[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1905
  • Last Modified:

resurrect \windows\system32\config\system from system.log?

The system hive was apparently damaged when the user out of sheer frustraion with BSOD and dump decided to stop waiting for the dump and power cycled.   Now system is so badly corrupted XP claims it doesn't exist.  There is a similarly named file, system.log, which also happens to be the same size.  What miracle can be performed using that file to ressurect a functional system hive?

This doesn't work

copy \windows\repair\system \windows\system32\config\system

Well technically the copy does copy but XP flashes a notice about password something.  Maybe 20 or 30 more times I'll be able to read the complete message because it's visible a fraction of a second before XP reboots.  :(

(We've already up the hard drive using Ghost8 since Acronis was total junk -- not being able to use the external DVD burner.)

I'd really really really rather not reinstall from scratch right now.
  • 3
  • 3
  • 2
  • +2
4 Solutions
paradoxloss the simplest solution>> obviously the owner wants to save the personal stuff yes?
why not simply slave it,
do you know you can just set the pin on the back of hdd to slave use the cdrom ide cable, and power socket  of another machine with same operating system,  when it reboots it will recognise this hdd as its slave here you can save off everything and even format it from this c drive. Once done put the pin back to master and re-instal xp. Bsod usualy means a hardware conflict or driver problem.
It is a simple fast solution, you will need their original xp cd and key when doing this.
Merete: paradoxloss has stated he does not wish to reload from scratch!!  We need to help him find an alternative to your answer and if all else fails he can follow your advice :-)
thank you Moncapitaan
I know I was being cruel lol to be kind it can be a labour intensive trying to solve these.
ok another suggestion then>>

set the bios to boot from cd, press enter or R for recovery, let it load then when you get to the C: windows prompt
type in these three do one at a time.

chkdsk /r   press enter let it run
once done type in
chkdsk /p   press enter
then last
type in fixboot C: press enter
when all are done remove the xp cd then type in exit and press enter
hopefully it has repaired the hive and you can now reboot to windows.
If it works change the bios boot order back to hdd 0

to repair the boot.ini
Insert and boot from your WindowsXP CD.
At the first R=Repair option, press the R key
Press the number that corresponds to the correct location for the installation of Windows you want to repair.
Typically this will be #1
Type bootcfg /list to show the current entries in the BOOT.INI file
Type bootcfg /rebuild to repair it
Take out the CD ROM and type exit
Missing or Corrupt Hive or System
When you try to start or restart your Windows XP-based computer, you may receive one of the following error messages:

Windows XP could not start because the following file is missing or corrupt: \WINDOWS\SYSTEM32\CONFIG\SYSTEM

Windows XP could not start because the following file is missing or corrupt: \WINDOWS\SYSTEM32\CONFIG\SOFTWARE

Stop: c0000218 {Registry File Failure} The registry cannot load the hive (file): \SystemRoot\System32\Config\SOFTWARE or its log or alternate

This issue can occur if the System or Software hive for the Windows XP installation is missing or damaged.

To resolve this issue, use one of the following methods.

Use the Recovery Console Tool
To restore a damaged registry hive, use the Recovery Console to restore the backup copy of the hive from the Repair folder. The Repair folder contains a copy of the system's registry hives that were created after the first successful startup of Windows XP.

WARNING : Although data should not be affected by the following procedure, you may need to restore changes you previously made to programs or system settings since the first time you successfully started Windows XP.

To replace the damaged registry hive and restore the backup copy of the hive from the Repair folder: Start your computer to the Recovery Console.

Determine if the file that is mentioned in the "Symptoms" section of this article is present, and if it is, rename it:

In Recovery Console, change to the c:\Windows folder.

Type cd sytem32\config , and then press ENTER.

Type dir system , and then press ENTER.

If you cannot run the preceding command successfully (because the file is missing), skip to step 3. If you can run the preceding command successfully, type ren system system.bak , and then press ENTER.

NOTE : If the message that you received referred to the software file, replace "system" with "software" in the preceding command. For example, you would type ren software software.bak (instead of ren system system.bak ), and then press ENTER.

Type copy c:\windows\repair\system , and then press ENTER.

NOTE : If the message that you received referred to the software file, replace "system" with "software" in the preceding command. For example, you would type copy c:\windows\repair\software (instead of copy c:\windows\repair\system ), and then press ENTER.

You should receive a "One file copied" informational message. For additional information about how to use Recovery Console during startup, click the article number below to view the article in the Microsoft Knowledge Base:
Q307654 HOW TO: Install and Use the Recovery Console for Windows XP

IMPORTANT : If you encounter problems when you run the preceding commands, you may need to use the Change Directory command ( cd ) one folder at a time before you run the preceding commands. For example, type cd system32 , press ENTER, type cd config , and then press ENTER.

Type exit , and then press ENTER to quit Recovery Console and restart the computer.

paradoxlossAuthor Commented:
 I really don't want to do a fresh reinstall, and it's my fault for failing to mention this is a notebook.  

The owner conveniently does NOT have the original windows/application restore CD, so maybe I can build my own MediaCenterXP CD from \windows\i386 to perform a legal repair installation?

Additionally there isn't a boot.ini problem.  As mentioned the error revolves around the system hive.  We did try to load the system hive from \windows\repair, but once windows loads a message says something to the effect

the password could not be changed  ,   this error indicates error

I'd rather post the exact error but it's REALLY hard to see since it flicks on and off right before rebooting. Adding to the fun the error seems to be an incomplete sentence.   I'll watch it boot a few dozen more times and post a more exact error message.

Now that I think of it I have complete registry backups made with the freeware ERUNT tool, but I've never tried to recover them not being able to get to the desktop.  


I'm so glad I came back here tonight!! Please excuse my stream on consciousness post, but it's helped me remember erunt.  :D  I'll try those and post back.  
I've posted the steps with other questions, but give it a shot. Use the bartpe program below if you have access to a Windows XP pc, can install the program on that pc and have access to a burner on that pc. It will create a bootable iso image that will let you access a NTFS formatted drive (xp). When creating the image it has the option to burn straight to a cd, if desired. Install bartpe and run bartpe. Select build, wait while it builds the iso, and then burn it to a cd. Stick the cd in the crashed pc and boot. Pay attention, you will have to press a key to boot into it or select the cd rom as the boot device. If you get into the bartpe environment, follow the instructions in the links or try what's below.

After booting into bartpe, use the go button on the lower left and run the plugin/program a43. This is the program to access your c: drive. From here you can move files super easy. Bartpe ignores permissions and will allow you to copy your files off the hard drive or move system files like the SAM, SECURITY, DEFAULT, SYSTEM, and SOFTWARE (very critical) files with ease. Sounds like you want to do the latter.

You will want to browse to the c:\system volume information\_restore{somecrazylongnumber}\ Find the rdp folder with the highest number or second highest. The highest means the latest. You can view them by date and select one from when the laptop was last working.  Within these rdp folders there is a snapshot folder with multiple files. The following five are what you're looking for. (You will have to rename them when they are copied to the c:\windows\system32\config folder.)
_REGISTRY_MACHINE_SAM   will be renamed as SAM in the config folder
_REGISTRY_MACHINE_SECURITY will be renamed as SECURITY in the config folder
_REGISTRY_MACHINE_SOFTWARE will be renamed as SOFTWARE in the config folder
_REGISTRY_MACHINE_SYSTEM will be renamed as SYSTEM in the config folder
_REGISTRY_USER_.DEFAULT will be renamed as Default in the config folder
Copy them to the c:\windows\system32\config folder.
Rename them as DEFAULT, SECURITY, SOFTWARE, SYSTEM, and SAM (rename these files before copying over them, like default.bad security.bad, etc.) Reboot. If you still cant login, at the very least, you can boot back into bartpe and copy your data off the hard drive through the network or slave it to another system.

You can find Bart's Windows PE disk here -
A full set off instructions for Barts PE disk on this site -
Also if you load the files from c:\windows\repair it is basically a fresh install. These files are created when the OS is first installed. You would have to go through the work of reinstalling all programs or going into the rdp folder i described above and then back into the system recovery console again.
paradoxlossAuthor Commented:
@craylord & Merete

I already said "This doesn't work  ...  copy \windows\repair\system \windows\system32\config\system"


but thanks for the "c:\system volume information\_restore" tip.  

I did get it sorted out with the ERUNT backups and a miniPE boot CD.  Thank God!

paradoxlossAuthor Commented:

thanks for the info
  • 3
  • 3
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now