XP won't boot? - Performing a manual restore of the Windows XP registry
So your old reliable XP or win 2000 system won't boot. You see the POST (Pwr On Self Test) complete as normal. At
first all looks ok, You see the XP logo and the progress indicator is changing and then a black screen comes up and
your system just sits there frozen and locked up.
Initially you see some hard drive activity but then nothing. You try ctrl-alt-delete but it's hung and locked up hard.
You reset or cycle the power and try booting to safe mode. A list of drivers loading scrolls on the screen and then stops.
Again the system is frozen and hung up just like before and you can't reboot using the keyboard.
Is your safe mode boot frozen at mup.sys?
The last driver that loaded may be mup.sys. To solve that issue on a number of systems, I performed this manual
restore procedure for the windows XP registry. On a few occasions I have also seen this related to a USB device. To
find out about other possible causes of the windows XP boot hang at mup.sys see the following link.
How to recover from the dreaded mup.sys hang.
This Procedure is for you if:
- You want a relatively easy fix and do not want to edit the Windows XP Registry settings.
- You have tried all you know including the suggestions in the previous mup.sys hang link to no avail, XP still won't boot.
- You don't want to do an OS reinstall as that would require, at least! reinstalling all your applications.
- You don't have a slip streamed Installation CD so an in place reinstall would require you applying all those security
updates, argh Please NO!
- You would like to try performing a system restore but Windows needs to be loaded to do that! Or does it?
Follow along closely and I'll show you how to magically restore your system!
Side Note: There are online forums available that have skilled PC Experts that may be able to help you in modifying
the registry files directly.
If you go that route, please be sure to backup your current registry first as we will do here shortly.
First thing we want to do is make sure your hard disk is in order before we continue. A file system error is a likely
cause of a corrupted registry.
- Boot your system from the XP installation CD. If you don't get the choice when you restart with the CD
in the drive you may want to check the boot order in your BIOS
- It will take some time to load but you should eventually see the XP Setup screen. Press R to enter the
Recovery Console
- Select your windows installation. Enter 1 or if you have multiple installations select the 1st or default
instance of XP which should be the broken one
- Supply the administrators password or if you do not know it, just try no password (Enter) which may be the default.
- Forgot the administrators password? There are bootable Linux based utilities that can help but be very careful!
One you might try is the NT Password and Registry editor. Please see their site for downloading and support.
(As I understand it a win2K bootable install cd may be used on an XP system and not require a password because
of differences in the win 2000 and XP SAM. May be worth exploring as a last resort. Your mileage may vary)
If you don't have your Windows recovery or install disk available there are other methods with their own set
of procedures but the theory is the same. The specific procedures on how to use them is beyond the scope
of this article which is long enough already! I can however point you to some useful recovery utilities.
Using these windows recovery utilities you can still perform the below tasks to recover your registry after you
take into consideration the procedural differences and successfully bring your Windows XP system back to life.
To copy and rename Windows XP registry files you could try the NTFS for DOS utility from a bootable floppy or CD.
This utility also has a version of chkdsk to help aid in fixing corruption on the NTFS formatted hard disk.
A utility CD can be had that has both the NTFS for DOS and the Linux based NT Password and Registry
editor mentioned above as well as much more. Consider checking out the Ultimate Boot CD for Windows.
Please see the individual sites for downloading and support information.
- Run chkdsk /p /r (The /p option forces testing on a non-dirty flagged drive The /r is implied but added for
good measure). If it finds errors it should try to fix them. Re run chkdsk and make sure it comes up clean.
So now you think all is OK since chkdsk "FIXED" the errors and that your good to go, right? Not so fast. It
should have corrected the filesystem's integrity but even with that fixed, corrupted files may still exist. But ...
- Exit the recovery console by typing exit at the command prompt and hit enter
- Your system should restart automatically. If not hit reset or cycle power
- If your system restarts ok now fantastic. The issue was not that serious and chkdsk fixed it! Congratulations!
- If unfortunately your system does not come up, you should the follow the restoring XP registry sections below
- NOTE: To fully complete the following procedure you must have had system restore enabled for your
boot\system drive prior to the failure! But even if you didn't you may at least make the system bootable
- Although it is rare, during the following procedure you may be asked to reactivate the system so keep your
product key handy just in case
If your system won't boot successfully, you may have a corrupted registry. The following is the first step in
the restoring your windows xp registry procedure that will enable you to boot your system with generic registry
information.
Note: The following assumes you are using the NTFS filesystem and that your windows directory is C:\WINDOWS.
If your are using the FAT32 filesystem, some instructions may not apply or be slightly different. I'll try and note
where the differences exist.
If your windows directory is different than C:\WINDOWS then substitute the correct value in the following instructions.
Also! It is important you type all instructions exactly as shown!
Commands you need to type in will be displayed in lower case, a larger font, and a different color.
FYI, Windows doesn't really care about case but I will use this convention for clarity.
I will prefix commands with the command prompt that includes the current working directory.
The Command Prompts will be in upper case as this is how they are displayed.
Yours should look the same and we can use this verify you are in the correct directory.
Be sure to pay attention to this as working with the command line is not at all forgiving!
If for some reason your command prompt doesn't reflect the current working directory, you can try executing this
command at the prompt.
set prompt $p$g
As a FYI, There are ways to automate some of this process and/or read the commands from a text file using the
recovery console. I'll leave those options to your imagination or possibly a future article.
Let's get started!
- Boot your system from the XP CD. At the XP Setup screen press R to enter the Recovery Console.
- Select the installation you want to work with (Usually 1)
- Log on the the desired installation with the administratiors password.
If you don't know the password you can try just hitting Enter.
You should now be at a C:\WINDOWS> prompt.
First we will make a new directory to use for backup and as a scratch area.
At the C:\WINDOWS> prompt enter:
- C:\WINDOWS>md mytmp
- Use the dir(ectory) command to verify the directory was created (Optional)
C:\WINDOWS>
dir m*
Now we'll back up your current configuration(registry). We should not need those files anymore but it's good
just to be safe and it's free CYA.
Change your current working directory from C:\WINDOWS to C:\WINDOWS\SYSTEM32\CONFIG.
- C:\WINDOWS>cd system32\config
Your command prompt should now be: C:\WINDOWS\SYSTEM32\CONFIG>.
Now we will copy the folowing 5 regestry files.
- C:\WINDOWS\SYSTEM32\CONFIG>copy system c:\windows\mytmp\system.bak
- C:\WINDOWS\SYSTEM32\CONFIG>copy software c:\windows\mytmp\software.bak
- C:\WINDOWS\SYSTEM32\CONFIG>copy security c:\windows\mytmp\security.bak
- C:\WINDOWS\SYSTEM32\CONFIG>copy sam c:\windows\mytmp\sam.bak
- C:\WINDOWS\SYSTEM32\CONFIG>copy default c:\windows\mytmp\default.bak
Now these files are backed up to \MYTMP. Execute the following dir command to check.
- C:\WINDOWS\SYSTEM32\CONFIG>dir c:\windows\mytmp
You should see the five files listed:
default.bak
sam.bak
security.bak
software.bak
system.bak
It wouldn't be a bad idea to compare the file sizes with the originals, that's your choice.
To show the file sizes of the originals just execute the dir command.
- C:\WINDOWS\SYSTEM32\CONFIG>dir
Now we will replace the registry with the base files created\saved during the initial windows XP installation.
This will enable us to boot the system normally and access the system restore files.
BTW, I know there are some Windows gurus out there that can restore the registry from your last checkpoint
using the recovery console without booting Windows XP itself but that is an even more tedious procedure and we
want to make this as painless as possible.
Besides, If you already know how to do that you are probably not reading this article anyway.
Enough digression. Back to business.
Your current directory should still be C:\WINDOWS\SYSTEM32\CONFIG. If not make it so!
Copy these five files.
Make sure you are in the C:\WINDOWS\SYSTEM32\CONFIG Directory and check your spelling!
Please, DO Not overwrite any files or folders in the C:\WINDOWS\REPAIR Directory!
Also note the single space between the filenames at the end of the following commands.
When you get the warning about overwriting the destination file, Press Y to allow it.
- C:\WINDOWS\SYSTEM32\CONFIG>copy C:\windows\repair\system system
- C:\WINDOWS\SYSTEM32\CONFIG>copy C:\windows\repair\software software
- C:\WINDOWS\SYSTEM32\CONFIG>copy C:\windows\repair\security security
- C:\WINDOWS\SYSTEM32\CONFIG>copy C:\windows\repair\sam sam
- C:\WINDOWS\SYSTEM32\CONFIG>copy C:\windows\repair\default default
Now we should have good (albeit somewhat generic) registry files back in place.
- Exit the recovery console and restart, Before it boots enter your BIOS setup
- Change the date to the previous month. Make note of this date so we can reference it further along in the
process. It will make things easier. I'll explain later
- Save and exit BIOS setup
Don't boot the Windows CD. Do a normal non-safe mode boot from the hard drive.
Depending on your system you may need to take out the CD from your optical drive.
If you followed along precisely, Your previous registry was corrupted, The repair files from you previous windows XP
install were in good shape, and of course, there is no other show stoppers here, you should be greeted by something
you havn't seen in a while!
A Windows XP Welcome screen!
You may notice your user ID(s) are not one of the selections. This is because of the generic registry that is loaded.
Note: System Restore is turned on by default. The following procedure assumes you have NOT turned off System
Restore.
- Logon to your system as someone with administrator privliges (administrator is fine)
- As mentioned previously, you may be required to re-activate your system so keep your product key handy
- If you system restarts or goes back to the logon screen after entering the correct User ID or password your
system may have been affected by some type of malware or virus affecting userinit.exe.
See a related article link on Logon Loops from the Microsoft KB in the right panel.
(This is an old issue but stay tuned, We may add more on this issue later depending on your feedback)
Next we need to change some options so we can access hidden and system files created by System Restore.
- Open up windows explorer (Right click start and select explorer)
- Click tools, click Folder Options... and under the view tab uncheck the "Hide OS Files" checkbox and
Select/Check the box for "Show hidden files and folders".
Also, If you have XP Pro, scroll down to the bottom and uncheck "Use Simple File Sharing"
Click apply and OK
We'll change these all back later when we're done.
- In explorer go to the root of the system drive (C:\ most likely) and open the System Volume Information folder
NOTE: If you can not find this folder then either it is still hidden or System Restore was not enabled on your system
prior to the failure. Please recheck you have followed the above procedures to make the folder visible and accessible.
If the folder is still not visible then it may not exist and in that case you can not proceed with the restore.
Try the below security actions, they may help but if the folder is still not visible it likely does not exist.
However, Since the system is now accessible you may want to try backing up your important files and data
to restore later as a windows reinstall may be necessary.
Help! I get a security error when I try to open the System Volume Information folder
- Right click on the System Volume Information folder and select sharing and security...
- If you are running XP Pro, skip ahead to the "If you are running XP Pro..."
- If you are running XP Home go under the sharing tab and select both checkboxes in the Network
Sharing and Security section and click apply. If you get a warning about filenames over 12 characters
in regard to windows 98/ME, Click Yes, and Click Apply
Skip the next section on XP Pro and continue from the "Now open the System Volume Information folder"
step further down the page.
If you are running XP Pro follow closely.
- Click on the Security tab.
- If you don't see the Securiy tab go back to tools, Folder Options and make sure you unchecked Use
Simple File Sharing in the previous step.
- Click add and click the advanced button. In the select users and groups box click "Find Now" and
select your user name/RDN from the list at the bottom
Be sure you select a user and not a group. For example, if your user id is administrator, Make sure you select
the administrator user (Icon with one head). Do not select the administrators group (Has an icon with two heads).
- Now open the System Volume Information folder
NOTE: As mentioned previously, If you can not find this folder then either it is still hidden or System Restore
was not enabled on your system prior to the failure. Please recheck you have followed the above procedures
to make the folder visible and accessible.
If the folder is still not visible then it may not exist and in that case you can not proceed with the restore.
However, Since the system is now accessible you may want to try backing up your important files and data
to restore later as a windows reinstall may be necessary.
For those continuing from the previous section - This is where the changed date in the BIOS comes into play!
When we booted Windows with the generic registry it likely created a folder here which would normally be the
newest folder. What it now did was create a folder with the older date you specified. Since we don't want the
restore data from that folder, it is now easier to identify the folder we want to use.
See, there is a method to this tedious madness so hang in there OK !
- Open the newest folder named _restore{some hex digits called GUID's}
You should now see a number of folders named RP##. These are Restore Points.
- Open the latest Restore Point folder (It may be a different color than the rest)
- Open the folder called snapshot
- Multi-Select the following "_REGISTRY_MACHINE_" files:
_REGISTRY_MACHINE_SAM
_REGISTRY_MACHINE_SECURITY
_REGISTRY_MACHINE_SOFTWARE
_REGISTRY_MACHINE_SYSTEM
_REGISTRY_USER_.DEFAULT (Note the dot prefix)
- Right click on the highlighted files and select copy
- Drop\Paste these into the C:\WINDOWS\MYTMP folder we created earlier
- Rename these files by deleting off the _REGISTRY_MACHINE_ portion
- Note: Do not copy over, rename or modify the files with the *.bak extension in \mytmp you created\saved earlier
For example: _REGISTRY_MACHINE_SAM becomes just SAM
Also, don't forget to remove the dot in the name for the .default file!
- Exit explorer and restart with the XP CD in your optical drive
- Before you boot the XP CD enter the BIOS Setup and correct the date/time!
- Save and exit the BIOS, Restart, When promped to boot from CD, Do it!
We are going back to the recovery console so we can copy in the extracted registry files to the current active
configuration. This needs to be done when windows is not running otherwise they are locked and therefore
can't be replaced.
- At the XP Setup screen, Press R at the XP setup screen to enter the recovery console
- Select the installation you want to work with (Usually 1)
- Log on the the desired installation with the administratiors password
Now back at the C:\WINDOWS prompt:
Change your current working directory from C:\WINDOWS to C:\WINDOWS\SYSTEM32\CONFIG
- C:\WINDOWS>cd system32\config
Your command prompt should now be: C:\WINDOWS\SYSTEM32\CONFIG>
Make Sure!
Enter each command below and Type Y when prompted to overwrite. Also note the single space between
the filenames at the end of the command lines!
- C:\WINDOWS\SYSTEM32\CONFIG>copy C:\windows\mytmp\software software
- C:\WINDOWS\SYSTEM32\CONFIG>copy C:\windows\mytmp\system system
- C:\WINDOWS\SYSTEM32\CONFIG>copy C:\windows\mytmp\security security
- C:\WINDOWS\SYSTEM32\CONFIG>copy C:\windows\mytmp\sam sam
- C:\WINDOWS\SYSTEM32\CONFIG>copy C:\windows\mytmp\default default
This Is IT ! The moment we have been waiting for!
- C:\WINDOWS>exit
Exit the recovery console and Restart!
As before, You may need to cycle power as ctrl-alt-del may not work
You can remove the XP CD from your optical drive and put it away for safe keeping.
Note that during this particular startup Windows needs to rebuild itself and it will take some time so be patient.
It is best to wait until most of the major HD activity is finished before you logon. I've seen a non-responsive
keyboard issue occur when trying to enter your password. If that happens to you, just give it a minute and try again.
Now you should be back at your original configuration with all the applications, settings and updates that were in
effect at the time reflected by the selected Restore Point.
Congratulations! Great Job!
If this somehow is not the configuration you want you can always go back to System Restore in the normal
fashion and load a different restore point.
You can get there by START>ACCESSORIES>SYSTEM TOOLS>SYSTEM RESTORE and selecting another
restore point using the wizard.
Now, If you have not done so already there are a few items you need to address once you feel all is stable and
have restarted a few times.
Logon to your system as a user with administration privleges
To enhance security: Bring up Explorer (Right Click START), Click on tools, Click Folder Options,
Click the View tab
1. Under hidden files and folders, Set the "Do not show hidden files and folders" radio button
2. Make sure there is a check in the "Hide protected operating system files" item
3. (XP Home) While you are still in explorer navigate to the C:\System Volume Information folder, Right click,
select Sharing and Security..., In the Sharing, Network and Security section deselect the two checkboxes,
Click Apply and OK.
or
3. (XP Pro) Navigate to the C:\System Volume Information folder, Right click, select Sharing and Security...,
Open the Security tab, Highlight (ONLY) the user (One headed Icon) that was added previously and click
the remove button. Please Do Not remove the SYSTEM or Everyone Groups!
When you are sure click Apply and OK
4. (XP Pro) Click on tools, Click Folder Options, Click the View tab, Scroll to the bottom and make sure
there is a check in the "Use simple file sharing" item
If for some reason you would need to revert your registry files back to what they were before you started
this procedure, here are the instructions.
NOTE: This is NOT part of the recovery procedure. This process is only be used if you have a specific
reason for example by way of some technical support or other recommendation.
This
will revert your system back to the original
failed state
- Boot your system from the XP CD. At the XP Setup screen press R to enter the Recovery Console.
- Select the installation you want to work with (Usually 1)
- Log on the desired installation with the administrators password.
If you don't know the password you can try just hitting Enter.
You should now be at a C:\WINDOWS> prompt.
Now we will change to the directory you created in the beginning of the procedure where you had
saved the then current registry. Here we will assume the directory is
C:\WINDOWS\MYTMP as per
the procedure described earlier and the files have the recommended .bak extension.
At the C:\WINDOWS> prompt enter:
- C:\WINDOWS>cd mytmp
- Use the dir(ectory) command to verify the 5 files backed up (*.bak) previously are still there
C:\WINDOWS\MYTMP>
dir
We will now copy these saved files to the %windir%\system32\config directory where XP looks for your current registry
Make sure you are in the C:\WINDOWS\MYTMP directory and double check your spelling!
Note the single space between the filenames separating the source and target in the following commands.
When you get the warning about overwriting the destination file, Press Y to allow it.
- C:\WINDOWS\MYTMP>copy system.bak c:\windows\system32\config\system
- C:\WINDOWS\MYTMP>copy software.bak c:\windows\system32\config\software
- C:\WINDOWS\MYTMP>copy security.bak c:\windows\system32\config\security
- C:\WINDOWS\MYTMP>copy sam.bak c:\windows\system32\config\sam
- C:\WINDOWS\MYTMP>copy default.bak c:\windows\system32\config\default
Once this is completed you have restored your system back to the original registry state it was in before
you started this restore\recovery procedure.
Back to the top
If you found this page useful, consider linking to it.
Just copy (mark then ctrl-c) and past into your website.
This is how this link will look: XP won't boot? Try manual registry restore
- One other thing. If you found this article on manually restoring the windows XP registry useful (or not)
and have comments, criticisms, or suggestions please feel free to drop us a note using our Contact form
Thanks! Enjoy! This fix has worked for others and I hope it works for you!
Version 1.2 Copyright © 2007-2009 www.AITechSolutions.net. All rights reserved.