After some research I determined that after mup.sys is loaded in safe-mode the computer begins to look at registry entries. And since system restore reverts you registry, the computer would not boot due to registry corruption.
The solution:
Manually do / finish the system restore.
This is easy if you know where the files are that you are looking for. But be very careful, because you can do some serious damage if you don't know what you are doing or don't do it correctly.
There are five different registry files. They are System, SAM, Software, Security, and Default.
The registry files that are loaded are in:
Windows\system32\config\
The default registry files from the initial install are in:
Windows\repair\
And finally System Restore Points are saved in:
There are a few ways you can restore the system, the easiest one is probably this way:
- Stick the harddisk into a working computer (NOT recommended if cause was a virus.) 
- Load up windows and go into the new harddisk. 
- Make sure you can see/access system folders. 
 (Tools -> Options... View and uncheck "Hide Protected Operating System Files.")
 (For folder access either modify permissions or share the folder.)
- Go into the system32\config folder and backup the five files in there. 
- Navigate to the desired system restore point folder, and choose the desired restore point folder. These will be by date created. (Usually you want the most recent one.) 
- Copy the files into the config folder and rename them to replace the existing ones. (i.e. SAM, SECUTIRY, SOFTWARE, SYSTEM, and DEFAULT.) Make sure you delete the '.' on default. Naming must be exact. 
- Once you have copied the desired restore point registry files, you can put the harddisk back in the original computer and try booting it again. Everything should be OK. 
A more complex method:
- Boot from the Windows XP CD, and choose 'R' for Recovery Console.
- Log onto the broken copy of Windows.
- Use the copy command to back up the files in the config folder.
 cd system32\config
 copy software software.bak
 ect...
- Use the copy command to restore the original registry.
 cd ..
 cd ..
 cd repair
 copy software C:\windows\system32\config
 ect...
- Once all five registry files have been copied. Restart the system and adjust the clock in the bios to last month.
- Boot the OS from the harddisk. (Recommended boot in Safe-Mode.)
- Now navigate to the "System Volume Information" Folder. (see above...)
- Pick the proper restore point and copy the files into a temporary directory. Remember where this directory is. A good one would be C:\regtemp.
- Once all the files are copied, reboot and go back into recovery console.
- Copy the restore point files from the temp directory into system32\config.
- Reboot and your system should be restored to that restore point.
Note: You may get some errors and some requests to re-activate Windows. You can ignore the errors and just follow the re-activation prompt to do it over the internet. It should re-activate with no issues.
 
No comments:
Post a Comment