Link to home
Start Free TrialLog in
Avatar of jackflex
jackflex

asked on

Safeboot error at start up

I recently restored a machine from backup. After restarting I get the following error.....
windows could not start because the following file is missing or corrupt system32\drivers\safeboot.sys
Which file loads drivers? I would like to just delete the reference.
Windows repair from disk did not work
Avatar of and235100
and235100
Flag of United Kingdom of Great Britain and Northern Ireland image

This could be malware-related. (the aftereffects of Vundo/Smitfraud, possibly)
I would recommend that you do a full reinstall (i.e. format and install).
As Windows won't boot - it is unlikely that you can rid the system of malware.
Does Safe Mode or Last Known Good Configuration work?
http://support.microsoft.com/kb/315222
Avatar of aindelicato
aindelicato

Safeboot is a disk encryption utility app for laptops.

If Safeboot was installed, but not properly removed, you may have a partially encrypted/decrypted drive that you can't access.

Safeboot now comes preinstalled on some HP laptop models.

 
Avatar of jackflex

ASKER

Safeboot used to be on the machine. It was removed and decrypted.  The problem is that it didn't remove the driver reference somewhere. If I can delete that reference, I think I can get around this. I need to know what file or registry hive loads all these .sys files
Thanks
Check these out:
http://www.windowsnetworking.com/kbase/WindowsTips/WindowsXP/AdminTips/Miscellaneous/WindowsProgramStartupLocations.html

This could be referenced from there.
Does Safe Mode work? That might be the only way to access the registry easily.
.....also, this is a new disk so there isn't any possibility that its partially encrypted or anything like that.
safe mode or last known good do not work either.  
if you still have safeboot in program files, I believe you have to run sbsetup with a /u switch to fully uninstall it.

If you think its just an orphaned entry, use a registry cleaner.
and235100
I'm using the Ultimate Windows Boot Cd to access the machine. I can easily edit any files or the registry
ASKER CERTIFIED SOLUTION
Avatar of and235100
and235100
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
and235100
I found another machine w/ safeboot on it and was finally able to hack it off. Dumping that file in the folder worked. however I would still like to know the file or registry hive that loads this handle
Thank you very much
Thanks - unfortunately, as this was a non-xp file, it is hard to say where in the registry the system was looking for the referenced file.
Perhaps a simple registry search would give you the information you are looking for...
It's not a Malware issue, however, it is a third party app issue.  I have not yet determined the problem yet but I'll post it when I find out.
Ok,  I got to the bottom of this.  It appears that after restoring from a backup the "missing or corrupt /system32/drivers/safeboot.sys" comes up because the hard drive is now half encrypted and half decrypted.  The cause is due to HP's third party app called "HP Protect Tools" suite of senseless utitlities.  You'll want to delete anything referencing encryption in "Add/Remove Programs."

You'll need to restore to factory image and unistall...then create a backup such as using RIS or Ghost.

Hope this helps anyone that found out the hard way such as myself.
More specifically...it is the "Drive Encryption by HP Protect Tools" that you want to remove from Add/Remove programs.