Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows XP repair didn't preserve my original user/settings...HELP!


  • Please log in to reply
32 replies to this topic

#1 Joelie

Joelie

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:45 PM

Posted 24 August 2015 - 03:30 PM

Hi all, I hope someone can help me restore usability to my XP SP3 installation on my Dell refurb. I've lost my original user and program settings after a repair installation.

 

It all started when the user told me they had an event using Firefox that necessitated rebooting their computer. Upon restarting, they got a black pre-Windows screen indicating that the SYSTEM file was not going to work. (I wished I copied the wording; I didn't.)

 

I tried booting off a Windows XP SP3 slipstream disc that I use for these occasions, went to the repair installation option (not the Recovery Console initially), but the XP system could not be found, just the partition.

 

Next I went into Recovery Console to see what registry hive files were in the CONFIG folder. All five were there - SOFTWARE, SYSTEM, DEFAULT, SAM, and SECURITY - plus one called SYSTEM.SAV with smaller size and much older file date.

 

I tried backing up these five files to a TMP directory, but the SYSTEM file could not be copied. I renamed SYSTEM as SYSTEM.bak and SYSTEM.SAV as SYSTEM, but that didn't help reboot or recognize as a working system as again I tried doing a repair install from CD.

 

Next I found similarly named files in the REPAIR folder except the SYSTEM file was not there, just one called SYSTEM.BAK. I copied all five of those files to the CONFIG folder, having backed up the original five files (minus SYSTEM, which wouldn't copy). I renamed SYSTEM.BAK from the REPAIR folder as SYSTEM once it was moved to the CONFIG folder. When I booted this time, I got a blue screen of death after the Windows splash screen.

 

After this, I booted using F8 to get the options; at the bottom of that screen it said that <Windows root>\system32\ntoskrnl.exe was missing or corrupt. I booted to recovery console and ntoskrnl.exe seemed to be there, but didn't try to reinstall it from disc - perhaps I should have.

 

The last thing I tried leading to this problem is that I booted off CD and went through the repair installation of the now listed Windows XP Professional system. I chose R and let it do its thing. It prompted me once about regional settings. It seemed to progress, maybe a little quicker than usual. However, after the whole process was over it was booting Windows as if for the first time, asking me for user IDs and giving me the chance to learn more about XP. Now Windows XP starts, but when I look at Users in control panel, I just have Admin and Guest - my original user account is not there.

 

However, the programs that were installed are still listed (they don't work quite right yet, either prompting me for licenses or other issues such as Net Framework which I can describe later). Also the C: drive still contains the folders associated with the original user that I'm trying to restore, which I backed up again to make sure. The Outlook data files are there, too.

 

Can anyone guess or suggest what my next step should be, if I hope to restore functionality to this system sooner rather than later or never? I'm about to go through Windows updates, of which there are many pending. I've thought about hunting for other registry hive files to restore, or in a different combination.

 

By the way, the Windows Restore doesn't show any previous restore points.


Edited by Joelie, 24 August 2015 - 03:35 PM.


BC AdBot (Login to Remove)

 


#2 JohnC_21

JohnC_21

  • Members
  • 22,926 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:45 PM

Posted 24 August 2015 - 04:07 PM

The registry hives in the Repair folder are placed there during the initial XP install. If you used those hives then no program installed after the XP install would work. 

 

Do you still have the initial registry hives in config you backed up? Put those back in config. If not then you would need to reinstall all programs.

 

Look in the hidden folder System Volume Information.Is there a folder named restore with a long suffix. Double click it. Do you see any folders with a RPXX name where XX is a number?


Edited by JohnC_21, 24 August 2015 - 04:08 PM.


#3 Joelie

Joelie
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:45 PM

Posted 24 August 2015 - 04:46 PM

Yes and Yes! Thanks for the prompt reply, JohnC_21!

 

Yes, I do have the initial registry hives in config backed up (again, I couldn't copy SYSTEM, but I could rename it). I suspect the original SYSTEM is damaged since it alone could not be copied. That's why I initially tried to use SYSTEM.SAV, but without success.

 

Yes, I could open the System Volume Information folder (after changing folder view to show hidden and system files, then right clicking and changing properties by adding the current user Administrator to permitted users under Security tab, for anyone following this at home).

 

There are two RESTORE... folders there, one from today at the time that I repaired and one last updated yesterday, before the troubles. The latter folder had almost ninety (90) RXX folders there, many of which included a Snapshot folder that probably contained files of the types such as displayed in the latest RPxx folder:

 

_REGISTRY_MACHINE_SAM

_REGISTRY_MACHINE_SECURITY

_REGISTRY_MACHINE_SOFTWARE

_REGISTRY_MACHINE_SYSTEM

_REGISTRY_USER_.DEFAULT

_REGISTRY_MACHINE_NTUSER...

_REGISTRY_MACHINE_USSSRCLASS...

ComDb.Dat

domain.txt

 

(where ... represents more and varied files beginning that way)

 

I'm assuming you might suggest copying and renaming these to my CONFIG folder, once I've backed up the "new" originals?

 

Again, to stress my current state, I have no users with the old user name yet created. And I have about 120 system updates pending, most of them security related.

 

What should I do next? I'll stay tuned.



#4 JohnC_21

JohnC_21

  • Members
  • 22,926 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:45 PM

Posted 24 August 2015 - 05:11 PM

I usually do this offline using a linux distro like Puppy or you could use Hirens to possibly copy that System Hive that refused to copy .Burn the iso, boot Hirens and select MiniXP. 

 

Yes, what you mention is what you need to do. Copy the 5 hives in snapshot to the config folder and rename them

 

Registry_Machine_SAM to SAM 

Registry_Machine_Security to Security...

Software

System

Default

 

after renaming the hives currently in config with a .bak extension.

 

As far as no user I am not sure how to handle that problem. Create a new user with the same name but I think any current settings may be gone. I would hold off on the updates until you can confirm the registry backup works and programs launch normally.


Edited by JohnC_21, 24 August 2015 - 05:12 PM.


#5 Joelie

Joelie
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:45 PM

Posted 25 August 2015 - 01:51 PM

It worked well using Hirens MiniXP to boot up, manually restoring to the restore point using the Snapshot from the previous day, one before the last one on that day in fact. I moved and renamed files as indicated.

 

Reboot restored the two lost users, and while it was slow to start and load programs, some dependent on network function, all seem good.

 

There are some 121 system updates pending, which I'll get to soon.

 

JohnC_21, how does it feel, knowing you've made the universe (at least my tiny corner of it) a better place? Thanks!



#6 JohnC_21

JohnC_21

  • Members
  • 22,926 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:45 PM

Posted 25 August 2015 - 02:45 PM

Your Welcome, glad I was able to help. Thanks for posting an update.



#7 Joelie

Joelie
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:45 PM

Posted 26 August 2015 - 12:36 PM

I feel like one of those racers celebrating just before the finish line. More problems.

 

After having spotty performance and a succession of Windows XP updates, the computer now displays a BSOD on boot-up, indicating I've got bigger problems.

 

UNMOUNTABLE_BOOT_VOLUME

...

...

...

STOP: 0X000000ED (0x8AD39900, etc.)

 

Tried every boot option including Last Known and Safe Mode, to no avail.

 

Booting off HIRENS MiniXP, I can't view the C: drive any longer either in the My Computer or command prompt.

 

I'm now booting off the Windows XP SP3 Slipstream disc, but not sure what to do, go into Repair mode to see if the volume is evening identifiable (likely not) or go into Recovery mode to try to view C: (likely not).

 

Luckily, I saved everything I could think of yesterday when it was working, together with other backups.


Edited by Joelie, 26 August 2015 - 12:36 PM.


#8 Joelie

Joelie
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:45 PM

Posted 26 August 2015 - 01:00 PM

Confirmed, No and No to the Recovery Console and repair installation options from the system CD. When I tried recovery and typed dir at the C: prompt (it had not stopped to prompt me for the system #), I got the message "An error occurred during directory enumeration."

 

My only thoughts are, I might take the disabled hard drive out of this Dell refurb (probably a Optiplex 755), and put it in a similar aged or identical Dell system. I hate to tamper with a working system, but it might be worth a try. By the way, the safe mode boot up stops at an AVG (antivirus) entry under drivers.



#9 JohnC_21

JohnC_21

  • Members
  • 22,926 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:45 PM

Posted 26 August 2015 - 01:08 PM

That really looks like a failing hard drive. On some Dells tapping F12 at boot will give you a hardware diagnostic menu. Do a hard drive check or you can use one of the Hard Drive Diagnostic tools on the Hirens disk. Seatools for Dos would be a good one.

 

Edit: Under other tools you could start Parted Magic, a linux OS and at the desktop select Gsmartcontrol. Gsmartcontrol can also do a disk diagnostic.


Edited by JohnC_21, 26 August 2015 - 01:10 PM.


#10 Joelie

Joelie
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:45 PM

Posted 26 August 2015 - 02:08 PM

At least the Linux option on HIRENS recognizes the C: drive, and allows me to view folders and files. Not sure whether to pull the restore point trick again. The original _RESTORE folder which had 89 separate RP... folders now seems to be missing. There are two newer _RESTORE folders with fewer, newer RP Snapshot folders.



#11 JohnC_21

JohnC_21

  • Members
  • 22,926 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:45 PM

Posted 26 August 2015 - 02:21 PM

If hirens can see the C: drive with folders and files then I would say the drive is good. Have you done a memory test on the computer?



#12 Joelie

Joelie
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:45 PM

Posted 26 August 2015 - 02:27 PM

I used the HIRENS Memtest86+, but only let it run up to 13% or so...no problems reported. I tried the Dell Hard Drive Diagnostics, but got a return code of 7 and the message Fail next to the drive ID. The Seagate diagnostic (Seatools?) wouldn't run - it's a Western Digital drive.


Edited by Joelie, 26 August 2015 - 02:33 PM.


#13 JohnC_21

JohnC_21

  • Members
  • 22,926 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:45 PM

Posted 26 August 2015 - 02:35 PM

Looks like Error code 7 on a hard drive is indeed a failing hard drive. If you start Parted Magic and run GsmartControl I would be interested in what the short and long generic tests said.

 

http://en.community.dell.com/support-forums/disk-drives/f/3534/t/18459997



#14 Joelie

Joelie
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:45 PM

Posted 26 August 2015 - 03:37 PM

I've attached the log file from the GsmartControl. It failed all three available (Short, Extended, and Conveyance - not shown)

 

Num  Test_Description    Status                  Remaining  LifeTime(hours)  LBA_of_first_error
# 1  Extended offline    Completed: read failure       90%     28770         2150054
# 2  Short offline       Completed: read failure       50%     28770         2150054
# 3  Short captive       Completed: read failure       50%     28768         2150054
# 4  Short captive       Completed without error       00%     28728         -
# 5  Short offline       Completed without error       00%         0         -

 

 

Attached Files



#15 Joelie

Joelie
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:45 PM

Posted 26 August 2015 - 04:37 PM

Update: I tried manually restoring old system files from two RP Snapshot folders just now. First I tried the most recent one, and it went to BSOD. Next I tried one from a couple days ago and it's stuck in a loop of rebooting, showing the Windows splash screen then restarting to Dell screen. I guess I'll try one more, but not looking good for the slick fix. Plus the hard drive obviously has problems, probably right where I need it to not have problems.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users