Win 7 Boot Critical File error, can't boot!

My Win 7 Professional machine won't boot today! I was editing a video with Premiere Pro CS5, had a couple of program crashes and decided to reboot. That pretty much ended the day.

Win goes into system repair and says it can't repair the damaged file. The error report says there is a Boot Critical file in \windows\system32\drivers\fs.rec.sys is corrupt.

When I bring up the Repair console, I have no restore points. My OS drive image BU can't be accessed (another external HD problem???), so I need to fix this one.

I have booted from a Kapersky v10 repair disk and scanned the drives for malware, finding nothing.

I have a a ASUS P6X58D-E motherboard, Win 7 Professional x64.

Any thoughts would be most appreciated.

 

If you can bring up the command prompt from the disc, try the fixboot and fixmbr commands. Always a great starting point for me.

 

Hi,

Try a chkdsk C: /r at the command prompt. See if it can repair the corruption.

 

Zack,

Thanks for the info. I just tried the fixmbr and fixboot with no improvements. sach2, I am running the chkdsk now.

 

sach2,

Well, chkdsk uncovered nothing and still no change - no boot. Thanks anyway.

 

Basically, you should try to replace your existing fs_rec.sys driver. Easiest way would be to copy it from the system32/drivers folder on another working windows 7 computer. If you don't have that option.. You'll need to use something like Hiren or UBCD to get you into a working windows environment.

Hiren can be downloaded from here: http://www.hirensbootcd.org/download/

if you wanted to use Ultimate boot CD instead: it's on majorgeeks: http://majorgeeks.com/Ultimate_Boot_CD_UBCD_d4981.html

You'll also need your windows 7 professional install dvd (or windows 7 recovery console ISO)

I'm going to describe the rest of the steps through hiren, because that's what I personally use. Basically it's a bootable CD with a lot of repair programs. But what you want is to use its "Mini Windows XP".

Once in Mini Windows XP, Insert your Microsoft windows 7 install dvd in the dvd-rom drive.

Go to My Computer icon from the desktop of Mini Windows XP, find the Windows 7 dvd you just put in, Explore the contents of the dvd.

Look for a folder in the root of the DVD called "Sources"
Now look for "install.wim"
Open install.wim (double click it, it should open with 7zip file manager)

Navigate to windows\system32\drivers within the 7zip file manager
Look for the file fs_rec.sys

Once you find it, Click the Extract button
Type in C:\Windows\system32\drivers\ for the target location to copy to
Press OK.
If it prompts you to overwrite the existing file, this is a good sign... say Yes.
Take out windows 7 install dvd from dvd-rom drive.

Restart your computer, see if problem persists

 

Before you try the above method, if you haven't already. Try to get windows repair to recover the file for you by using "Windows Startup Repair" off your bootable windows 7 installation cd.

Select Repair your computer, then look for startup Repair, if i recall correctly it's the very top option, command prompt being on the end of the list.

 

I'll upload a copy of the file but you will still need a bootable disc that will recognize a USB flash drive, with a fresh copy of the file, to be able to rename the original file to something like fs_rec.sys.old and then copy from the USB to the system32 folder. [I'm not sure that the Windows Recovery Environment will support that--I don't think it will] Parted Magic at 157mb will let you do this. It is an ISO file and would have to be burned to a blank CD as an image file using imgburn's "write image file to disc" option or similar burning program.

I don't know if that file is personalized to an installation. You could try replacing it and see if you get an error. If the error is for a new file that is corrupt then your problems are greater than just one missing/corrupt file. If it boots then it was just a single corrupt file.

 

thisisu,

Thanks for the advice. I am downloading hirens now.

I went to the Windows Startup Repair and it said it could not repair the corrupted file. I then opened the DOS command and copied a version of the file from my Win7 Home edition laptop and it did not help. I probably should have changed the name of the corrupted file and then added the new one, instead of overwriting the old one.

I will go through your recommendation and see what happens... stay tuned!

 

sach2,

Hey, thanks for the file! I tried to copy a file I retrieved from my laptop Win7 Home edition, but I did an overwrite instead of changing the name and adding a new copy as you suggested.

I am working through thisisu's suggestion and will let yo know how things turn out.

 

thisisu and sach2,

I tried hiren's cd (that's some handy boot cd!) and extracted the file from my install DVD. When prompted to overwrite I said yes.

But, after rebooting there is no change - same error report.

I will revisit the issue in the AM. Apparently the error message is not telling me everything I need to know. (Go figure).

 

Can you be more specific on the type of error message you're getting? Is this a bluescreen of death or a black screen with an error message?

If it's a BSOD, if you have any .dmp files in your C:\windows\minidump folder (remember you can browse this folder using Hiren's boot cd and mini windows xp). Add them to a flash drive, and upload them here when you get a chance.

While in hiren you'll have to click "Mount removable" icon on the desktop so it detects your flash drive. Or.. just have your flash drive plugged in while you first boot up. =)

 

thisisu,

Thanks for the request, upon further examination of the error log I see it has changed and I no longer have the cause identified as "Boot Critical file...". Now it simply states "Root cause found: with no further info. Here is what I experience:

I don't get the BSOD, black screen or anything "common". During boot, the screen comes up about windows did not shut down correctly... with choices to use Startup Repair (recommended) or normal startup.

If I select normal, the startup screen goes blank for a moment, flashes and reboots, and the process repeats. When I select Startup Repair mode it fails to fix the problem automatically. The Session Details shows one root causes identified after 11 successful tests, the last one being "Internal state check". The final message in the log is "Root cause found: with no further info. Then a new log entry says "Startup Repair has tried several times but still cannot determine the cause of the problem."

I also noted that the boot HD is shown as "F:". I cannot recall with certainty that it was "C:" previously, but I think I would have noticed this. The computer is a DIY and I loaded the OS on the first HD I installed, and this was "C". When I had it working, I added additional HDs.

I also note that when I plug in my external Raid drive array, the boot HD changes to "G:".

I wonder why the boot HD drive letter is changing? Does that point to a BIOS issue?

 

Do you get any safe mode options with F8 at startup?

Does System Restore open but tell you no restore points. (Just want to be sure that this is not an available)

 

sach2,

Thanks for your diligence! I can get a safe mode option, but it also does not boot. (I just discovered that POST lasts about a second or less and I had been missing the F8 opportunity).

From the Startup repair console, selecting system restore says there are no restore points. (There used to be a bunch of these).

Last Known good Configuration also does not work.

When selecting Start Windows Normally, after I get the animated Windows logo the screen goes balnk for a second or two, then quickly flashes to black, then to the BSOD with about 2 lines of content, then reboots. The BSOD lasts for a very, very short time and I cannot read anything.

Hmmm...

 

I've been reading up on your error and that file is one of the very first files accessed. That in conjucntion with your drive being read as F: points to a problem with Windows looking in the wrong place for boot files rather than an actually corrupt file, I believe.

First make sure you have no media cards or USB devices attached that could be confusing boot.

Then try at the command prompt.
Type in diskpart and hit <enter>
Type in list disk and hit <enter>

Judging by size is your Disk 0 the correct one for your Windows installation (C: )?

Type in select Disk 0 and hit <enter>
Type in detail disk and hit <enter>

What do you get in the columns for Volume, Letter, Size and Info?

 

I'm still interested in the diskpart information but I hadn't seen your previous post.
Two things you could try from the F8 menu would be:
Disable Automatic Restart on Error to see if you can then get details from the blue screen.
Safe Mode with Command Prompt to see if that loads to a prompt like C:\Windows\> at which you could try typing rstrui to see if it will start System Restore. It may work if it gives you a prompt starting with C:.

 

sach2,

Thanks for the tip, I selected Disable Automatic Restart... and got the following message on BSOD: STOP: c000021a {fatal system error} The verification of a knownDLL failed. system process terminated unexpectedly with a status of 0xc000012f (0x0087ed30 0x00000000).

I guess that's music to someone's ears!

 

ok, BSOD: STOP: c000021a usually involves the following files that need to be replaced: winlogon.exe and csrss.exe.

If you can please, go back into Hiren, with your win7 install cd handy, go back into Mini Windows XP.

Go back to Sources\install.wim from the windows 7 install cd

Locate the following files in system32: csrss.exe and winlogon.exe

Extract these files from the install.wim file onto your OS partition's Windows\system32 folder (it should be C:, but double check). If prompted to overwrite, say YES.

Remove win7 install dvd

reboot pc, see if problem persists, try F8ing again and selecting "Disable automatic restart upon system failure" to see if you get any kind of updated Bluescreen error.

good luck

 

thisisu,

Well, I replaced the csrss.exe and winlogon.exe files and now the Starting Windows screen stays up a lot longer before it crashes. The BDOD message remains the same. ... c000021a and status of 0xc000012f.

 

If you do F8 on startup for the advanced boot menu, Can you try booting into SAFE MODE WITH COMMAND PROMPT?

Or does that automatically restart the PC as well?

 

Since you are getting bluescreens, .dmp files are most likely being created.

Can you please upload those from your c:\windows\minidump folder -- remember you can use Hiren to retrieve them. I'd like to see which file they point to that is marked as corrupt

Also, this may be worth a shot, Boot off your windows 7 dvd, Select Repair your computer



then go to Command prompt:



type in : sfc /scannow

this scan takes a while ~20-45mins on average

Once it finishes, type Exit and reboot your pc.

 

thisisu,

Sorry for the delay, had to get my backup systems operational and catch up on business...

When I try to boot in safe mode now, I get to loading the Classpnp.sys file and stops (eventually reboots).

I copied the classpnp.sys file from my laptop Win 7 x64 (same date) and uploaded it to my desktop (using Hiren) and still get the same response. I also tried copying the classpnp.sys file from the install dvd (although it was older that the one I was replacing) and got the same.

I am running sfc test now.

 

thisisu,

Well, running the sfc /scannow results in a message:
"There is a system repair pending which requires reboot to complete. Restart Windows and run sfc again."

When I reboot and run sfc again I get the same message.

I guess it thinks a repair is pending?

 

I don't appear to have a minidump folder in the windows directory! And, I don't have a memory.dmp that I can find.

 

I'm not sure what is going on here. The problem with the scannow seems to be common when running that command from the CD but I don't see any solutions.

If it were me. I would unplug any extra HDs to eliminate any confusion. Then boot from the Recovery CD and see if it tells you Win7 is drive D: (which is usual). Then see if there are any restore points available(I still think system restore is a good tool, if we can get it to recognize any old restore points.)

 

sach2,

Thanks for the reply. If you're not sure what's going on, imagine how I feel.

I will try disconnecting all my HD's (except the OS and Programs HD). I can boot from the install DVD and then I can get to a command prompt. I will also try a restore again to see if anything shows up.

I have a 100 MB System Reserved partition that has been assigned to drive C. From what I can tell, the drive assignment happens during installation of Win 7 if some prompt is selected, such as providing for future multiple OS capability. I guess I answered the question and got the drive letter assigned.

Now, the OS is on the second partition of the 300 GB drive and Windows assigns it a drive letter that can vary as the number of real drives are connected - internally or externally. Hence, the OS appears as drive F, G, or H when I plug stuff in.

It appears that Windows can keep up with the drive letters it assigns, but I would feel better if I could make the System Reserved partition a hidden partition so the OS would be in drive C like normal people.

Get back to you with an update later this afternoon.

 

Yes, when running from the CD it gives the system reserved partition a drive letter and then the OS partition the next drive letter (usually D: ). But in regular Win7 running there is usually no drive letter assigned and the OS partition is seen as C:. (When you get win7 running, if system reserved has a drive letter assigned, you can safely remove it in Disk Management.)

I'm trying to keep up on all the files that you are copying. The original fs_rec.sys does not seem to be critical since I renamed mine and my system booted up fine.
Am I correct that now the error you see is c000021a but no filenames are listed eith the error?

 

Yes, the error no longer shows a file name. The file you sent me was the same as the one on my install disk and that message is gone.

The message from the Startup Repair now simply says "Root cause found:" with no further details.

Looking at the problem details shows a Problem Signature 07: Corrupt file, with no additional info.

I have also run Malwarebytes and SuperAntiSpyware from the Hiren cd. Each found some stuff, but fixing issues has had no affect on the startup issue.

 

sach2,

I now have only the OS and programs HD connected. Booting from the install DVD shows the OS is on D:

There are still no restore points showing up.

 

In your first post you said your couldn't access your Backup image. Do you have a recent one? (I'm asking because your error does not have a lot of solutions from what I have found.)

 

mm yeah, it has done that to me before.

 

My two back-up schemes proved useless when needed (I haven't tested restoring in over a year). So, I either figure a fix or re-install.

 

Hrm, can you go into Hiren again and delete the following file: C:\windows\winsxs\pending.xml

 

Also, do you by chance have Norton GoBack?

 

What were your two backup schemes and were any backups recent?

 

thisisu,

I do not have a pending.xml. I deleted reboot.xml, but no changes. And, I do not have Norton GoBack.

I looked at the windows update log and learned that an update for MS .NET Framework 4... did not complete (again) at 3-ish AM. Then, it appears this update attempted some actions again at 8:41 AM.

I don't know exactly what the entries mean (many sound contradictory to me), but it appears suspicious. This update has been failing ever since 4/28/2011. I never noticed the failed update before.

As I have been searching for various messages, I found numerous references to identical symptoms and all seem to point to a failed update. Sounds suspicious to me.

 

sach2,

My two updates were a weekly local image file that apparently never updated after the first few weeks - about the time I checked it. Most of the programs I have added since the date of the image (in December 2010).

The other was an image on DVD held at a third party home. This one was about 4 weeks old, had most of the programs on it, but apparently was physically damaged. Seems the little ones found it and used it as a toy (I think).

Next time the images will be stored online - even if it does take a day to upload an 80 GB image.

 

thisisu and sach2,

Thank you for the help and guidance. I probably spent more time than I should have to resolve the issues, as I ended up re-formatting and re-installing. At least I have some valuable tools and "knowledge" when needed again!

The last unrecoverable problem was a damaged registry. I have no idea why or when the registry was damaged; no malware could be found.

My disaster recovery scheme did not work as planned. I was unaware my automated backups were not completing correctly. And, storing a disc image offsite at a nearby residence can be unreliable - residences are convenient, but not safe.

I will now change my disaster recovery schemes and find a way to verify the process.

What I discovered about Win 7:

1. Many threads on various forums reported same symptoms: user attempts to reboot, for whatever reason, and the machine never boots successfully - in any mode. Diagnostics tools report corrupted drivers, messages that they can't run, or that they don't identify a problem, etc. All problems resulted in a clean re-install. Most reports were in early win 7 days, but some also were only months old. So, KEEP BACKUPS REGULARLY!!!

2. Updates to .NET 4 seem fragile. Mine failed in early March and each day since. I noticed no indication of a problem. Not sure if that relates to the final problem, but it can't be good. I wish I knew about that sooner.

3. System restore points can disappear for many reasons in Win 7 and Vista, most reasons are not apparent. This makes system restore unreliable for disaster recovery (not it's intended purpose). A system backup is needed.

4. Manual restore points occupy the same fragile bucket with system created restore points. So, if system restore is erased even the manually created points are gone. And when the bucket gets full any old restore points are pushed out, regardless how they were created. Daily automatic updates create restore pints and fill the bucket in about 4 weeks.

Lessons learned!

Thanks again.