We help IT Professionals succeed at work.

Windows cannot boot due to some really weird message that i haven't seen before////

mrjday asked
Medium Priority
Last Modified: 2011-08-18
Computer boots to the black windows screen with green bars going from left to right.

Then a blue screen (not the regular dreaded bsod) comes up and displays "regrun partizan.   greatis software
\??\C: blah blah blah  .......

   then it goes to a regular bsod that says the registry cannot load the hive file and it is corrupt absent or not writable.

I tried a safe recovery and windows would not finish it. It displayed  "Setup cannot set the required Windows XP configuration information. This indicates an internal setup error."

PLEASE HELP ME!!! I have offered alot of points for a good answer and help here.

It is a dell laptop and i have all the cds.
Watch Question

sounds like u had a trojan (root kit) on your computer that played havoc.

the only thin that u can do at this point is to reinstall windows.

the hal is a vital part of windows. when it's removed or damaged the only hin u can do is reinstall.

meaning everything else is gone.

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
Partizan starts using the BootExecute registry key on the early stage of the Windows boot process. It can get the access to any file or registry keys. Using another words, Partizan is a king on your computer at the moment.
 Partizan executes 2 main tasks:

Getting file/registry information.
Delete Files/Registry Keys.
The kernel rootkits can cause the trouble with detecting hidden registry keys/files etc.
But rootkits are not invulnerable!

The simple way to kill a rootkit is to shutdown your computer.

A rootkit can revive after reboot using:

Rootkit service/driver with auto start setting (to be more hidden for user mode checkers).
Injection to the executable file or to the process memory. The body may be hidden in the mother file.
Using registry startup keys.
Infection from network.
The last chance is very dangerous but it can be resolved by simple cut off the network cable.
The second chance is not the simple because the user can control the file integrity using Microsoft or another software.

Third chance is more often used. But rootkit detectors easily detect it.

The fake Winlogon DLLs are not the surprise for us very long ago :-)

The hidden kernel driver is the top of the hacker skills. This is one reason why the Partizan was created.

Unfortunately Microsoft prevents Partizan for interacting with user using keyboard and it is a real problem for creating the shell like "cmd". Why they don't?

I think you need ask Microsoft.

Anyway it's not a technical problem. It's the Microsoft decision.

We need to get a workaround.


We use the command file (RRI). Partizan opens the command file and executes the tasks listed in it. After that the Windows boot will continue.

RegRun Platinum Secure Start will run the special copy of UnHackMe software for comparing Partizan information with current visible. It will be notify you if it found something suspicious.

To be sure that it's not false positive alert you will be prompted to reboot again. It's required because the some services drivers may be deleted at startup and this will cause the alarm.

How to uninstall Partizan?
Open RegRun Start Control.
Go to the Features menu.
Choose "Partizan" item.
Click on the "Remove" button.

sorry, I meant the hive. it's 2 different things.

try this:

1. Boot up from your Windows XP CD. Pressing the F12 key right as your computer starts up will allow you to choose from a list of boot devices on most recent computer models. Otherwise, you will need to take a look at your user manual to figure out how to set the BIOS to boot from CD first.

Once you have successfully booted from the CD, you will see the Windows XP "Welcome to Setup" screen.

2. At the welcome screen press R to go into the Recovery Console. Press the number that corresponds to your Windows installation (usually 1) and press ENTER. Enter the password for the Administrator account on your computer (usually the password you put in the machine when you first bought the machine) and press ENTER. If your password is not accepted, try a blank password by just pressing ENTER.

3. Once you are able to log into the Recovery Console, run checkdisk. Sometimes this alone will fix the problem. You can use the command "chkdsk c: /r".

4. If you noticed any errors fixed, use the exit command at the prompt to restart the machine and see if it will boot. If not, log back into the Recover Console and go to the next step.

5. Navigate to the C:\Windows\System32\config folder. You can use the command cd C:\Windows\System32\config

6.  You can use the dir command to see a listing of the files in the directory.

7.  Rename your corrupted registry files.

If your error listed the SOFTWARE hive, rename the SOFTWARE registry file with the command: rename SOFTWARE SOFTWARE.bak


If your error listed the SYSTEM hive, you will need to rename the SYSTEM, SAM, and SECURITY registry files:

rename SYSTEM SYSTEM.bak
rename SAM SAM.bak

The SAM and SECURITY hives pertain to user accounts and logging into the machine. Since they are linked to the SYSTEM file, they need to be replaced when SYSTEM is replaced.

8.  Browse to the C:\Windows\repair directory with the command cd C:\Windows\repair. This is the directory which holds backup registry keys which were created when Windows was installed.

9.  Copy the backup files to the correct place.

If your error listed the SOFTWARE hive, copy the SOFTWARE registry file with the command: copy SOFTWARE C:\Windows\System32\config.

If your error listed the SYSTEM hive, copy the SYSTEM, SAM, and SECURITY registry files:

copy SYSTEM C:\Windows\System32\config
copy SAM C:\Windows\System32\config
copy SECURITY C:\Windows\System32\config

Note that in some cases the SYSTEM file will be named "SYSTEM.bak", in which case you will use the command: "copy SYSTEM.bak C:\Windows\System32\config\SYSTEM.bak" to copy the file instead. You can use the "dir" command to ascertain the name of the file.

10.  Navigate back to the config directory with the command "cd C:\Windows\System32\config".

Use the "dir" command to list the files in the directory. Make sure the following files exist in the directory (the names have to be exact, but it doesn't matter whether they are in upper or lower case):


11.  Type exit to reboot the machine.

12.  Hopefully you will now be able to reboot into Windows XP.


You can do nothing much more in this situation rather trying a repair install.
Chances are less that you might be able to recover data if the partitions are damaged anyway it is worth trying.
Repair install:


If you need to backup the data, you can use any of the Live CDs like Ubuntu, BartPE to boot from CD, and access the laptop's harddrive. These CDs even offer you network support so that you would be able to transfer all your important data to others machine on the network and then wipe the laptop's harddriver using any recovery CDs provided by Dell.
Hi mrjday

The same situation has been faced by my friend, a major virus attack, where he was unable to install anything on his system and the system never worked properly and used to display black screen. He ran antivirus but was of no use, everytime when he re-installed the OS and tried to work, the virus used to corrupt the registry and the same situation would come again.

Here, he just changed the hdd and recovered the entire data saved on the damaged drive to new hdd. He recovered the files with the help of RecoveryFix for Windows http://www.recoveryfix.com/recover-windows-data.html

Entire inaccesible files were recovered back. In your case you are still on a safe side, you can recover back your data with the help of Windows Data Recovery software and protect your data.

let me ad to my first post,
since it is a boot sector virus I recommend that u pull the ram and the battery on the mobo and wait 5 minutes and re set  the ram and battery and reinstall. the reason for this is that the new generation of these viruses, trojans and worms hide in the ram and bios making a formatt and reinstall either impossible or very hard to do.

if by chance u do format successfully and do'nt pull the ram and battery u run the chance of still being infected.

if after pulling the battery and ram you wait the required five minutes and it still does'nt work u may need to flash your bios.

i have posted this on this site a couple of times and have been personally attacked by other experts for it, so to provide more info to what i said here is a site:



I just ended up backing up and reinstalling.... takes too much time to waste tracking down this crap... thanks everyone
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.