I came into the office this morning and was told that a production machine running XP SP3 is failing to boot. It also can not get to safe mode and is bombing out at mup.sys. After Googling the hell out of it I discovered that lot’s of people have the same issue or at least some sort of version of it. I tried all the tricks I had up my sleeve and then I tried a suggestion that I found. It was to use the Recovery console to kind of run a system restore. It actually only restores the registry hive from the check point you want. And it worked beautifully! Here are the instructions to try it for yourself.
One of the most commonly requested features in Windows is the ability to boot to the Recovery Console and perform a System Restore operation. There are times when it’s simply not possible to boot Windows in safe mode to run System Restore, and the Recovery Console has no built-in way of running System Restore.
That being said, if you need to run System Restore to revert the system to an earlier version of the SYSTEM or SOFTWARE Registry hive, because of a corrupted Registry, it is possible to do this manually. This method is far from perfect and doesn’t take into account any of the other changes that System Restore might track (such as changed .DLLs or other system components), but it will allow you to recover copies of the Registry in the event of a failure—provided they’ve been saved with System Restore and are available.
Here is the 12-step process:
1. Boot the Recovery Console from the Windows XP installation CD.
2. When you’re at the Recovery Console command prompt, change into the root directory of the system drive with the cd command (i.e., cd \).
3. Change into the System Volume Information directory by typing cd system~1 on most machines, or cd “System Volume Information.”
(The filenames with ~1 are generated by default to provide backwards compatibility with programs that only recognize 8.3-format filenames. It’s possible to disable 8.3 filename generation on NTFS volumes to gain some speed, but the speed gained by doing this is generally pretty small and it can have the unintended consequence of making it impossible to use 8.3 filenames in contexts like this. If you can’t use 8.3 filenames to navigate, 8.3 name generation might be disabled. See Microsoft’s support document called How to Disable the 8.3 Name Creation on NTFS Partitions.
4. The System Volume Information directory contains a folder name _restore followed by a GUID in curly braces. Change into it by typing cd _resto~1; if that doesn’t work you’ll have to type cd “_restore{GUID_STRING}”, with the full GUID string in place of GUID_STRING.
5. In the _restore directory are a group of subdirectories starting with the letters RP and followed by a number. These are the different restore points available for that volume.
6. Check the date on each directory and look for one that corresponds to a date before you began experiencing problems.
7. Change into the appropriate directory. If the directory is named RP74, for instance, change into it by typing RP74.
8. Inside that directory will be a subdirectory named snapshot; change into that directory as well (cd snapshot)
9. The snapshot directory holds backup copies of the SOFTWARE and SYSTEM Registry hives, named _REGISTRY_MACHINE_SOFTWARE and _REGISTRY_MACHINE_SYSTEM, respectively.
10. The target directory for these files is \Windows\System32\Config, and the hives there are named SOFTWARE and SYSTEM. Rather than overwrite those files entirely, you can rename them to something else. Typing ren \windows\system32\config\software \windows\system32\config\software.bak and ren \windows\system32\config\system \windows\system32\config\system.bak will rename them to software.bak and system.bak, respectively.
11. Copy in the backup hives: copy _REGISTRY_MACHINE_SOFTWARE \windows\system32\config\software and copy _REGISTRY_MACHINE_SYSTEM \windows\system32\config\system.
12. Type exit to leave the Recovery Console and restart the computer.
If you have an alternate operating system, such as a Linux live-recovery CD or another installation of Windows, that has access to the NTFS file system, you can perform the file copying from there as well, without having to struggle as much with the command line.
Have you ever tried this? Let us know in the comments!
_TheStillRecoveringAdmiN_
Discussion (12) ¬
This just saved my ass big time. Not due to this mups crap but another issue where I needed to restore from the recovery utility.
thanks
This worked perfectly. Thanks!
I am glad it helped you out. Thanks for stopping by SuperLes.
Thank you!
I had the mup.sys error after using Error Fix.
Ran all the chkdsk’s and worked on the bios, and was a little nervous. Read you’re terrific step by step process and used Ubuntu to do the restore – and so far so good!
Thanks a billion!
-Matt
Glad to have helped! And thanks for coming back to tell us the outcome.
I just used this today after my laptop would not boot. Kept getting a BSOD with the error Stop: c0000218 {Registry File Failure} The registry cannot load the hive (file): \SystemRoot\System32\Config\SOFTWARE or its log or alternate
It worked perfectly. Only error in the instructions above is in step #7, it should say, “7. Change into the appropriate directory. If the directory is named RP74, for instance, change into it by typing CD RP74.” So the command “CD” is missing but most people will know that. ;-)
Thank you Karl for saving me from having to do a reinstall of everything.
-Dave
pls enlighten me on step 10. where do i type it? currently im on ” c:\system volume information\_resto~1\rp415\snapshot ” when i type ” ren \windows\system32\config\software \windows\system32\config\software.bak ” and ” ren \windows\system32\config\system \windows\system32\config\system.bak ” i get an error: the parameter is not valid. try /? for help.
btw the error im trying to fix is from mup.sys. i saw this when i ran safe mode. it stops there then bsod. this occurs after i upgraded into win xp sp3
I’ve spent the last two months trying various options to get my old desktop working.
Would not boot into safe mode and would not work with recovery console.
I knew the boot disk was fine physically because I could view it in Linux via the AVG Recovery disk (GET IT, GET IT, GET IT, no messing around with Recovery Disk). Chkdsk however thought it was fried.
I tried to repair and reinstall via a Windows XP cd, no luck, froze on repair and reinstall.
While checking why the repair was freezing I found this. Very sceptically I tried this out using the Midnight Commander on AVG. Easy as pie to use, no messing with command console and you can backup with no fear.
First time round, I tried the newest recovery files. Computer didn’t boot. Second time round I tried the penultimate recovery files.
I’m seeing my desktop for the first time in two months.
Thanks.
Glad to hear it!
Thank you very much, I like this approach.