Monday, February 29, 2016

Recover Windows Boot Problem

From : http://www.aitechsolutions.net/winxpnoboot.html

 Safe mode boot frozen at mup.sys

The last driver that loaded may be mup.sys. To solve that issue on a number of systems, I performed this manual
restore procedure for the windows XP registry.
 

Running Chkdsk from the Windows XP Recovery Console

  • Boot your system from the XP installation CD. If you don't get the choice when you restart with the CD in the drive you may want to check the boot order in your BIOS
  • It will take some time to load but you should eventually see the XP Setup screen. Press R to enter the Recovery Console
  • Select your windows installation. Enter 1 or if you have multiple installations select the 1st or default instance of XP which should be the broken one
  • Supply the administrators password or if you do not know it, just try no password (Enter) which may be the default.
  • Forgot the administrators password? There are bootable Linux based utilities that can help but be very careful!
    One you might try is the NT Password and Registry editor. Please see their site for downloading and support.

    (As I understand it a win2K bootable install cd may be used on an XP system and not require a password because of differences in the win 2000 and XP SAM. May be worth exploring as a last resort. Your mileage may vary)

    If you don't have your Windows recovery or install disk available there are other methods with their own set of procedures but the theory is the same. The specific procedures on how to use them is beyond the scope of this article which is long enough already! I can however point you to some useful recovery utilities.

    Using these windows recovery utilities you can still perform the below tasks to recover your registry after you take into consideration the procedural differences and successfully bring your Windows XP system back to life.

    To copy and rename Windows XP registry files you could try the NTFS for DOS utility from a bootable floppy or CD. This utility also has a version of chkdsk to help aid in fixing corruption on the NTFS formatted hard disk.

    A utility CD can be had that has both the NTFS for DOS and the Linux based NT Password and Registry editor mentioned above as well as much more. Consider checking out the Ultimate Boot CD for Windows.
    Please see the individual sites for downloading and support information.
  • Run chkdsk /p /r (The /p option forces testing on a non-dirty flagged drive The /r is implied but added for
    good measure). If it finds errors it should try to fix them. Re run chkdsk and make sure it comes up clean.

    So now you think all is OK since chkdsk "FIXED" the errors and that your good to go, right? Not so fast. It
    should have corrected the filesystem's integrity but even with that fixed, corrupted files may still exist. But ...
  • Exit the recovery console by typing exit at the command prompt and hit enter
  • Your system should restart automatically. If not hit reset or cycle power
  • If your system restarts ok now fantastic. The issue was not that serious and chkdsk fixed it! Congratulations!
  • If unfortunately your system does not come up, you should the follow the restoring XP registry sections below
 

Restoring the Windows XP registry to a bootable configuration
General instructions and conventions

If your system won't boot successfully, you may have a corrupted registry. The following is the first step in the restoring your windows xp registry procedure that will enable you to boot your system with generic registry information. Note: The following assumes you are using the NTFS filesystem and that your windows directory is C:\WINDOWS. If your are using the FAT32 filesystem, some instructions may not apply or be slightly different. I'll try and note where the differences exist. If your windows directory is different than C:\WINDOWS then substitute the correct value in the following instructions. Also! It is important you type all instructions exactly as shown! Commands you need to type in will be displayed in lower case, a larger font, and a different color. FYI, Windows doesn't really care about case but I will use this convention for clarity. I will prefix commands with the command prompt that includes the current working directory. The Command Prompts will be in upper case as this is how they are displayed. Yours should look the same and we can use this verify you are in the correct directory. Be sure to pay attention to this as working with the command line is not at all forgiving! If for some reason your command prompt doesn't reflect the current working directory, you can try executing this command at the prompt. set prompt $p$g As a FYI, There are ways to automate some of this process and/or read the commands from a text file using the recovery console. I'll leave those options to your imagination or possibly a future article. Let's get started!

Backing up your current primary registry files
- Very Important, Do not skip! -


  • Boot your system from the XP CD. At the XP Setup screen press R to enter the Recovery Console.
  • Select the installation you want to work with (Usually 1)
  • Log on the the desired installation with the administratiors password.
    If you don't know the password you can try just hitting Enter.

You should now be at a C:\WINDOWS> prompt.

First we will make a new directory to use for backup and as a scratch area.

At the C:\WINDOWS> prompt enter:

  • C:\WINDOWS>md mytmp
  • Use the dir(ectory) command to verify the directory was created (Optional)
C:\WINDOWS>dir m*

Now we'll back up your current configuration(registry). We should not need those files anymore but it's good just to be safe and it's free.

Change your current working directory from C:\WINDOWS to C:\WINDOWS\SYSTEM32\CONFIG.

  • C:\WINDOWS>cd system32\config
Your command prompt should now be: C:\WINDOWS\SYSTEM32\CONFIG>.

Now we will copy the following 5 registry files.

  • C:\WINDOWS\SYSTEM32\CONFIG>copy system c:\windows\mytmp\system.bak
  • C:\WINDOWS\SYSTEM32\CONFIG>copy software c:\windows\mytmp\software.bak
  • C:\WINDOWS\SYSTEM32\CONFIG>copy security c:\windows\mytmp\security.bak
  • C:\WINDOWS\SYSTEM32\CONFIG>copy sam c:\windows\mytmp\sam.bak
  • C:\WINDOWS\SYSTEM32\CONFIG>copy default c:\windows\mytmp\default.bak
Now these files are backed up to \MYTMP. Execute the following dir command to check.
  • C:\WINDOWS\SYSTEM32\CONFIG>dir c:\windows\mytmp
You should see the five files listed: default.bak sam.bak security.bak software.bak system.bak It wouldn't be a bad idea to compare the file sizes with the originals, that's your choice. To show the file sizes of the originals just execute the dir command.
  • C:\WINDOWS\SYSTEM32\CONFIG>dir

Restore base registry hive files from original installation

Now we will replace the registry with the base files created\saved during the initial windows XP installation. This will enable us to boot the system normally and access the system restore files. BTW, I know there are some Windows gurus out there that can restore the registry from your last checkpoint using the recovery console without booting Windows XP itself but that is an even more tedious procedure and we want to make this as painless as possible. Besides, If you already know how to do that you are probably not reading this article anyway. Enough digression. Back to business. Your current directory should still be C:\WINDOWS\SYSTEM32\CONFIG. If not make it so! Copy these five files. Make sure you are in the C:\WINDOWS\SYSTEM32\CONFIG Directory and check your spelling! Please, DO Not overwrite any files or folders in the C:\WINDOWS\REPAIR Directory! Also note the single space between the filenames at the end of the following commands. When you get the warning about overwriting the destination file, Press Y to allow it.
  • C:\WINDOWS\SYSTEM32\CONFIG>copy C:\windows\repair\system system
  • C:\WINDOWS\SYSTEM32\CONFIG>copy C:\windows\repair\software software
  • C:\WINDOWS\SYSTEM32\CONFIG>copy C:\windows\repair\security security
  • C:\WINDOWS\SYSTEM32\CONFIG>copy C:\windows\repair\sam sam
  • C:\WINDOWS\SYSTEM32\CONFIG>copy C:\windows\repair\default default
Now we should have good (albeit somewhat generic) registry files back in place.

Change the system date and boot XP with the base registry


  • Exit the recovery console and restart, Before it boots enter your BIOS setup
  • Change the date to the previous month. Make note of this date so we can reference it further along in the
    process. It will make things easier. I'll explain later
  • Save and exit BIOS setup
Don't boot the Windows CD. Do a normal non-safe mode boot from the hard drive. Depending on your system you may need to take out the CD from your optical drive. If you followed along precisely, Your previous registry was corrupted, The repair files from you previous windows XP install were in good shape, and of course, there is no other show stoppers here, you should be greeted by something you havn't seen in a while! A Windows XP Welcome screen! You may notice your user ID(s) are not one of the selections. This is because of the generic registry that is loaded. Note: System Restore is turned on by default. The following procedure assumes you have NOT turned off System Restore.

Manually restoring the XP registry from a Restore CheckPoint
Enabling access to restore files

  • Logon to your system as someone with administrator privliges (administrator is fine)
  • As mentioned previously, you may be required to re-activate your system so keep your product key handy
  • If you system restarts or goes back to the logon screen after entering the correct User ID or password your
    system may have been affected by some type of malware or virus affecting userinit.exe.
    See a related article link on Logon Loops from the Microsoft KB in the right panel.
    (This is an old issue but stay tuned, We may add more on this issue later depending on your feedback)
Next we need to change some options so we can access hidden and system files created by System Restore.

  • Open up windows explorer (Right click start and select explorer)
  • Click tools, click Folder Options... and under the view tab uncheck the "Hide OS Files" checkbox and
    Select/Check the box for "Show hidden files and folders".
    Also, If you have XP Pro, scroll down to the bottom and uncheck "Use Simple File Sharing"
    Click apply and OK
We'll change these all back later when we're done.
  • In explorer go to the root of the system drive (C:\ most likely) and open the System Volume Information folder
NOTE: If you can not find this folder then either it is still hidden or System Restore was not enabled on your system prior to the failure. Please recheck you have followed the above procedures to make the folder visible and accessible. If the folder is still not visible then it may not exist and in that case you can not proceed with the restore. Try the below security actions, they may help but if the folder is still not visible it likely does not exist. However, Since the system is now accessible you may want to try backing up your important files and data to restore later as a windows reinstall may be necessary.       Help! I get a security error when I try to open the System Volume Information folder
  • Right click on the System Volume Information folder and select sharing and security...
  • If you are running XP Pro, skip ahead to the "If you are running XP Pro..."
  • If you are running XP Home go under the sharing tab and select both checkboxes in the Network
    Sharing and Security section and click apply. If you get a warning about filenames over 12 characters
    in regard to windows 98/ME, Click Yes, and Click Apply
Skip the next section on XP Pro and continue from the "Now open the System Volume Information folder" step further down the page. If you are running XP Pro follow closely.
  • Click on the Security tab.
  • If you don't see the Securiy tab go back to tools, Folder Options and make sure you unchecked Use
    Simple File Sharing in the previous step.
  • Click add and click the advanced button. In the select users and groups box click "Find Now" and
    select your user name/RDN from the list at the bottom
Be sure you select a user and not a group. For example, if your user id is administrator, Make sure you select the administrator user (Icon with one head). Do not select the administrators group (Has an icon with two heads).
  • Click OK, Apply and OK

Extracting registry files from System Restore created CheckPoints

  • Now open the System Volume Information folder

    NOTE: As mentioned previously, If you can not find this folder then either it is still hidden or System Restore
    was not enabled on your system prior to the failure. Please recheck you have followed the above procedures
    to make the folder visible and accessible.

    If the folder is still not visible then it may not exist and in that case you can not proceed with the restore.
    However, Since the system is now accessible you may want to try backing up your important files and data
    to restore later as a windows reinstall may be necessary.

    For those continuing from the previous section - This is where the changed date in the BIOS comes into play!
    When we booted Windows with the generic registry it likely created a folder here which would normally be the
    newest folder. What it now did was create a folder with the older date you specified. Since we don't want the
    restore data from that folder, it is now easier to identify the folder we want to use.
    See, there is a method to this tedious madness so hang in there OK !
  • Open the newest folder named _restore{some hex digits called GUID's}

You should now see a number of folders named RP##. These are Restore Points.
  • Open the latest Restore Point folder (It may be a different color than the rest)
  • Open the folder called snapshot
  • Multi-Select the following "_REGISTRY_MACHINE_" files:
    _REGISTRY_MACHINE_SAM
    _REGISTRY_MACHINE_SECURITY
    _REGISTRY_MACHINE_SOFTWARE
    _REGISTRY_MACHINE_SYSTEM
    _REGISTRY_USER_.DEFAULT (Note the dot prefix)
  • Right click on the highlighted files and select copy
  • Drop\Paste these into the C:\WINDOWS\MYTMP folder we created earlier
  • Rename these files by deleting off the _REGISTRY_MACHINE_ portion
  • Note: Do not copy over, rename or modify the files with the *.bak extension in \mytmp you created\saved earlier
For example: _REGISTRY_MACHINE_SAM becomes just SAM Also, don't forget to remove the dot in the name for the .default file!
  • Exit explorer and restart with the XP CD in your optical drive
  • Before you boot the XP CD enter the BIOS Setup and correct the date/time!
  • Save and exit the BIOS, Restart, When promped to boot from CD, Do it!

Import extracted checkpoint registry files into the current active registry

We are going back to the recovery console so we can copy in the extracted registry files to the current active configuration. This needs to be done when windows is not running otherwise they are locked and therefore can't be replaced.
  • At the XP Setup screen, Press R at the XP setup screen to enter the recovery console
  • Select the installation you want to work with (Usually 1)
  • Log on the the desired installation with the administratiors password
Now back at the C:\WINDOWS prompt: Change your current working directory from C:\WINDOWS to C:\WINDOWS\SYSTEM32\CONFIG
  • C:\WINDOWS>cd system32\config

Your command prompt should now be: C:\WINDOWS\SYSTEM32\CONFIG> Make Sure! Enter each command below and Type Y when prompted to overwrite. Also note the single space between the filenames at the end of the command lines!
  • C:\WINDOWS\SYSTEM32\CONFIG>copy C:\windows\mytmp\software software
  • C:\WINDOWS\SYSTEM32\CONFIG>copy C:\windows\mytmp\system system
  • C:\WINDOWS\SYSTEM32\CONFIG>copy C:\windows\mytmp\security security
  • C:\WINDOWS\SYSTEM32\CONFIG>copy C:\windows\mytmp\sam sam
  • C:\WINDOWS\SYSTEM32\CONFIG>copy C:\windows\mytmp\default default

This Is IT ! The moment we have been waiting for!
  • C:\WINDOWS>exit

    Exit the recovery console and Restart!
    As before, You may need to cycle power as ctrl-alt-del may not work
You can remove the XP CD from your optical drive and put it away for safe keeping. Note that during this particular startup Windows needs to rebuild itself and it will take some time so be patient. It is best to wait until most of the major HD activity is finished before you logon. I've seen a non-responsive keyboard issue occur when trying to enter your password. If that happens to you, just give it a minute and try again. Now you should be back at your original configuration with all the applications, settings and updates that were in effect at the time reflected by the selected Restore Point. Congratulations! Great Job! If this somehow is not the configuration you want you can always go back to System Restore in the normal fashion and load a different restore point. You can get there by START>ACCESSORIES>SYSTEM TOOLS>SYSTEM RESTORE and selecting another restore point using the wizard.

Restore security settings for system restore folders

Now, If you have not done so already there are a few items you need to address once you feel all is stable and have restarted a few times. Logon to your system as a user with administration privleges To enhance security: Bring up Explorer (Right Click START), Click on tools, Click Folder Options, Click the View tab 1. Under hidden files and folders, Set the "Do not show hidden files and folders" radio button 2. Make sure there is a check in the "Hide protected operating system files" item 3. (XP Home) While you are still in explorer navigate to the C:\System Volume Information folder, Right click, select Sharing and Security..., In the Sharing, Network and Security section deselect the two checkboxes, Click Apply and OK. or 3. (XP Pro) Navigate to the C:\System Volume Information folder, Right click, select Sharing and Security..., Open the Security tab, Highlight (ONLY) the user (One headed Icon) that was added previously and click the remove button. Please Do Not remove the SYSTEM or Everyone Groups! When you are sure click Apply and OK 4. (XP Pro) Click on tools, Click Folder Options, Click the View tab, Scroll to the bottom and make sure there is a check in the "Use simple file sharing" item

Fall back procedure ( If Needed ONLY ) - Pre-procedure Registry files restore



If for some reason you would need to revert your registry files back to what they were before you started
this procedure, here are the instructions.

NOTE: This is NOT part of the recovery procedure. This process is only be used if you have a specific
reason for example by way of some technical support or other recommendation.
This will revert your system back to the original failed state

  • Boot your system from the XP CD. At the XP Setup screen press R to enter the Recovery Console.
  • Select the installation you want to work with (Usually 1)
  • Log on the desired installation with the administrators password.
    If you don't know the password you can try just hitting Enter.
You should now be at a C:\WINDOWS> prompt.

Now we will change to the directory you created in the beginning of the procedure where you had
saved the then current registry. Here we will assume the directory is C:\WINDOWS\MYTMP as per
the procedure described earlier and the files have the recommended .bak extension.

At the C:\WINDOWS> prompt enter:

  • C:\WINDOWS>cd mytmp
  • Use the dir(ectory) command to verify the 5 files backed up (*.bak) previously are still there
C:\WINDOWS\MYTMP>dir

We will now copy these saved files to the %windir%\system32\config directory where XP looks for your current registry
Make sure you are in the C:\WINDOWS\MYTMP directory and double check your spelling! Note the single space between the filenames separating the source and target in the following commands. When you get the warning about overwriting the destination file, Press Y to allow it.
  • C:\WINDOWS\MYTMP>copy system.bak c:\windows\system32\config\system
  • C:\WINDOWS\MYTMP>copy software.bak c:\windows\system32\config\software
  • C:\WINDOWS\MYTMP>copy security.bak c:\windows\system32\config\security
  • C:\WINDOWS\MYTMP>copy sam.bak c:\windows\system32\config\sam
  • C:\WINDOWS\MYTMP>copy default.bak c:\windows\system32\config\default
Once this is completed you have restored your system back to the original registry state it was in before you started this restore\recovery procedure. 
 
Posted by at No comments:
Subscribe to: Posts (Atom)