A catch22 trying for Restore from Install media

[Harry Putnam]

I've hit a problem where bootup tells me the
C:\WINDOWS\system32\config\system
file is corrupted and suggests using windows install media with the
`R' option, however when I try that, I'm asked for the administators
password.

When I give that passwd it is rejected. There is no chance at all
that I'm giving the wrong password (except possibly miss-typing) and
I've very carefully typed (also check Caps lock is off) what I know to
be the correct password, but it is rejected.

OK, then I decided to try the Ophcrack password cracker and see if I
could set NO password. (I'd never used that tool before). Or maybe
set some new passwd that would not be rejected when coming back with
windows install media trying R option.

Ophcrack which is a linux live-cd also complains of a corrupt
C:\WINDOWS\system32\config\system
file and cannot proceed with anything to do with passwords.

OK, so I'm flumaxed at both ends.

Can anyone suggest a way to get past the password rejection?

Or is there any chance I could replace the
C:\WINDOWS\system32\config\system
file with that same file from a running windows XP machine?

I suspect not since there is different stuff installed and many other
differences although the basic hardware and OS is near identical.

Looking at both files, I see the one on the working machine is a fair
bit larger than the corrupted one.

Can anyone speak with some authority as to whether copying the file
over will only lead to more tragedy?

I can always move the bad one back into place...

 

[Paul]

I've hit a problem where bootup tells me the
C:\WINDOWS\system32\config\system
file is corrupted and suggests using windows install media with the
`R' option, however when I try that, I'm asked for the administators
password.

When I give that passwd it is rejected. There is no chance at all
that I'm giving the wrong password (except possibly miss-typing) and
I've very carefully typed (also check Caps lock is off) what I know to
be the correct password, but it is rejected.

OK, then I decided to try the Ophcrack password cracker and see if I
could set NO password. (I'd never used that tool before). Or maybe
set some new passwd that would not be rejected when coming back with
windows install media trying R option.

Ophcrack which is a linux live-cd also complains of a corrupt
C:\WINDOWS\system32\config\system
file and cannot proceed with anything to do with passwords.

OK, so I'm flumaxed at both ends.

Can anyone suggest a way to get past the password rejection?

Or is there any chance I could replace the
C:\WINDOWS\system32\config\system
file with that same file from a running windows XP machine?

I suspect not since there is different stuff installed and many other
differences although the basic hardware and OS is near identical.

Looking at both files, I see the one on the working machine is a fair
bit larger than the corrupted one.

Can anyone speak with some authority as to whether copying the file
over will only lead to more tragedy?

I can always move the bad one back into place...

This is a procedure for dealing with bad registry files.
It relies on some things to work.

1) You can't be dealing with a virus/trojan problem, as virtually every
facility inside the computer can be compromised by that.

2) You need a working System Restore function, enabled on at least the C:
partition. System Restore stores, amongst other things, copies of
your registry files on a daily basis. They're stored in the
System Volume Information folder (normally inaccessible, unless you're
determined to get in). If you've never made any modifications
to that, you could have a couple months worth of backup copies.

http://support.microsoft.com/kb/307545

The procedure consists of two stages:

1) You use an "empty" set of registry files, to get the OS back into
a bootable state. These registry files would be the ones created
when the OS was installed. They're bare bones, and won't know about
any of the programs you installed etc. You can't stop at this
point in the procedure, because your registry is not a match
for the rest of your installed state.

Once you've moved the "empty" registry files, in place of the
"corrupted" registry files, you can leave the Recovery Console
and try a regular boot.

3) Once you're booted, you can use System Restore, to go back a
few days, and put back the "fully populated" registry files,
hopefully free of corruption.

http://www.mvps.org/marksxp/WindowsXP/systemrestore/systemrestore.jpg

That procedure would not work, if you'd turned off System Restore.
People with malware problems, one of the first things they're told,
is to turn off System Restore and "flush" the contents. So if you had
malware, you cleaned it, then happened to need a set of "populated"
registry files, you'd be screwed. If, on the other hand, your
current registry files were damaged by some kind of file system
issue (i.e. dirty power off cycle), then chances are good you
can get pretty much back to where you were several days ago.
That is because, you'd believe your System Restore contents
weren't compromised.

One other issue is regarding the password. Now, if I was doing the
above procedure, and I couldn't get into the Recovery Console,
the first stage of the above operations, only requires access to
the file system. I could boot a Ubuntu CD, access the C: partition,
and move the required files into place. The command names in
Ubuntu would be slightly different (Linux "cp" versus Windows
"copy", Linux "rm" versus Windows "delete"), but it shouldn't
be that hard to slap the registry files into place. Ubuntu
does have a file manager, and you could drag and drop stuff,
but if there are permission problems, you may need the
equivalent of the Command Prompt (a Terminal window), to
finish the job.

Paul

 

[choro]

And dare I say by the time you have done all that you could have reinstalled
a completely new system on your freshly reformatted HD.

Mind you, you'd have to have regularly copied or backed up your user files
onto an external HD if you don't want to lose those. If you've got good
copies of your user files, why bother with all that doctoring the registry?

The best way is to probably regularly back up your C drive and reinstall
from the image. Or how about having a fairly up to date clone permanently
installed in your desktop and occasionally hooking it up to make a clone of
your HD? Adding another HD doesn't cost much these days. And it will be
perfectly safe if you keep it normally disconnected but still inside the
case and occasionally hook it up and do a clone when you know that your main
HD is perfectly healthy. No virus or malware or anything of that sort can
take control of your clone drive when it sitting in the case unhooked from
the motherboard. And you can neither drop it accidentally or lose it.

I' say this makes sense to me. And that's what I am going to do.Honest!

 

[Dominique]

I've hit a problem where bootup tells me the
C:\WINDOWS\system32\config\system
file is corrupted and suggests using windows install media with the
`R' option, however when I try that, I'm asked for the administators
password.

When I give that passwd it is rejected. There is no chance at all
that I'm giving the wrong password (except possibly miss-typing) and
I've very carefully typed (also check Caps lock is off) what I know to
be the correct password, but it is rejected.

<snip>

There are user account with administrators privilege, and there is the
administrator account which is usually hidden, you see it when entering
"Safe mode" and maybe in your case.

Have you tried simply hit "enter" without typing anything when asked for a
password?

HTH

 

[Jose]

I've hit a problem where bootup tells me the
  C:\WINDOWS\system32\config\system
file is corrupted and suggests using windows install media with the
  `R' option, however when I try that, I'm asked for the administators
  password.

When I give that passwd it is rejected.  There is no chance at all
that I'm giving the wrong password (except possibly miss-typing) and
I've very carefully typed (also check Caps lock is off) what I know to
be the correct password, but it is rejected.

OK, then I decided to try the Ophcrack password cracker and see if I
could set NO password. (I'd never used that tool before).  Or maybe
set some new passwd that would not be rejected when coming back with
windows install media trying R option.

Ophcrack which is a linux live-cd also complains of a corrupt
   C:\WINDOWS\system32\config\system
file and cannot proceed with anything to do with passwords.

OK, so I'm flumaxed at both ends.

Can anyone suggest a way to get past the password rejection?

Or is there any chance I could replace the
  C:\WINDOWS\system32\config\system
file with that same file from a running windows XP machine?

I suspect not since there is different stuff installed and many other
differences although the basic hardware and OS is near identical.

Looking at both files, I see the one on the working machine is a fair
bit larger than the corrupted one.

Can anyone speak with some authority as to whether copying the file
over will only lead to more tragedy?

I can always move the bad one back into place...

Was the issue preceded by a power interruption, aborted restart, or
improper shutdown? (this includes plug pulling and power buttons).

That is usually what I find to be the real cause of the error.

These things can cause corruption in the file system which must be
fixed before you do anything else.

If any of those events have occurred (or even if they have not
occurred), you should verify the integrity of your file system before
doing anything else (especially "trying" things).

It makes zero sense to start trying to copy files around on a hard
disk that has a corrupted file system so this must be fixed first
using the XP chkdsk program, and fixing that may resolve your issue
entirely.

More on that later... - you must be logged in first.

Is this XP Home or Pro?

Hint: You don't want to hack or crack the Administrator password, you
want to clear the Administrator password. That is not the same as
hacking or cracking.

Some hacking or cracking might work sometimes, but clearing it will
work all the time and there are utilities to do that.

If you Google something like:

xp clear administrator password

You will get on the right track.

I think Hiren's has some tools that might be helpful:

Make yourself a Hiren's BootCD which you can download from here:

http://www.hirensbootcd.net/

On the left, click Download, scroll down to the bottom, choose the
latest version available.

The download link is a little hard to see. It is at the bottom of the
page above the drop down list for older versions and looks like this
(click this part to download the ZIP file:

Direct HTTP Mirror + Torrent + Torrent Magnet

Click the "Direct HTTP Mirror" link to start the download and save the
ZIP file to your desktop of someplace you can remember. The ZIP file
is large, so the download will probably take a little while to
complete. Then unzip the download to extract the Hirens.BootCD.ISO
file that will be used to create your new bootable CD.

Creating a bootable CD from a .ISO file is not the same as just
copying the .ISO file to a blank CD. You have to use software that
understands how to burn a .ISO file to a CD to create a bootable CD.

In the Hiren's ZIP file are the BurnToCD.cmd file that you can double
click to launch it. The BurnToCD.cmd will use the extracted
BurnCDCC.exe file to burn the .ISO file to a blank CD using your
existing CD burner. You can also use your own CD burning software as
long as your software is capable of creating a bootable CD from a .ISO
file. Most modern CD burning programs can create bootable CDs from
an .ISO image. Creating a bootable CD from an ISO image is not the
same as just burning the file to a CD.

If you need a free and easy CD burning software package, here is a
popular free program:

http://www.imgburn.com/

Here are some instructions for ImgBurn:

http://forum.imgburn.com/index.php?showtopic=61

It would be a good idea to test your new bootable CD on a computer
that is working.

You may need to adjust the computer BIOS settings to use the CD ROM
drive as the first boot device instead of the hard disk. These
adjustments are made before Windows tries to load. If you miss it,
you will have to reboot the system again.

When booting on the Hiren's CD you will see a menu of options. Choose
the Mini XP option. Then it will appear that Windows is being loaded
and you will be presented with a desktop that has the look and feel of
the Windows Explorer interface you are already used to using.

Using the Mini XP, you can access the Internet, maneuver around your
system, search for files, copy files, replace files, run various scans
for malicious software, edit text files (like the c:\boot.ini) etc.

There are dozens of free and useful tools included in the CD that can
be used to repair your system or copy your important personal files to
another device (like a USB device or external drive) in the event that
you just give up and decide to reinstall your XP (hopefully you will
not make that decision).

 

[Harry Putnam]

[...]

It makes zero sense to start trying to copy files around on a hard
disk that has a corrupted file system so this must be fixed first
using the XP chkdsk program, and fixing that may resolve your issue
entirely.

Ehh yup, belatedly... but had to get something going...

More on that later... - you must be logged in first.

Is this XP Home or Pro?

Pro

I've solved the problem by going to a full re-install and all the
attendant mess of re-installing software and MS updates since my
media is probably at least 3 yrs old... It did have sp2 included at
least.

There were over 80 updates and software install thru windows update
waiting to be done and probably about as many software installs to get
my tooling up to snuff for what the machine is expected to do.

Now, pushing three days later I'm ready to go, and at least have a
nice lean, clean OS.

Thank you very much for a full response and lots of very helpful
info. It will help me whenever I get in a mess again.