This article applies to the following type of errors:

  • Unmountable Boot Volume
  • Can’t run System Restore in normal mode or safe mode, can’t open programs
  • Windows XP could not start because the following file is missing or corrupt: \WINDOWS\SYSTEM32\CONFIG\…
  • Stop: … {Registry File Failure} The registry cannot load the hive.
  • System error: Lsass.exe
    When trying to update a password the return status indicates that the value provided as the current password is not correct.

Resolution:

A. Boot the system into the Recovery Console and CHKDSK

    1. Insert the Windows XP cd into the top cd drive
    2. Turn the computer off
    3. Setup the computer to boot from cd: either by pressing F2, F9 or Delete to go in BIOS or by pressing F12 on Dell computers to launch the Boot Device Menu
    4. As soon as you get the message Press any key to boot from the cd hit enter.
    5. Wait ~3 minutes for the Windows Setup to initialize
    6. At the Welcome to Setup screen press R to repair windows using recovery console.
    7. Wait a couple of minutes while setup examines the hard drive.
    8. You will be prompted to choose a Windows installation. Press 1 on the top of the keyboard and then
    9. You will be prompted to enter the Administrator password.
    10. Press Enter if no password was set.
    11. Perform a disk check: 
      chkdsk /p
      fixboot
    12. Type exit to restart the computer.
    13. As soon as the computer starts hit F8 every second to bring up the Advanced Options Menu.
    14. Choose the Last Known Good Configuration.

If these steps didn’t resolve the issue go back in Recovery Console.

B. Perform the System Restore

Inside the Recovery Console type the following commands to change the directory to the system restore directory:

cd \
cd system~1

If you get an Access Denied error:


a) Type the following commands to change the directory to c:\windows\system32\config :

cd windows
cd system32
cd config

b) Rename the system branch of the registry. That will allow us to access the system restore folder from inside the Recovery Console. In case the process fails and you want to perform a Windows Repair you will need to rename system.bak to system again.

ren system system.bak

c) Type exit to leave the recovery console and to restart the computer.

d) Go back into the Recovery Console.

e) Re-enter the commands:

cd \
cd system~1

f) Continue with the steps from the “If you d   on’t get an Access Denied error” branch.


If you don’t get an Access Denied error :

cd _resto~1

If there is no _resto~1 folder or if there are no restore points inside it:


a) Type the following commands:

cd \
cd windows
cd system32
cd config
copy c:\windows\repair\system system

b) If you are getting a file not found error try:

copy c:\windows\repair\system.bak system

c) Then type the following :

copy c:\windows\repair\security security
copy c:\windows\repair\software software
copy c:\windows\repair\sam sam
copy c:\windows\repair\default default
exit

d) You will be able to boot into a altered version of the operating system. Backup your files from the c:\Documents and Settings folder and then reinstall the operating system.


If the _resto~1 folder exists, inside it there are several folders named RP1, RP2. These are restore points. RP1 is the oldest restore point. You can use

dir

to view what RP folders are available. If no restore points are available click here. Otherwise choose the most convenient RP folder. Supposing we have RP3 available let’s type in:


cd rp3

Change the directory to snapshot:

cd snapshot

Restore the main registry branches. If you are being asked if you want to overwrite type in y to agree.

copy _registry_machine_system c:\windows\system32\config\system
copy _registry_machine_software c:\windows\system32\config\software

The following commands are most of the time optional however the process might not work if they are not executed

copy _registry_machine_security c:\windows\system32\config\security
copy _registry_machine_sam c:\windows\system32\config\sam
copy _registry_user_.default c:\windows\system32\config\default

Type exit to reboot the system. Start the computer normally

Based on:
The support.microsoft.com article:
http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q307545&ID=KB;EN-US;Q307545

The icompute.info article:
http://www.icompute.info/System_restore_from_xp_cd.htm

Follow the instructions below to boot your computer in Safe Mode. In safe mode only a limited number of services and drivers are running. If one of these processes are causing a problem they can be Safely removed while in safe mode.

  • Shut down your computer
  • Turn the computer back on and as soon as it starts hit F8 every second until you get to the Windows Advanced Options Menu.
  • Choose Safe Mode or Safe Mode with Networking using the up and down arrows.
  • Choose your operating system.
  • You will get to a login screen. Make sure you login as yourself and not as the Administrator if you are an administrative user.

A long time go McAfee did not provide a removal tool for their software. At that time I have created a windows batch script called “mcrem”, which removed McAfee. Nowadays McAfee does provide an uninstaller, called “mcpr” which can be found (including additional instructions) at this link: https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS101331

For historical purposes and maybe just in case the script is still useful, here are the contents of the mcrem script. This should be tried in safe mode (where the McAfee services are not running). Check our article for starting Windows in Safe Mode if you don’t know how to do that: Starting Windows in “Safe Mode”

@set mcdir=
@set /P mcdir=" Directory (Enter for default):"

@if "%mcdir%"=="" @set mcdir=C:\PROGRAM FILES

@echo Stopping McAfee Services...

@net stop "McAfee.com McShield"
@net stop "McAfee WSC Integration"
@net stop "McAfee Task Scheduler"
@net stop "McAfee SpamKiller Server"
@net stop "McAfee SecurityCenter Update Manager"
@net stop "McAfee Personal Firewall Service"
@net stop emproxy
@net stop "McAfee HackerWatch Service"
@net stop "McAfee Log Manager"
@net stop "McAfee Network Agent"
@net stop "McAfee Privacy Service"
@net stop "McAfee Protection Manager"
@net stop "McAfee Proxy Service"
@net stop "McAfee Real-time Scanner"
@net stop "McAfee Redirector Service"
@net stop "McAfee Scanner"
@net stop "McAfee SpamKiller Service"
@net stop "McAfee SystemGuards"
@net stop "McAfee Update Manager"
@net stop "McAfee User Manager"

@echo Stopping McAfee Processes...

@tskill mcvsshld
@tskill mcagent
@tskill MpfAgent
@tskill MpfTray
@tskill mscifapp
@tskill MSKAgent
@tskill McVSEscn
@tskill oasclnt
@tskill MCLogLch
@tskill MskAgent
@tskill mclogcln

@echo Deleting McAfee Registry Keys...

@reg delete HKLM\Software\McAfee /f
@reg delete HKCU\Software\McAfee /f

@reg delete HKLM\Software\McAfee.com /f
@reg delete HKLM\Software\McRem /f
@reg delete HKCU\Software\McAfee.com /f

@echo Deleting McAfee Add\Remove Programs Entries...

@reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\McAfee Personal Firewall Plus" /f
@reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\McAfee Privacy Service" /f
@reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mcafee SecurityCenter" /f
@reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\McAfee SpamKiller" /f
@reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VirusScan Online" /f
@reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\McAfee Uninstaller" /f

@echo Unregistering McAfee Dll's...

@dir /B /S "%mcdir%\mcafee.com\*.dll" > %temp%\mcafeedll.txt
@for /F "delims=" %%i in (%temp%\mcafeedll.txt) do @regsvr32 /U "%%i" /S
@regsvr32 jscript.dll /S
@regsvr32 vbscript.dll /S

@echo Removing Desktop Shortcuts...

@del "%allusersprofile%\Desktop\McAfee Personal Firewall Plus.lnk" /F
@del "%allusersprofile%\Desktop\McAfee Privacy Service.lnk" /F
@del "%allusersprofile%\Desktop\McAfee Scan for Viruses.lnk" /F
@del "%allusersprofile%\Desktop\McAfee SecurityCenter.lnk" /F
@del "%allusersprofile%\Desktop\McAfee SpamKiller.lnk" /F
@del "%allusersprofile%\Desktop\McAfee Security Center.lnk" /F
@del "%allusersprofile%\Desktop\McAfee Scan.lnk" /F

@rd /S/Q "%allusersprofile%\Start Menu\Programs\McAfee"

@echo Removing Startup Entries...

@reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v MCAgentExe /f
@reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v MCUpdateExe /f
@reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v MPFExe /f
@reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v MPSExe /f
@reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v MSKAGENTEXE /f
@reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v MSKDetectorExe /f
@reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v OASClnt /f
@reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "VirusScan Online" /f
@reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v
VSOCheckTask /f
@reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v McLogLch_exe /f
@reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v MskAgent /f

@echo Removing McAfee Services...

@reg delete "HKLM\SYSTEM\CurrentControlSet\Services\MPFIREWL" /f
@reg delete "HKLM\SYSTEM\CurrentControlSet\Services\MpfService" /f
@reg delete "HKLM\SYSTEM\CurrentControlSet\Services\MskService" /f
@reg delete "HKLM\SYSTEM\CurrentControlSet\Services\McDetect.exe" /f
@reg delete "HKLM\SYSTEM\CurrentControlSet\Services\McShield" /f
@reg delete "HKLM\SYSTEM\CurrentControlSet\Services\McTskshd.exe" /f
@reg delete "HKLM\SYSTEM\CurrentControlSet\Services\mcupdmgr.exe" /f

@reg delete "HKLM\SYSTEM\CurrentControlSet\Services\McAfee HackerWatch Service" /f
@reg delete "HKLM\SYSTEM\CurrentControlSet\Services\McLogManagerService" /f
@reg delete "HKLM\SYSTEM\CurrentControlSet\Services\mcmispupdmgr" /f
@reg delete "HKLM\SYSTEM\CurrentControlSet\Services\McNASvc" /f
@reg delete "HKLM\SYSTEM\CurrentControlSet\Services\McODS" /f
@reg delete "HKLM\SYSTEM\CurrentControlSet\Services\mcpromgr" /f
@reg delete "HKLM\SYSTEM\CurrentControlSet\Services\McProxy" /f
@reg delete "HKLM\SYSTEM\CurrentControlSet\Services\McRedirector" /f
@reg delete "HKLM\SYSTEM\CurrentControlSet\Services\McSysmon" /f
@reg delete "HKLM\SYSTEM\CurrentControlSet\Services\mcusrmgr" /f
@reg delete "HKLM\SYSTEM\CurrentControlSet\Services\mfeavfk" /f
@reg delete "HKLM\SYSTEM\CurrentControlSet\Services\mfebopk" /f
@reg delete "HKLM\SYSTEM\CurrentControlSet\Services\mfehidk" /f
@reg delete "HKLM\SYSTEM\CurrentControlSet\Services\mferkdk" /f
@reg delete "HKLM\SYSTEM\CurrentControlSet\Services\mfesmfk" /f
@reg delete "HKLM\SYSTEM\CurrentControlSet\Services\Emproxy" /f
@reg delete "HKLM\SYSTEM\CurrentControlSet\Services\MPS9" /f
@reg delete "HKLM\SYSTEM\CurrentControlSet\Services\MSK80Service" /f

@echo Removing Other Registry Keys...

@reg delete "HKLM\SOFTWARE\Microsoft\Exchange\Client\Extensions" /v "McAfee SpamKiller" /f
@reg delete "HKLM\SOFTWARE\Microsoft\Exchange\Client\Extensions" /v "McAfee SpamKiller Exchange Extension" /f
@reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1}" /f
@reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar" /v "{0BF43445-2F28-4351-9252-17FE6E806AA0}" /f
@reg delete "HKLM\SOFTWARE\Microsoft\Office\Outlook\Addins\McOlAddin.Connect" /f
@reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53}" /f
@reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSC" /f
@reg delete "HKU\.DEFAULT\Software\McAfee" /f

@echo Preparing Final Steps...

@echo rd /S/Q "%mcdir%\mcafee" > %temp%\mcrem.bat
@echo rd /S/Q "%mcdir%\mcafee.com" >> %temp%\mcrem.bat
@echo rd /S/Q "%allusersprofile%\Application Data\mcafee" >> %temp%\mcrem.bat
@echo rd /S/Q "%allusersprofile%\Application Data\mcafee.com" >> %temp%\mcrem.bat
@echo rd /S/Q "%allusersprofile%\Application Data\McAfee.com Personal Firewall" >> %temp%\mcrem.bat
@echo reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v mcrem /f >> %temp%\mcrem.bat

@reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v mcrem /t REG_SZ /d %temp%\mcrem.bat /f

@cls
@echo ALL STEPS WERE COMPLETED!
@echo YOU NEED TO RESTART THE COMPUTER TO COMPLETE THE REMOVAL PROCESS!
@echo IF AFTER THE COMPUTER RESTARTS YOU ARE GETTING MCAFEE ERRORS RUN
@echo THIS PROGRAM ONE MORE TIME!
@pause
@shutdown -r -t 00 -f

Who is this Administrator?

You want to make a change to your operating system one day, like for example you want to use the registry editor to clean uninstall a program and instead of seeing the registry editor window, a message comes up and tells you that your Administrator has disabled registry editing:

Registry editing has been disabled by your administrator.

Now you are probably wondering who the heck is this Administrator and what is he doing disabling your registry. Last time you’ve checked you were the sole owner of the computer and you don’t remember making any changes that could have caused this.

Did a hacker become the owner of your machine without your knowledge?

If you are not using a corporate computer and you are suspecting this you are probably very close to the truth.

A windows restriction is also called group policy. The reason behind the naming is that Microsoft has created these settings to be able to manage permissions for large groups of users inside corporate networks through the Active Directory system.

Let’s take for example a company that has two main user categories: Sales and Technical Support. You want to protect the users in the Sales department from unintentionally harming their computer so you disable the use of the registry editor and the command prompt for their group. At the same time you know that the Technical Support people need the registry editor in their work so you leave the setting enabled for them.

Tip: If you are using XP Professional, Media Center or Windows Vista go to Start, click on Run (or press the Windows Key+R) and execute gpedit.msc. You will now discover a brand new universe of hundreds of settings that if you are technical enough and like to play with your computer, you’ll probably start using right away ;).

Windows XP Home edition users will not be able to use the gpedit.msc utility however they can still use the registry to add or remove group policy restrictions. These settings are located mainly in four registry keys:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies
HKEY_CURRENT_USER\Software\Policies
HKEY_LOCAL_MACHINE\Software\Policies

 

If the registry editor has been disabled you can still use the reg command to bring it back like this:

reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies /f
reg delete "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoFolderOptions /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore" /v DisableSR /f
reg add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies /v "" /t REG_SZ /d ""

Symptoms: Folder options is not available in the Windows Explorer Tools menu.

Cause: This problem is caused by a group policy.

Solution: Do the following:

Click Start, choose Run and execute regedit.

Navigate to: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]

Look for a value called NoFolderOptions on the right panel

Right click on the NoFolderOptions value and choose delete

Navigate to: [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]

Right click on NoFolderOptions on the right pane and choose Delete