resurrect \windows\system32\config\system from system.log?

Posted on 2005-04-09
Last Modified: 2012-05-05

The system hive was apparently damaged when the user out of sheer frustraion with BSOD and dump decided to stop waiting for the dump and power cycled.   Now system is so badly corrupted XP claims it doesn't exist.  There is a similarly named file, system.log, which also happens to be the same size.  What miracle can be performed using that file to ressurect a functional system hive?

This doesn't work

copy \windows\repair\system \windows\system32\config\system

Well technically the copy does copy but XP flashes a notice about password something.  Maybe 20 or 30 more times I'll be able to read the complete message because it's visible a fraction of a second before XP reboots.  :(

(We've already up the hard drive using Ghost8 since Acronis was total junk -- not being able to use the external DVD burner.)

I'd really really really rather not reinstall from scratch right now.
Question by:paradoxloss
    LVL 4

    Accepted Solution

    LVL 19

    Assisted Solution

    LVL 69

    Expert Comment

    paradoxloss the simplest solution>> obviously the owner wants to save the personal stuff yes?
    why not simply slave it,
    do you know you can just set the pin on the back of hdd to slave use the cdrom ide cable, and power socket  of another machine with same operating system,  when it reboots it will recognise this hdd as its slave here you can save off everything and even format it from this c drive. Once done put the pin back to master and re-instal xp. Bsod usualy means a hardware conflict or driver problem.
    It is a simple fast solution, you will need their original xp cd and key when doing this.
    LVL 4

    Assisted Solution

    Merete: paradoxloss has stated he does not wish to reload from scratch!!  We need to help him find an alternative to your answer and if all else fails he can follow your advice :-)
    LVL 69

    Expert Comment

    thank you Moncapitaan
    I know I was being cruel lol to be kind it can be a labour intensive trying to solve these.
    ok another suggestion then>>

    set the bios to boot from cd, press enter or R for recovery, let it load then when you get to the C: windows prompt
    type in these three do one at a time.

    chkdsk /r   press enter let it run
    once done type in
    chkdsk /p   press enter
    then last
    type in fixboot C: press enter
    when all are done remove the xp cd then type in exit and press enter
    hopefully it has repaired the hive and you can now reboot to windows.
    If it works change the bios boot order back to hdd 0

    LVL 69

    Expert Comment

    to repair the boot.ini
    Insert and boot from your WindowsXP CD.
    At the first R=Repair option, press the R key
    Press the number that corresponds to the correct location for the installation of Windows you want to repair.
    Typically this will be #1
    Type bootcfg /list to show the current entries in the BOOT.INI file
    Type bootcfg /rebuild to repair it
    Take out the CD ROM and type exit
    Missing or Corrupt Hive or System
    When you try to start or restart your Windows XP-based computer, you may receive one of the following error messages:

    Windows XP could not start because the following file is missing or corrupt: \WINDOWS\SYSTEM32\CONFIG\SYSTEM

    Windows XP could not start because the following file is missing or corrupt: \WINDOWS\SYSTEM32\CONFIG\SOFTWARE

    Stop: c0000218 {Registry File Failure} The registry cannot load the hive (file): \SystemRoot\System32\Config\SOFTWARE or its log or alternate

    This issue can occur if the System or Software hive for the Windows XP installation is missing or damaged.

    To resolve this issue, use one of the following methods.

    Use the Recovery Console Tool
    To restore a damaged registry hive, use the Recovery Console to restore the backup copy of the hive from the Repair folder. The Repair folder contains a copy of the system's registry hives that were created after the first successful startup of Windows XP.

    WARNING : Although data should not be affected by the following procedure, you may need to restore changes you previously made to programs or system settings since the first time you successfully started Windows XP.

    To replace the damaged registry hive and restore the backup copy of the hive from the Repair folder: Start your computer to the Recovery Console.

    Determine if the file that is mentioned in the "Symptoms" section of this article is present, and if it is, rename it:

    In Recovery Console, change to the c:\Windows folder.

    Type cd sytem32\config , and then press ENTER.

    Type dir system , and then press ENTER.

    If you cannot run the preceding command successfully (because the file is missing), skip to step 3. If you can run the preceding command successfully, type ren system system.bak , and then press ENTER.

    NOTE : If the message that you received referred to the software file, replace "system" with "software" in the preceding command. For example, you would type ren software software.bak (instead of ren system system.bak ), and then press ENTER.

    Type copy c:\windows\repair\system , and then press ENTER.

    NOTE : If the message that you received referred to the software file, replace "system" with "software" in the preceding command. For example, you would type copy c:\windows\repair\software (instead of copy c:\windows\repair\system ), and then press ENTER.

    You should receive a "One file copied" informational message. For additional information about how to use Recovery Console during startup, click the article number below to view the article in the Microsoft Knowledge Base:
    Q307654 HOW TO: Install and Use the Recovery Console for Windows XP

    IMPORTANT : If you encounter problems when you run the preceding commands, you may need to use the Change Directory command ( cd ) one folder at a time before you run the preceding commands. For example, type cd system32 , press ENTER, type cd config , and then press ENTER.

    Type exit , and then press ENTER to quit Recovery Console and restart the computer.


    Author Comment

     I really don't want to do a fresh reinstall, and it's my fault for failing to mention this is a notebook.  

    The owner conveniently does NOT have the original windows/application restore CD, so maybe I can build my own MediaCenterXP CD from \windows\i386 to perform a legal repair installation?

    Additionally there isn't a boot.ini problem.  As mentioned the error revolves around the system hive.  We did try to load the system hive from \windows\repair, but once windows loads a message says something to the effect

    the password could not be changed  ,   this error indicates error

    I'd rather post the exact error but it's REALLY hard to see since it flicks on and off right before rebooting. Adding to the fun the error seems to be an incomplete sentence.   I'll watch it boot a few dozen more times and post a more exact error message.

    Now that I think of it I have complete registry backups made with the freeware ERUNT tool, but I've never tried to recover them not being able to get to the desktop.

    I'm so glad I came back here tonight!! Please excuse my stream on consciousness post, but it's helped me remember erunt.  :D  I'll try those and post back.  
    LVL 16

    Assisted Solution

    I've posted the steps with other questions, but give it a shot. Use the bartpe program below if you have access to a Windows XP pc, can install the program on that pc and have access to a burner on that pc. It will create a bootable iso image that will let you access a NTFS formatted drive (xp). When creating the image it has the option to burn straight to a cd, if desired. Install bartpe and run bartpe. Select build, wait while it builds the iso, and then burn it to a cd. Stick the cd in the crashed pc and boot. Pay attention, you will have to press a key to boot into it or select the cd rom as the boot device. If you get into the bartpe environment, follow the instructions in the links or try what's below.

    After booting into bartpe, use the go button on the lower left and run the plugin/program a43. This is the program to access your c: drive. From here you can move files super easy. Bartpe ignores permissions and will allow you to copy your files off the hard drive or move system files like the SAM, SECURITY, DEFAULT, SYSTEM, and SOFTWARE (very critical) files with ease. Sounds like you want to do the latter.

    You will want to browse to the c:\system volume information\_restore{somecrazylongnumber}\ Find the rdp folder with the highest number or second highest. The highest means the latest. You can view them by date and select one from when the laptop was last working.  Within these rdp folders there is a snapshot folder with multiple files. The following five are what you're looking for. (You will have to rename them when they are copied to the c:\windows\system32\config folder.)
    _REGISTRY_MACHINE_SAM   will be renamed as SAM in the config folder
    _REGISTRY_MACHINE_SECURITY will be renamed as SECURITY in the config folder
    _REGISTRY_MACHINE_SOFTWARE will be renamed as SOFTWARE in the config folder
    _REGISTRY_MACHINE_SYSTEM will be renamed as SYSTEM in the config folder
    _REGISTRY_USER_.DEFAULT will be renamed as Default in the config folder
    Copy them to the c:\windows\system32\config folder.
    Rename them as DEFAULT, SECURITY, SOFTWARE, SYSTEM, and SAM (rename these files before copying over them, like default.bad security.bad, etc.) Reboot. If you still cant login, at the very least, you can boot back into bartpe and copy your data off the hard drive through the network or slave it to another system.

    You can find Bart's Windows PE disk here -  
    A full set off instructions for Barts PE disk on this site -
    LVL 16

    Expert Comment

    Also if you load the files from c:\windows\repair it is basically a fresh install. These files are created when the OS is first installed. You would have to go through the work of reinstalling all programs or going into the rdp folder i described above and then back into the system recovery console again.

    Author Comment

    @craylord & Merete

    I already said "This doesn't work  ...  copy \windows\repair\system \windows\system32\config\system"


    but thanks for the "c:\system volume information\_restore" tip.  

    I did get it sorted out with the ERUNT backups and a miniPE boot CD.  Thank God!


    Author Comment


    thanks for the info

    Featured Post

    Highfive + Dolby Voice = No More Audio Complaints!

    Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

    Join & Write a Comment

    If you build your web application in Visual Studio you'll get at least a few binaries, or .DLL, files in your bin folder. However, there is more compiling to be done. Normally this would happen when an ASP.NET resource within the web site is request…
    There are 2 things you must have in order to connect to the internet behind a router, The "Gateway IP" of the router, which is usually something like, I've seen routers with default values of:,,, …
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
    Internet Business Fax to Email Made Easy - With eFax Corporate (, you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

    730 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now