I thought I would share with the board a solution to a very perplexing problem:
OS: Windows XP SP2 - Professional
Blue screen of death
Booting in safe mode hung on Mup.sys
Corporate Laptop that was locked down pretty hard, no access to administrator password
In fact the administrator password had been removed/renamed
When this occurs it is nearly impossible to use the Windows Recovery Control Utility by booting the Windows XP Disk
So here is what I did:
1 - Created a linux ram disk with several registry and sam file utilities
2 - Discovered the missing administrator account, found I couldn't mount the ntfs partition due to corruption on the disk
3 - (Optional) downloaded and ran the Dell
32 bit diagnostics disk and found 2 corrupt bad sectors
** this most likely caused the Mup.sys error as the hard drive had physical errors
At this point I needed a way to fix the disk so that I could mount the ntfs partition to some type of machine to manipulate the file system
I found a Windows PE utility that was developed called "Bart's PE Builder"
I had to download and compile this into a bootable ISO image which wasn't that hard
By building a Windows PE RAM disk, you can then mount a corrupt NTFS filesystem and run commands against it.
Specifically you need to run chkdsk /f to force a fix on the corrupt filesystem.
In most cases this will fix your machine to the point where it will run, unfortunetly, I corrupted the sam file when I ran the linux ram disk.
So now it got past the blue screen, but gave me an authentication error as the sam file was bad.
When windows first builds, it creates a backup of the sam file, it is located in one of two places:
The bad file is located at:
Once you fix the corrupt ntfs partition, you can remove the drive, and put it into a usb drive and connect to a working system
backup, then delete the sam file in the \windows\system32\config directory
copy the sam file from \windows\repair to the \windows\system32\config directory
Put the hard drive back into the laptop or desktop that was corrupt.
You will now be able to log in with the default admin/password that was used at build time, normally this is a blank password.
You now have complete control.
In addition, if you used a corporate AD login before, the credentials are still cached, so if you aren't on the network, you can use your AD login and get back in.
Good luck, this took me two days to figure out, hope it helps somebody out.