e c . c o m Secondary Drive: A hard drive may also be mounted as a secondary drive in a system that has an active virus scanning software. Then run a manual scan of the secondary drive to remove viruses. Do note that using this method, a virus software may quarantine required operating system files. This would require a repair or Soft Install of the operating s y s t e m b e f o r e t h e c o m p u t e r w i l l f u n c t i o n p r o p e r l y. D o n o t p e r f o r m t h i s o p e r a t i o n w h e n r e m o v i n g t h e K L E Z v i r u s , u s e th e S y m a n t e c F i x U t i l i t y. P l e a s e a l s o n o t e t h a t t h i s m e t h o d takes more manual Agent time as opposed to typing commands and letting the software take care of the rest.
Scanning and eradicating with NTFS Safe Mode with networking required for online scan/eradication Online House Call at http://housecall.trendmicro.com/ Local BartPE (where available)
VIRUS RESEARCH S e e M c A f e e s Vi r u s I n f o r m a t i o n L i s t w e b s i t e f o r a d v a n c e d m a n u a l v i r u s r e m o v a l i n s t r u c t i o n s . http://vil.mcafee.com Other excellent virus information websites: h t t p : / / w w w. s y m a n t e c . c o m h t t p : / / w w w. v i r u s l i s t . c o m NOTE: In Windows ME and Windows XP remember to disable the Restore function to prevent the Restore directory from re-infecting the system. Remember to enable afterwards. If a c l i e n t d o e s n o t w a n t v i r u s e s r e m o v e d f r o m t h e i r s y s t e m y o u M U S T m a k e a n o t a t i o n o f this denial of service in the service order notes. Also, if the client does not want us to install new virus software, note that we do not cover virus re-infection if the computer leaves the store without proper virus protection. Notate this in the service order as well.
automatically notify you of this, simply click OK. During the fixing of problems the application may appear to freeze. This is normal so just let it finish Usually SpyBot will be able to fix most problems on the first attempt I f i t a s k s t o b e r u n a t n e x t s t a r t u p , c a n c e l t h i s . I f N e w. n e t w a s i n s t a l l e d a s e c o n d s c a n i s n e c e s s a r y. R e b o o t i n t o S a f e M o d e a n d s c a n a g a i n . O t h e r p r o b l e m s c a n a c t u a l l y b e r e m o v e d o n a s e c o n d s c a n w i t ho u t a r e b o o t . Continue cleaning with SpyBot-S&D until the machine is clean per its findings Some problems can NOT be removed by SpyBot-S&D (e.g. variants of i-lookup, VX2. BetterInternet, etc).These will have to be skipped at this point and cleaned with other tools
A D - AWA R E I n s t a l l A d - Aw a r e w i t h a l l o f t h e d e f a u l t s e t t i n g s s e l e c t e d Apply all updates manually from MRI. Extract the .zip usually <C:\Program Files\ L a v a s o f t \ A d - a w a r e 6 > . Yo u c a n a c t u a l l y s t a r t t h e i n s t a l l a t i o n a n d s c a n n i n g w i t h t h i s a p p l i c a t i o n d u r i n g t h e l a t t e r s t a g e s o f S p y B o t - S & D t o s a v e t i m e . H o w e v e r, b e c a r e f u l n o t to cross-clean infections found by both applications otherwise youll be chasing a nonexisting infection L a u n c h A d - Aw a r e . I f I n t e r n e t i s a v a i l a b l e , a p p l y w e b u p d a t e s v i a A d - Aw a r e . M a n u a l u p d a t e s a r e a l s o a v a i l a b l e a t ht t p : / / w w w. l a v a s o f t u s a . c o m / s u p p o r t / d o w n l o a d / . After updates are applied, Click Start. Be sure to select Customize and enable the following: Scan within archives Scan my IE Favorites for banned URLs Scan my Hosts files then click Proceed Record how many instances of spyware were found for your notes. The scan will take a few minutes or could even freeze for some time at various locations. This is normal so just let it finish. W h e n A d - Aw a r e f i n i s h e s , S e l e c t a l l o b j e c t s ( r i g h t - c l i c k i n r e s u l t s t o g e t t h i s o p t i o n ) , click Next, then OK. During the quarantine process the application may appear to freeze. This is normal so just let it finish. Usually it will be able to fix most problems on the first attempt. If it asks to be run at next startup, cancel this. Other problems can actually be removed o n a s e c o n d s c a n w i t h o u t a r e bo o t . C o n t i n u e c l e a n i n g w i t h A d - Aw a r e u n t i l t h e m a c h i n e i s c l e a n p e r i t s f i n d i n g s . S o m e p r o b l e m s c a n N O T b e r e m o v e d b y A d - Aw a r e ( e . g . variants of i-lookup, VX2.BetterInternet, etc). These will have to be skipped at this point and cleaned with other tools D e p e n d i n g o n t h e l e v e l o f i n f e s t a t i on , o t h e r s p y w a r e r e m o v a l a p p l i c a t i o n s m a y n e e d t o b e used SpySweeper is a great tool. Not only for cleaning, but as a prevention tool so attach it! Once both above programs show the machine being clean move onto a deeper cleaning. This C l e a n m a y m e a n t h a t 9 9 % o f t h e in f e s t a t i o n w a s c l e a n e d . M i s c e l l a n e o u s e n t r i e s l i k e V X 2 . B e t t e r I n t e r n e t , C o o l W W W S e a r c h , l oo k 2 m e , i - l o o k u p m a y s t i l l e x i s t a n d p o s s i b l y c a n n o t b e cleaned by either program. A D D I T I O N A L R E M O VA L T O O L S T h e r e a r e a f e w a d d i t i o n a l a d w a r e / s p y w a r e r e m o v a l t o o l s t h a t w i l l c o m e i n h a n d y. T h e y c a n b e l o c a t e d o n t h e M R I C D i n t h e f o l d e r : \ . \ S p y w a r e \ M i s c R e m o v a l To o l s . B e f o r e y o u u s e a n y o f th e s e t o o l s , p l e a s e r e a d t h e d o c u m e n t a t i o n f o r e a c h a p p l i c a t i o n . CWShredder U t i l i t y s p e c i f i c a l l y d e s i g n e d t o r e m o v e C o o l W W W S e a r c h . ( S p y B o t / A d - Aw a r e s o m e t i m e s c a n t re m o v e d a l l o f t h e p a r t s o f t h i s h i j a c k t h i s d o e s )
I f t h e e r r o r A r e q u i r e d d l l , M S V B V M 6 0 . D L L , w a s n o t f o u n d a p p e a r s , a p p l y Vi s u a l B a s i c 6 . 0 S P 5 R u n Ti m e F i l e s . L o c a t e d o n t h e M R I \ . \ W i n d o w s To o l s . I f C W S w a s o n t h e m a c h i n e a n d i t i n f e c t e d a n y o f t h e f o l l o w i n g , t h e s p e c i f i c . e x e s will have to be replaced: w m p l a y e r. e x e , m s c o n f i g . e x e , c o n t r o l . e x e , r u n d l l 3 2 , n o t e p a d . e x e R e p l a c e m e n t . e x e s l o c a t e d o n t h e M R I \ . \ S p y w a r e \ C W S h r e d d e r \ A d d i t i o n a l C W S f i x e s I f y o u t w e a k m s c o n f i g a n d h av e n o t r e b o o t e d t h e m a c h i n e , C W S h r e d d e r w i l l s a y t h a t i t found the CWS.Msconfig This does not matter; System Configuration Utility will not prompt on next reboot
Hijackthis Utility that assists in detecting and removing various hijacking entries WA R N I N G R e a d A L L d o c u m e n t a t i o n a b o u t t h i s a p p l i c a t i o n b e f o r e u s i n g i t If run from a CD, backups of files you delete will NOT be made; copy the application to the desktop if needed. KaZaABegone Utility designed to fully removed KaZaA and all of its remnants G o o d t o r u n t h i s e v e n i f K a Z aA w a s n e v e r i n s t a l l e d a s i t f i n d s o t h e r s p y w a r e applications associated with KaZaA WA R N I N G T h i s u t i l i t y w i l l d e l e t e t h e M y S h a r e d F o l d e r f o l d e r t h a t c o n t a i n s t h e c l i e n t s d a t a t h a t w a s d o w n l o a d e d v i a K a Z a A . Yo u M U S T i n f o r m t h e c l i e n t t h a t t h i s will be deleted BEFORE you run this utility If client wishes for KaZaA or content downloaded via KaZaA to remain on the machine, o u r s e r v i c e c a n n o t a n d w i l l n o t c a r r y a w a r r a n t y. D o c u m e n t t h i s i n y o u r n o t e s .
FixMsg117 U t i l i t y d e s i g n t o c u r e m s g 1 1 7 . d l l (Z e s t y F i n d ) i s s u e s Good to use this just in case ZestyFind is on the machine Hard to tell if this hijacker is actually on the machine until it redirects you Depending on the level of infestation, other fixes may need to be applied It will notify you of this; usually winsock2 related KillMsg118 U t i l i t y d e s i g n t o c u r e m s g 1 1 8 . d l l is s u e s If the machine is locking/pausing for a long time a on the Loading your personal s e t t i n g s d i s p l a y, r u n t h e f o l l o w i n g r e g i s t r y e n t r y t o s h o w t h e f i l e t h a t i s p o s s i b l y causing this L o c a t e d o n M R I \ . \ W i n d o w s To o l s \ R e g i s t r y E n t r i e s E n a b l e - S h o w Ve r b o s e S e c u r i t y S t a t u s M e s s a g e s . r e g D i s a b l e - U n d o S h o w Ve r b o s e S e c u r i t y S t a t u s M e s s a g e s . r e g BHODemon Breaks down Browser Helper Objects (BHO) for further troubleshooting CoolWWWSearch.SmartKiller (v1.v2) MiniRemoval U t i l i t y s p e c i f i c a l l y d e s i g n e d t o r e m o v e v a r i a n t s o f C o o l W W W S e a r c h . Yo u w i l l k n o w t h a t t h e machine has this variant as most major adware/spyware removal tools will start, and then shutdown. Most major adware/spyware web sites will be inaccessible. If the machine has a n y o f t h e b e l o w v a r i a n t s , t h i s r e m o v a l m u s t b e r u n F I R S T t o a l l o w S p y B o t a n d A d - Aw a r e t o run. Va r i a n t 2 6 : C W S . S m a r t s e a r c h - C o u n t e r- c o u n t e r- a c t i o n s CWS.Smartsearch.2, CWS.Smartsearch.3, and CWS.Smartsearch.4
If you have multiple user accounts on the machine you must clean all accounts using the instructions above. Manual Cleaning After you clean the machine using all of the applicable applications, there will still be miscellaneous files/folders/icons that exist on the machine that are related to adware/ spyware A f t e r t h e m a i n [ S p y B o t , A d - Aw a r e ] a n d m i s c e l l a n e o u s [ C W S h r e d d e r, H i j a c k t h i s , K a Z a A B e g o n e , e t c ] a p p l i c a t i o ns a r e r u n , t h e m a c h i n e i s p r o b a b l y t e c h n i c a l l y c l e a n o D o y o u w a n t y o u r c l i e n t s t o s ee t h e m e s s l e f t b e h i n d n o ! o This could freak them out and cause a recall on you fix it the first time! o o Clean the Favorites folders C:\Documents and Settings\%user%\Favorites C:\Windows\Favorites
Do NOT delete all favorites look for unusual entries Adult Links Gambling Casino When these are created there are usually a few main folders and they all have the same modified date Sometimes the Favorites are so infected you have to remove all of them; more effective than g o i n g t h r o u g h h u n d r e d s o f s h o r t c u t s . Ta l k t o y o u r c l i e n t i f t h i s h a p p e n s . R e m o v e a l l s p y w a r e / a d w a r e e n t r i e s f r o m t h e A d d / R e m o v e P r o g r a m s L i s t. I f i t c a n t b e removed, manually remove it O p e n R e g i s t r y E d i t o r t o t h e f o ll o w i n g k e y : [ H K E Y _ L O C A L _ M A C H I N E \ S O F T WA R E \ M i c r o s o f t \ W i n d o w s \ C u r r e n t Ve r s i o n \ U n i n s t a l l ] This key is where the Add/Remove Program list is store. Some of the entries are plainly label and others are going to be in hexadecimal. For the hexadecimal entries youll have to look in the right pane for the name corresponding to the entry in the Add/Remove Programs list that you want to remove. After the Add/Remove Programs List is clean, reboot into Normal Mode Clean the [C:\Program Files] folder by removing the miscellaneous spyware/adware files/ folders. Be sure to only delete files/folders that you know are related to adware/spyware. If you recognize any installer that is used to install adware/spyware [most are in the root directory], delete them. O n l y d e l e t e e x e c u t a b l e s t h a t yo u k n o w a r e a d w a r e / s p y w a r e Clean [C:\WINDOWS\Downloaded Program Files] may have already been done with Hijackthis D o n t f o r g e t t o r e m i n d t h e c l i e n t t h a t t h e y l l w i l l h a v e t o d o w n l o a d F l a s h [ o r o t h e r similar] plug-ins if you deleted them Delete the miscellaneous spyware/adware icons/shortcuts on the desktop and start menus A f t e r A L L o f t h i s y o u h a v e f i n a l l y c l e a n e d t h e m a c h i n e s o n o w i t s t i m e f o r t e s t i n g . (Re)Boot into Normal Mode and test Internet Explorer by visiting commonly used sites. It is also helpful to visit sites that use: Flash, SSL, ActiveX, or other similar technologies are good for testing. This will help prevent callbacks and recalls. h t t p : / / w w w. g o o g l e . c o m h t t p : / / w w w. c o m c a s t . c o m http://mail.geeksquad.com/sts h t t p : / / w i n d o w s u p d a t e . m i c r o s of t . c o m
If y o u c a n t g e t t o w e b s i t e s , b u t y o u g e t a n I P a d d r e s s , D N S , a n d c a n p i n g , w i n s o c k 2 probably needs to be repaired. For instructions on how to do this please see the winsock2/ DUN procedures. Te s t r a n d o m p r o g r a m s t h a t m a y h a v e b e e n i n f e c t e d [ W M P, m s c o n f i g , c o n t r o l . e x e , e t c ] a n d preform this testing on ALL user accounts. R e b o o t t h e m a c h i n e a f e w t i m e s , t e s t a g a i n . Te s t i n g s h o u l d o n l y t a k e a f e w m i n u t e s a n d w i l l help prevent recalls so do it!! If a t a n y t i m e d u r i n g y o u r t e s t i n g s p y w a r e / a d w a r e a p p e a r s ( e . g . I E s r e d i r e c t i n g y o u , r a n d o m not normal pop-ups, etc), you may have to start the removal process all over again Uninstall ALL spyware/adware applications used to performed the cleaning Delete the Lavasoft folder in the Start Menu and [C:\program files] Sometimes SpyBot will be here too; remove it if found Clean the [%temp%] directory one more time; Hijackthis/other junk may be here In W i n d o w s X P / M E r e e n a b l e S y s t e m R e s t o r e Reboot the machine a few more times just for good measure B e s u r e t h a t y o u d o c u m e n t t h r o u g h o u t y o u r r e m o v a l p r o c e d u r e s i t s e a s y t o j o t d o w n a f e w notes while youre doing the scans/cleaning instead of compiling it all at the end and missing vital points. D o c u m e n t a t i o n i s n o t o n l y f o r t h e c l i e n t , b u t i t s f o r t h e e n t i r e G e e k S q u a d s o d o i t w e l l ! E D U C AT E , E D U C AT E , a n d R E - E D U C AT E t h e c l i e n t y o u d b e a m a z e d h o w m u c h t h i s h e l p s ! !
Windows XP Remove the Winsock and Winsock2 registry keys Start -> Run -> type regedit -> click OK Follow the path HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services Delete: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winsock HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2 Make sure all files are shown S t a r t , M y C o m p u t e r - > To o l s - > F o l d e r O p t i o n s - > Vi e w Enable <Show hidden files and folders> Re-install TCP/IP Start -> Control Panel -> Network Connections Right-click the connect you wish to repair -> Properties Click Install -> highlight Protocol -> click Add Click Have Disk -> click Browse -> point to the <c:\windows\inf folder> * Windows folder may be named Winnt Click Open -> click OK Highlight Internet Protocol (TCP/IP) -> click OK * Installation will pause for a few seconds -> when finished, close all open Windows N o t e : I n X P, i t i s n o t u s u a l l y n e c e s s a r y t o r e b o o t a f t e r r e - i n s t a l l i n g T C P / I P. Tr y t o o p e n I n t e r n e t Explorer and see if you can browse. If you still cannot browse after completing the above steps, re b o o t . A f t e r r e b o o t i n g y o u s h o u l d b e a b l e t o b r o w s e w e b s i t e s .
B.
C r e a t e a n e w C A B S d i r e c t o r y, a n d c o p y c a b f i l e s f r o m t h e c l i e n t s o p e r a t i n g s y s t e m C D t o t h e n e w c a b s d i r e c t o r y.
C. D.
The process for ME is exactly the same except on the CD the folder that contains the cab files is D:\win9x instead of D:\win98 After the copy is complete switch back to the C: drive and run Windows 98/ME installation by typing setup.
E.
Run a Windows install as you normally would. Make sure when it is completed that all programs and devices are working properly and that the post-op procedure is performed.
B.
Create new Windows directory and copy cabs from Windows 98/ME disk
C.
The process for ME is exactly the same except on the CD the folder that contains the cab files is D:\win9x instead of D:\win98 After the copy is complete switch back to the C: drive and run Windows 98/ME installation by typing setup.
D.
Yo u m a y n e e d t o r e i n s t a l l s o m e d r i v e r s a f t e r a C l e a n / P a r a l l e l I n s t a l l o f W i n d o w s . D o w n l o a d the proper drivers from the internet. C o m p u t e r M a n u f a c t u r e r s w e b s i t e D e v i c e M a n u f a c t u r e r s w e b s i t e w w w. d r i v e r g u i d e . c o m ( U s e r n a m e : d r i v e r s P a s s w o r d : a l l ) w w w. g o o g l e . c o m / g r o u p s . g o o g l e . c o m Look for model numbers on device Printed Circuit Board (PCB) and major Integrated Circuits (IC) for search criteria. A f t e r a C l e a n / P a r a l l e l I n s t a l l , v e r i f y t h a t t h e i n i t i a l p r o b l e m h a s b e e n r e s o l v e d a n d c a n t b e recreated. I f t h e p r o b l e m c a n t b e r e c r e a t e d , p r o c e e d a n d c o m p l e t e p o s t - o p p r o c e d u r e s . If the problem still occurs, try updates (Windows, Internet Explorer), then proceed to a Format Install of Windows (contact the client before proceeding).
C. D.
The process for ME is exactly the same except on the CD the folder that contains the cab files is D:\win9x instead of D:\win98 After the copy is complete switch back to the C: drive and run Windows 98/ME installation by typing setup.
Yo u w i l l n e e d t o r e i n s t a l l s o m e d r i v e r s a f t e r a F o r m a t I n s t a l l o f W i n d o w s . D o w n l o a d t h e p r o p e r d r i v e r s f r o m t h e i n t e r n e t , o r u s e d r i v e r d i s k s t h a t c a m e w i t h t h e c o m p u t e r. C o m p u t e r M a n u f a c t u r e r s w e b s i t e D e v i c e M a n u f a c t u r e r s w e b s i t e w w w. d r i v e r g u i d e . c o m ( U s e r n a m e : d r i v e r s P a s s w o r d : a l l ) w w w. g o o g l e . c o m / g r o u p s . g o o g l e . c o m Look for model numbers on device Printed Circuit Board (PCB) and major Integrated Circuits (IC) for search criteria. M a k e s u r e W i n d o w s , p r o g r a m s , a n d d e v i c e s a r e w o r k i n g p r o p e r l y. P r o c e e d w i t h p o s t - o p procedure.
There are three ways you can attempt to resolve more severe technical issues that require at least a partial reinstallation of the operating system. The best practice is to do the least i n t r u s i v e f i x p o s s i b l e ( d o n t a m p u t a t e a n a r m t o f i x a b r o k e n f i n g e r n a i l ) . T h e G e e k S q u a d always tries to leave a computer the way it used to be, because clients are used to the w a y t h e y d o t h i n g s . T h e y l i k e t o h a v e t h e s o l i t a i r e i c o n i n t h e u p p e r r i g h t c o r n e r, a n d t h e a d o r a b l e p u p p y w a l l p a p e r. Ty p i c a l l y, w h e n y o u n e e d t o r e i n s t a l l t h e O S , y o u w i l l f i n d t h a t c l i e n t s h a v e t h e i r r e s t o r e C D b u r i e d i n a c l o s e t s o m e w h e r e . I f y o u r e l u c k y, t h e y h a v e a n a c t u a l X P o r 2 0 0 0 C D . M o r e r e c e n t l y, s o m e m a n u f a c t u r e r s h a v e s t o p p e d g i v i n g o u t C D s a n d are either putting the OS and restore information on a hidden hard drive partition, or putting images on the hard drive that can be burned to CDs. There is a potential for data corruption when performing any sort of install, especially when there is file system or partition corruption. It is very important to back up data before attempting any re-installation, as c a t a s t r o p h e c a n s t r i k e a t a n y t i m e . D o n t g e t c a u g h t i n t h e h e a d l i g h t s o f a n e m p t y d i r e c t o r y tree, inform the client of potential risks, and suggest backing up any important data files just in case. Below are the best ways to perform each type of installation. O E M S O F T WA R E D I S C S O F T I N S TA L L A soft installation is the least intrusive way to repair an OS with corrupt files and/or missing or damaged portions of the OS. Once youre done with a soft install, very little has c h a n g e d c o s m e t i c a l l y, l e a v i n g t h e c l i e n t h a p p y a s a c l a m . E v e n t h o u g h t h e s o f t i n s t a l l l e a v e s things visibly untouched, there is always a chance for massive data corruption, usually when a corrupt file system is involved - so inform client of any potential risks before starting work. OEM XP and Win2k cds give you two options for installation a repair install (soft install), o r a c l e a n i n s t a l l . To a t t e m p t a S o f t i n s t a l l ( o r r e p a i r i n s t a l l a t i o n ) : 1.) 2.) 3.) 4.) S e l e c t t h e f i r s t m e n u o p t i o n : To s e t u p W i n d o w s X P n o w, P r e s s E n t e r . Setup will search for previous installations on the drive. If an installation is found, it will give you the option to either repair the installation that was found, or to install a fresh copy of the Operating System. S e l e c t t h e r e p a i r o p t i o n To r e p a i r t h e s e l e c t e d W i n d o w s X P i n s t a l l a t i o n , p r e s s R . S e t u p w i l l t h e n g o t h r o u g h a se r i e s o f c h e c k s a n d w i l l b e g i n r e p a i r i n g a n y c o r r u p t or missing system files, and will continue through setup as if it was a standard installation.
C L E A N / PA R A L L E L I N S TA L L S o m e t i m e s a s o f t i n s t a l l d o e s n o t r e s o l v e t h e i s s u e y o u a r e t r y i n g t o r e p a i r. A c l e a n / p a r a l l e l i n s t a l l i s n e c e s s a r y w h e n t h e r e i s e x t r e m e O S c o r r u p t i o n , c o r r u p t r e g i s t r y, e t c . A c l e a n o r parallel install is installing a fresh copy of windows on the system in a different directory than the current copy of windows. The advantage to doing this rather than formatting is that a l t h o u g h y o u a r e s t a r t i n g f r o m s c r a t c h w i t h w i n d o w s , t h e c l i e n t s d a t a i s n o t l o s t . B e s u r e to inform the client that ALL applications and peripherals will need to be reinstalled (that m e a n s Wo r d , Q u i c k e n , S c r a b b l e , e t c ) a f t e r t h e w i n d o w s r e i n s t a l l a t i o n h a s f i n i s h e d . T h e c l i e n t s d a t a S H O U L D n o t b e l o s t , ho w e v e r b e s u r e t o w a r n t h e m o f t h e r i s k o f d a t a l o s s , and strongly suggest backing up all important data before proceeding with the installation.
Although data should not be lost, information like e-mail and quicken data may need to be imported after the respective programs are reinstalled. 1.) I f p o s s i b l e , r e n a m e t h e c l i e n t s W i n d o w s , P r o g r a m F i l e s , a n d D o c u m e n t s a n d S e t t i n g s directory before proceeding with the installation. This will reduce the risk of data loss during the reinstall. B o o t t o t h e O E M W i n 2 k o r W i n d o w s X P C D a n d s e l e c t To s e t u p W i n d o w s X P n o w, Press Enter. Select the option to install a fresh copy of Windows. Setup will prompt you for the new installation location. If you were not able to rename the current windows directory before starting the clean install, change the installation directory from Windows to Windows2 or WinXP. This will be your new windows directory Proceed through install as normal.
6.)
F O R M AT A N D I N S TA L L AT I O N A f o r m a t a n d i n s t a l l i s t h e m o s t i n tr u s i v e f i x p o s s i b l e , a n d s h o u l d o n l y b e u s e d i n e x t r e m e c a s e s o f p a r t i t i o n o r f i l e s y s t e m c o r r u p t i o n . T h i s m e t h o d c a u s e s a l l d a t a o n t h e c l i e n t s h a r d drive to be erased and a clean and fresh copy of windows to be installed. This is a *LAST RESORT*. When performing a format and install, there are 3 things you must do before proceeding with the work. 1.) 2.) 3.) Inform the client that all of their data is going to be lost, and why it is necessary to t a k e s u c h h a r s h a c t i o n t o r e s ol v e t h e i r p r o b l e m ( p a r t i t i o n t a b l e i s c o r r u p t , e t c . . . ) Inform the client that they will not have any of their data after you format the system Inform the client that their data will be gone when you are done. This means e-mails, bookmarks, photos, documents, quicken data. Gone, never going to see it again. Reiterate this point over and over until you are sure the client understands.
To p e r f o r m a f o r m a t a n d i n s t a l l : 1.) 2.) 3.) 4.) B o o t t o t h e O E M C D . S e l e c t t h e o p t i o n To s e t u p W i n d o w s X P n o w, P r e s s E n t e r . Setup will find the previous installation and will ask if you want to repair it or continue installing a fresh copy of Windows XP without repairing Press ESC. D e l e t e t h e c u r r e n t p a r t i t i o n a n d f o l l o w s e t u p s i n s t r u c t i o n s t o c r e a t e a n d f o r m a t a n e w one. BEFORE you do delete the partition, it is crucial that you explain to the client t h a t A L L o f t h e i r d a t a i s g o i n g t o b e e r a s e d . Te l l t h e m t h i s a t l e a s t 3 t i m e s b e f o r e f o r m a t t i n g t h e d r i v e . E x p l a i n t o t h e m w h a t d a t a i s - m o s t p e o p l e d o n t k n o w t h a t t h e i r data is all of their MP3 files, or all of their pictures from the lake cabin. Only after the client understands and agrees to losing all of their data, continue deleting the partition and recreating a new one.
5.)
Setup will walk you through the rest of the install. After the installation is complete, it is your responsibility to install all needed drivers and to make sure everything is w o r k i n g a s i t s h o u l d b e . Yo u s h o u l d m a k e s u r e t h e y c a n g e t o n l i n e a n d c h e c k t h e i r e mail. This does not mean you have to reinstall all the applications that were installed before. Reinstalling applications and importing data is an additional service and should b e b i l l e d a c c o r d i n g l y.
NOTE: It would be wise to note any errors you run across during installation and research the cause and possible effect of said errors. It is also important to make sure that the OS is totally patched and the newest service packs are installed. S O F T I N S TA L L W I T H R E C O V E R C D S o m e r e c o v e r y C D s g i v e y o u t h e o p t i o n f o r a d e s t r u c t i v e r e p a i r o r a n o n - d e s t r u c t i v e r e p a i r. I f y o u e n c o u n t e r a m a c h i n e t h a t w as s h i p p e d w i t h W 2 K o r X P a n d i t c a m e w i t h r e c o v e r y C D s , it is wise to investigate what options are available for that specific recovery disc. After you have examined your options, inform the client of your recommendation. If a non-destructive r e p a i r o p t i o n e x i s t s , r e a d t h r o u g h a n y w a r n i n g s t h a t t h e r e c o v e r y C D s d i s p l a y s a n d m a k e sure to relay that information to the client in words they can understand. Once you have educated the client and they understand what is going to happen to their s y s t e m ( a n d w h y i t i s n e c e s s a r y ) , r u n t h e n o n - d e s t r u c t i v e r e p a i r. T h e s t e p s t o p e r f o r m t h i s operation will vary from machine to machine and you should read everything VERY carefully before proceeding. If the only option that the recovery CD has to offer is a destructive install, a soft install is not possible. At this point, you should stop, look at all available options, and present the least intrusive option to resolve the problem to the client. It is up to them to decide how they want to proceed from there. F O R M AT A N D I N S TA L L W I T H R E C O V E R C D This is the standard recovery option for most PCs. Restore CDs are very straightforward and g e n e r a l l y f o r m a t a n d r e - i m a g e t h e c l i e n t s h a r d d r i v e , r e t u r n i n g i t t o t h e s t a t e t h e s y s t e m was in when it came off the shelf. It is crucial to stress the importance of informing the client about what formatting really means and making sure that the client understands the r e s u l t b e f o r e d o i n g a n y w o r k t h a t co u l d p o s s i b l y r e s u l t i n d a t a l o s s . A g a i n , t h i s s h o u l d b e a L A S T R E S O R T. NOTE: Not only is it very important to explain risks and reasons for your suggestions to clients in all situations, it is also extremely important to document EVERYTHING in the notes!
Microsoft Outlook Express *.dbx - Outlook Express data file (most commonly)
Win 2k/XP: C:\Documents and Settings\% u s e r % \ L o c a l S e t t i n g s \ A p p l i c a t i o n D a t a \ I d e n t i t i e s \ { % } \ M i c r o s o f t \ O u t l o o k E x p r e s s Win 9x/ME: C:\Windows\Application Data \ I d e n t i t i e s \ { % } \ M i c r o s o f t \ O u t l o o k E x p r e s s
*.wab Windows Address Book Win 2K/XP C:\Documents and Settings\%user%\Application Data\Microsoft\Address Book Win 9x/ME - C:\Windows\Application Data\Microsoft\Address Book * . c s v C o m m a S e p a r a t e d Va l u e s A more reliable way to export/back-up address book entries To E x p o r t : F i l e > E x p o r t > A d d r e s s B o o k > Te x t F i l e > E x p o r t To I m p o r t : F i l e > I m p o r t > O t h e r A d d r e s s B o o k > Te x t F i l e > I m p o r t
Quicken *.qdf - Quicken data file Stores all transactional data for the account Ty p i c a l l o c a t i o n - C : \ P r o g r a m F i l e s \ Q u i c k e n W \ B a c k u p I f t h e d a t a h a s n o t b e e n b a c k e d u p r e c e n t l y, t h e e n t i r e Q u i c k e n W d i r e c t o r y s h o u l d b e c o p i e d QuickBooks *.qbb - QuickBooks company file S t o r e s a l l c o m p a n y - s p e c i f i c i nf o r m a t i o n Ty p i c a l l o c a t i o n C : \ P r o g r a m F i l e s \ I n t u i t \ Q u i c k B o o k s Microsoft Money *.mny Stores all transactional data for the account Ty p i c a l l o c a t i o n C : \ P r o g r a m F i l e s \ M i c r o s o f t M o n e y
I f n e t w o r k s h a r e s a r e t a k i n g a l o n g t i m e t o d i s p l a y, t r y t h i s t w e a k W h e n a p p l i e d t h i s t e l l s t h e c o m p u t e r n o t t o l o o k a t t h e s h a r e s f o l d e r, t h e r e f o r e s p e e d i n g up your sharing Apply Speed up file.print sharing tweak.reg L o c a t e d o n t h e M R I \ . \ W i n d o w s To o l s \ R e g i s t r y E n t r i e s There is a folder on the MRI with a few helpful links to various web sites \.\Helpful Links
This has turned up many little issues in the past that may have become potential recalls. A s a t i s f i e d c l i e n t m e a n s a p o t e n t i a l re p e a t c l i e n t ! Educate, educate, and re-educate the client on what was done with their system!
Check-Out P u l l u p c l i e n t s s e r v i c e o r d e r t h r o u g h S TA R Ve r i f y p r o d u c t i s c o m p l e t e G e t p r o d u c t , p a p e r w o r k , a n d al l p a r t s Explain in detail what was wrong and what service was performed Make sure the client is fully aware of EVERYTHING you did to their machine Make recommendations as to how to prevent it from happening again C l o s e s e r v i c e o r d e r i n S TA R P r o c e s s p a y m e n t t h r o u g h P. O . S . Parts and Labor G e t c l i e n t s s i g n a t u r e o n c l o s e d s e r v i c e o r d e r L a s t l y, t h a n k t h e c l i e n t f o r t h ei r b u s i n e s s !
If repairs were completed and verified using the full diagnostic suite and the post-op was performed and noted then there is no reason to power on the computer and show the client t h a t i t i s f u n c t i o n i n g a p p r o p r i a t e l y. I f c l i e n t r e q u e s t s t o h a v e u n i t p o w e r e d u p a t t h a t t i m e p o w e r u p t h e m a c h i n e a n d d e m o n s tr a t e p r o p e r o p e r a t i o n .