Solved

Event ID 5 Source: Kernel-General. Reg Hive Recovered \systemroot\system32\config\software

Posted on 2009-05-18
3
5,572 Views
Last Modified: 2013-11-29
Having an issue with system event log entry:

EventID: 5 Source: Kernel-General
"Registry hive recovered 'software' - corrupted and recovered.  Some data may have been lost."

From what I've search most similar issues like this resulted in a non-bootable system (BSOD).  My system is booting and running.  This event entry occurs everytime I logoff, reboot, and/or logon.  However, it may have contributed to a server crash we had about three months ago.  Is it still a corrupt profile??

Any help would be greatly appreciated!  Thanks in advanced.

WS 2008 SP1 64bit
SQL Server 2008 64bit
IIS 7.0
IE 7.0
0
Comment
Question by:pcl586
  • 2
3 Comments
 
LVL 41

Accepted Solution

by:
graye earned 500 total points
ID: 24425573
Ouch....  
You'll need to see if you've got a "system restore point" or a backup with System State in order to get a valid Software hive.   There *is* a prototype Software hive that you can use to overwite the one you've got, but that means you'll have to reload practically every software package you've got over again.
It would be extremely helpful if you knew precisely the date/time of the last good boot (so you won't waste your time recovering an already busted registry hive).
0
 

Author Comment

by:pcl586
ID: 24426183
graye

thanks for the response.  unfortunately (for me) we dont have a system restore point and if we did wouldnt know the exact time b/c this has been occuring for about two months now....Our ISP installed the OS and deployed all the security patches (about two months ago).  Suspecting something may have occurred after right after the all the patches.

Sounds like the safe bet would be a server rebuild to me...how much would you agree/disagree (in you opinion) to that??

thanks!
0
 
LVL 41

Expert Comment

by:graye
ID: 24427406
Yeah, I'd agree that it makes the most sense to just do a reinstall....
Sorry about that
0

Featured Post

Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

OfficeMate Freezes on login or does not load after login credentials are input.
How to record audio from input sources to your PC – connected devices, connected preamp to record vinyl discs, streaming media, that play through your audio card: Vista, Windows 7, Windows 8, Windows 8.1 and Windows 10 – both 32 bit & 64.
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question