[SOLVED] Error '\systemroot\system32\config\software was corrupted and it has been recovered'

A

allanc

Well-Known Member
Reaction score
385
Location
Toronto, Ontario, Canada
Operating system is Windows 7 Home Premium sp1 8 Gb of RAM.
I made a full image backup of the computer before I started to work on the computer.

A client brings in her computer saying that she "can't get any programs to run, the computer seems to be OK in safe mode but that mode is too limited".
She also says that a neighbour tried to fix her computer (of course) but was unsuccessful.
I booted into Windows and verified that the start button would display the programs but nothing would start including the Control Panel.
A Ctrl/Alt/Del would start the task manager which I would use to shutdown the computer.
I tried a Windows 7 repair and restoring back to last good configuration.
Neither seemed to improve the situation.

Next, I restored to one of the previous restore points.
This seemed to work in that programs would run but 2 Windows Updates were stuck in that they would fail to install over and over again.
So, I hide them (for the time being) and now that problem is resolved.

Historically (before the client brought the computer in), I can see many errors in the Windows System Log where the computer was not shutdown properly (e.g. 'The previous system shutdown was unexpected').

That brings me to where I am now with this computer.

Every time that I boot the computer the following error appears in the Windows System Log:
"(Registry Hive Recovered) Registry Hive (file): '\SystemRoot\System32\Config\Software' was corrupted and it has been recovered. Some data might have been lost".

I am getting the error above every time (either Safe Mode or Regular) that I power-up the computer.
Basically, the cycle of events is as follows:
a) I boot into Safe Mode with Networking and the network ICON is in the taskbar and all seems to be OK in terms of functionality.
b) I boot again into Regular Mode and the network ICON is in the taskbar and all seems to be OK in terms of functionality.
c) Sometimes, I can boot into Regular Mode several more times and all is OK.
d) Other times, when I boot into Regular Mode, the network ICON does not appear, the Control Panel does not open up when I double click on it, etc. The only way to 'fix' this problem is by booting into Safe Mode with Networking (go to step 'a' above).

I have searched for resolutions without success.
All assistance is greatly appreciated.
 
Without seeing all the errors you are seeing. I'm going with a stab in the dark approach here.Adding other errors might help with this for answers?

Have you thrown in the OS disk and done a repair. For me its like a 1/1000 it actually does anything. But dorsnt take a lot of time.
Viruses or any signs of a virus/rootkit? I'm doubting it is though.

Post up more errors in event log.
 
frederick said:
Without seeing all the errors you are seeing. I'm going with a stab in the dark approach here.Adding other errors might help with this for answers?

Have you thrown in the OS disk and done a repair. For me its like a 1/1000 it actually does anything. But dorsnt take a lot of time.
Viruses or any signs of a virus/rootkit? I'm doubting it is though.

Post up more errors in event log.
Click to expand...
I ran various rootkit checkers as well as MBAM. All are clean.
Diagnostics ran clean.
I did a Windows 7 repair as part of the boot process (F8).

Personally, what I think happened (without proof) is that the Windows Update messed up her computer.

Do you mean errors from before I received the computer?
 
Last edited:
Like I said, windowz repair doesn't work 99.9% of the time for me, and it didn't sound like a rootkit, but ruling out doesn't hurt when all else gas been checked.

And yes, what other errors appeared prior to you getting it. I've seen computers that got an error for something a month ago, and now the issue has surfaced as completly devastating to the computer. Like cancer, its not bad now, but what about a year from now? Start looking for errors in the critical and error range, see if anything is present or suspicious. You can review warnings as well. Everything a computer does basically is logged, so if you see some serious errors (like the ones you got), what else happened around that time, now you start looking at informational and warning events, security (eh...) and application, and whatever else. Its worth a shot
 
Last edited:
What brand/model is the PC, or if custom, what mobo is installed? There was a problem with some early Cougar Point chipsets that could cause odd stuff.

If that's not an issue, I guess I'd try running on just one stick of RAM to see if there's anything different. There's also the hives in System32\config\RegBack\ that you could give a try.
 
FremontPC said:
What brand/model is the PC, or if custom, what mobo is installed? There was a problem with some early Cougar Point chipsets that could cause odd stuff.

If that's not an issue, I guess I'd try running on just one stick of RAM to see if there's anything different. There's also the hives in System32\config\RegBack\ that you could give a try.
Click to expand...
The computer is an Acer.
I am current running another RAM test on both sticks.
Will report back later.
 
If the Acer is from March 2011 or before and has a Sandy Bridge processor, it might have a defective Intel chipset, so check into that too.
 
johnrobert said:
I would simply replace the software hive from the reg backup in same folder
listen to what its telling you
Click to expand...
Yes!
Copying the file from the 'regback' directory fixed the problem!
Thank you so much.

I was assuming (obviously incorrectly) that the original error message that I posted indicated that Windows 7 itself had restored the hive.
Even reading the original error over and over again - that is still my interpretation.
So, what exactly did it restore and from where?
 
The message mentions "recovered", not restored.

Now, as to what "recover" entails, I can't tell you, but it seems like it just tried to repair the existing hive.

Anybody else have a line on that one?
 
FremontPC said:
The message mentions "recovered", not restored.

Now, as to what "recover" entails, I can't tell you, but it seems like it just tried to repair the existing hive.

Anybody else have a line on that one?
Click to expand...
I see your point.
'Recovering' might entail 'restoring' or maybe not.

Now I know what the error message means and have documented it along with the resolution in my WIKI.
 
Actually, my first thought on reading this was that it was a well-corrupted user profile. That corruption would explain why it's coming back each time and why Windows thinks it has corrected it each bootup.
 
Xander said:
Actually, my first thought on reading this was that it was a well-corrupted user profile. That corruption would explain why it's coming back each time and why Windows thinks it has corrected it each bootup.
Click to expand...
Well, I spoke too soon.
Yes, the original error is gone but the other symptoms such as network ICON missing, programs do not start, etc persists (or should I say 'reappeared').
A reminder that this is Windows 7 Home Premium sp1 64-bit and the Administrator was not active.
I have since activated it and the Administrator has similar issues in that the network ICON is visible but no programs start.
 
Good point, Xander. Might be an interesting exercise to swap the hives back and then create a new user to see if the problem persists. We still don't know if Windows Update has issues...
 
You must log in or register to reply here.

Similar threads

Appletax
AVG hosed the OS - BSODs, bootrec/fixboot "Access is Denied"
2
Replies
25
Views
1K
britechguy
britechguy
frase
TPM CODE 15 ERROR
Replies
7
Views
177
lan101
lan101
River Valley Computer
Dell Chromebooks
Replies
15
Views
171
britechguy
britechguy
T
Seeking understanding of why new Dell gamer laptops can't use Device Encryption
Replies
3
Views
104
Markverhyden
Markverhyden
thecomputerguy
Family friends son died unexpectedly and is out of options right?
Replies
15
Views
343
fincoder
fincoder
Back
Top