Windows cannot boot due to some really weird message that i haven't seen before////

Posted on 2007-07-19
Last Modified: 2011-08-18
Computer boots to the black windows screen with green bars going from left to right.

Then a blue screen (not the regular dreaded bsod) comes up and displays "regrun partizan.   greatis software
\??\C: blah blah blah  .......

   then it goes to a regular bsod that says the registry cannot load the hive file and it is corrupt absent or not writable.

I tried a safe recovery and windows would not finish it. It displayed  "Setup cannot set the required Windows XP configuration information. This indicates an internal setup error."

PLEASE HELP ME!!! I have offered alot of points for a good answer and help here.

It is a dell laptop and i have all the cds.
Question by:mrjday
    LVL 6

    Accepted Solution

    sounds like u had a trojan (root kit) on your computer that played havoc.

    the only thin that u can do at this point is to reinstall windows.

    the hal is a vital part of windows. when it's removed or damaged the only hin u can do is reinstall.

    meaning everything else is gone.
    LVL 1

    Assisted Solution

    Partizan starts using the BootExecute registry key on the early stage of the Windows boot process. It can get the access to any file or registry keys. Using another words, Partizan is a king on your computer at the moment.
     Partizan executes 2 main tasks:

    Getting file/registry information.
    Delete Files/Registry Keys.
    The kernel rootkits can cause the trouble with detecting hidden registry keys/files etc.
    But rootkits are not invulnerable!

    The simple way to kill a rootkit is to shutdown your computer.

    A rootkit can revive after reboot using:

    Rootkit service/driver with auto start setting (to be more hidden for user mode checkers).
    Injection to the executable file or to the process memory. The body may be hidden in the mother file.
    Using registry startup keys.
    Infection from network.
    The last chance is very dangerous but it can be resolved by simple cut off the network cable.
    The second chance is not the simple because the user can control the file integrity using Microsoft or another software.

    Third chance is more often used. But rootkit detectors easily detect it.

    The fake Winlogon DLLs are not the surprise for us very long ago :-)

    The hidden kernel driver is the top of the hacker skills. This is one reason why the Partizan was created.

    Unfortunately Microsoft prevents Partizan for interacting with user using keyboard and it is a real problem for creating the shell like "cmd". Why they don't?

    I think you need ask Microsoft.

    Anyway it's not a technical problem. It's the Microsoft decision.

    We need to get a workaround.


    We use the command file (RRI). Partizan opens the command file and executes the tasks listed in it. After that the Windows boot will continue.

    RegRun Platinum Secure Start will run the special copy of UnHackMe software for comparing Partizan information with current visible. It will be notify you if it found something suspicious.

    To be sure that it's not false positive alert you will be prompted to reboot again. It's required because the some services drivers may be deleted at startup and this will cause the alarm.

    How to uninstall Partizan?
    Open RegRun Start Control.
    Go to the Features menu.
    Choose "Partizan" item.
    Click on the "Remove" button.

    LVL 6

    Expert Comment

    sorry, I meant the hive. it's 2 different things.

    try this:

    1. Boot up from your Windows XP CD. Pressing the F12 key right as your computer starts up will allow you to choose from a list of boot devices on most recent computer models. Otherwise, you will need to take a look at your user manual to figure out how to set the BIOS to boot from CD first.

    Once you have successfully booted from the CD, you will see the Windows XP "Welcome to Setup" screen.

    2. At the welcome screen press R to go into the Recovery Console. Press the number that corresponds to your Windows installation (usually 1) and press ENTER. Enter the password for the Administrator account on your computer (usually the password you put in the machine when you first bought the machine) and press ENTER. If your password is not accepted, try a blank password by just pressing ENTER.

    3. Once you are able to log into the Recovery Console, run checkdisk. Sometimes this alone will fix the problem. You can use the command "chkdsk c: /r".

    4. If you noticed any errors fixed, use the exit command at the prompt to restart the machine and see if it will boot. If not, log back into the Recover Console and go to the next step.

    5. Navigate to the C:\Windows\System32\config folder. You can use the command cd C:\Windows\System32\config

    6.  You can use the dir command to see a listing of the files in the directory.

    7.  Rename your corrupted registry files.

    If your error listed the SOFTWARE hive, rename the SOFTWARE registry file with the command: rename SOFTWARE SOFTWARE.bak


    If your error listed the SYSTEM hive, you will need to rename the SYSTEM, SAM, and SECURITY registry files:

    rename SYSTEM SYSTEM.bak
    rename SAM SAM.bak
    rename SECURITY SECURITY.bak

    The SAM and SECURITY hives pertain to user accounts and logging into the machine. Since they are linked to the SYSTEM file, they need to be replaced when SYSTEM is replaced.

    8.  Browse to the C:\Windows\repair directory with the command cd C:\Windows\repair. This is the directory which holds backup registry keys which were created when Windows was installed.

    9.  Copy the backup files to the correct place.

    If your error listed the SOFTWARE hive, copy the SOFTWARE registry file with the command: copy SOFTWARE C:\Windows\System32\config.

    If your error listed the SYSTEM hive, copy the SYSTEM, SAM, and SECURITY registry files:

    copy SYSTEM C:\Windows\System32\config
    copy SAM C:\Windows\System32\config
    copy SECURITY C:\Windows\System32\config

    Note that in some cases the SYSTEM file will be named "SYSTEM.bak", in which case you will use the command: "copy SYSTEM.bak C:\Windows\System32\config\SYSTEM.bak" to copy the file instead. You can use the "dir" command to ascertain the name of the file.

    10.  Navigate back to the config directory with the command "cd C:\Windows\System32\config".

    Use the "dir" command to list the files in the directory. Make sure the following files exist in the directory (the names have to be exact, but it doesn't matter whether they are in upper or lower case):


    11.  Type exit to reboot the machine.

    12.  Hopefully you will now be able to reboot into Windows XP.

    LVL 7

    Expert Comment

    You can do nothing much more in this situation rather trying a repair install.
    Chances are less that you might be able to recover data if the partitions are damaged anyway it is worth trying.
    Repair install:

    If you need to backup the data, you can use any of the Live CDs like Ubuntu, BartPE to boot from CD, and access the laptop's harddrive. These CDs even offer you network support so that you would be able to transfer all your important data to others machine on the network and then wipe the laptop's harddriver using any recovery CDs provided by Dell.
    LVL 7

    Expert Comment

    Hi mrjday

    The same situation has been faced by my friend, a major virus attack, where he was unable to install anything on his system and the system never worked properly and used to display black screen. He ran antivirus but was of no use, everytime when he re-installed the OS and tried to work, the virus used to corrupt the registry and the same situation would come again.

    Here, he just changed the hdd and recovered the entire data saved on the damaged drive to new hdd. He recovered the files with the help of RecoveryFix for Windows

    Entire inaccesible files were recovered back. In your case you are still on a safe side, you can recover back your data with the help of Windows Data Recovery software and protect your data.
    LVL 6

    Expert Comment

    let me ad to my first post,
    since it is a boot sector virus I recommend that u pull the ram and the battery on the mobo and wait 5 minutes and re set  the ram and battery and reinstall. the reason for this is that the new generation of these viruses, trojans and worms hide in the ram and bios making a formatt and reinstall either impossible or very hard to do.

    if by chance u do format successfully and do'nt pull the ram and battery u run the chance of still being infected.

    if after pulling the battery and ram you wait the required five minutes and it still does'nt work u may need to flash your bios.

    i have posted this on this site a couple of times and have been personally attacked by other experts for it, so to provide more info to what i said here is a site:

    Author Comment

    I just ended up backing up and reinstalling.... takes too much time to waste tracking down this crap... thanks everyone

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Threat Intelligence Starter Resources

    Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

    No security measures warrant 100% as a "silver bullet". The truth is we also cannot assume anything but a defensive and vigilance posture. Adopt no trust by default and reveal in assumption. Only assume anonymity or invisibility in the reverse. Safe…
    Security measures require Windows be logged in using Standard User login (not Administrator).  Yet, sometimes an application has to be run “As Administrator” from a Standard User login.  This paper describes how to create a shortcut icon to launch a…
    Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…

    794 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now