Wednesday, November 5, 2008

Recover from a Corrupted Registry in Windows XP

When Will This Recovery Work?
You'll want to use the steps on this page to recover from a corrupted registry when you have already tried other options such as System Restore and you receive a message similar to one of the following when you try to boot your computer with Windows XP.

  • Windows XP could not start because the following file is missing or corrupt: \WINDOWS\SYSTEM32\CONFIG\SYSTEM

  • Windows XP could not start because the following file is missing or corrupt: \WINDOWS\SYSTEM32\CONFIG\SOFTWARE

  • Stop: c0000218 {Registry File Failure} The registry cannot load the hive (file): \SystemRoot\System32\Config\SOFTWARE or its log or alternate

  • System error: Lsass.exe
  • When trying to update a password the return status indicates that the value provided as the current password is not correct.
Be careful using this procedure in other circumstances or with an OEM version of Windows XP since OEM installations create passwords and user accounts that did not exist previously and may cause you not to be able to log into the Recovery Console to restore files.

Booting into the Recovery Console

You'll need to use the Windows XP Recovery Console to fix a corrupted registry, this will either require you to boot from a Windows XP Installation CD or boot directly to the Recovery Console if its installed. Follow these steps to boot into the Recovery Console from a Windows XP Installation CD.

1)
Place your Windows XP in the CD-ROM Drive
2) Restart your computer and make sure your BIOS is set to boot from CD
3) When you see the following command press the space bar.

"press any key to boot from cd..."

4) Wait until you see the "Welcome to Setup" screen, and press R to start the Recovery Console
5) Choose which Windows installation you wish to load (this is usually #1 unless you have a multi-boot system)
6) Type the administrator password and Press Enter
7) You should now be at the C:\Windows> prompt

Copy Repair Files Using the Recovery Console

This procedure assumes Windows is installed on Drive C, if you have installed Windows on another drive, please substitute the appropriate drive letter in the procedure below.

At the Recovery Console command prompt, type the following lines, pressing ENTER after you type each line:

md tmp
copy c:\windows\system32\config\system c:\windows\tmp\system.bak
copy c:\windows\system32\config\software c:\windows\tmp\software.bak
copy c:\windows\system32\config\sam c:\windows\tmp\sam.bak
copy c:\windows\system32\config\security c:\windows\tmp\security.bak
copy c:\windows\system32\config\default c:\windows\tmp\default.bak

delete c:\windows\system32\config\system
delete c:\windows\system32\config\software
delete c:\windows\system32\config\sam
delete c:\windows\system32\config\security
delete c:\windows\system32\config\default

copy c:\windows\repair\system c:\windows\system32\config\system
copy c:\windows\repair\software c:\windows\system32\config\software
copy c:\windows\repair\sam c:\windows\system32\config\sam
copy c:\windows\repair\security c:\windows\system32\config\security
copy c:\windows\repair\default c:\windows\system32\config\default

Type exit to quit Recovery Console. Your computer will restart, press F8 as it starts and choose Safe Mode.


Restart in Safe Mode and Find a Recent Snapshot Backup

Restart your computer in Safe Mode by pressing F8 during the initial bootup and choosing Safe Mode. Once in Safe Mode, you need to make sure the files and folders are visible so you can access them. Follow these instructions to accomplish this.

1. Open My Computer
2. Click on the Tools menu, then click Folder Options.
3. Click the View tab.
4. Under Hidden files and folders, click to select Show hidden files and folders, and then click to clear the Hide protected operating system files (Recommended) check box.
5. Click Yes when the dialog box that confirms that you want to display these files appears.

In My Computer, Double-click the drive where you installed Windows XP (usually Drive C) to display a list of the folders. then double-click on the "System Volume Information" folder. This folder contains the system restore points stored on your computer. The folders will look similar to

_restore{EE42BEB8-700A-495F-8004-53D26C2E12C5}

You might receive an access denied error message similar to the following when trying to access the System Volume Information folder.

C:\System Volume Information is not accessible. Access is denied.

This is generally caused because the user you are logged in under does not have permissions set on the folder. To fix this, follow the instructions in the Microsoft Knowledge Base article 309531 to gain access and continue. Each version of Windows XP is different on how to change these permissions.

Once you have access to the snapshots, use the instructions below to copy one of the latest snapshots to the Windows\TMP directory so you have access to it.

1) In the System Volume Information Folder, click on View, and then click Details to display the date of each snapshot folder.
2) Double-click on a folder that was not created at the current time but rather before the problem started.
3) Double-click on the Snapshot subfolder
4) Using your normal windows copy and paste techniques, highlight the following files and copy them into the C:\Windows\TMP folder
  • _REGISTRY_USER_.DEFAULT
  • _REGISTRY_MACHINE_SECURITY
  • _REGISTRY_MACHINE_SOFTWARE
  • _REGISTRY_MACHINE_SYSTEM
  • _REGISTRY_MACHINE_SAM
5) Rename the files that you just copied into the C:\Windows\TMP folder by right-clicking on each filename and choosing Rename, then typing the new name. Repeat this for each file in the list below.
  • Rename _REGISTRY_USER_.DEFAULT to DEFAULT
  • Rename _REGISTRY_MACHINE_SECURITY to SECURITY
  • Rename _REGISTRY_MACHINE_SOFTWARE to SOFTWARE
  • Rename _REGISTRY_MACHINE_SYSTEM to SYSTEM
  • Rename _REGISTRY_MACHINE_SAM to SAM
6) Once you have renamed the files, restart your computer again with the Recovery Console (refer to the instructions above to do this)


Replace the Repair Files with a Current Backup of the Registry

After rebooting the computer and starting the Recovery Console again, type the following commands at the prompt to replace the files with a current backup. You'll need to press Enter after each command.

del c:\windows\system32\config\sam
del c:\windows\system32\config\security
del c:\windows\system32\config\software
del c:\windows\system32\config\default
del c:\windows\system32\config\system

copy c:\windows\tmp\software c:\windows\system32\config\software
copy c:\windows\tmp\system c:\windows\system32\config\system
copy c:\windows\tmp\sam c:\windows\system32\config\sam
copy c:\windows\tmp\security c:\windows\system32\config\security
copy c:\windows\tmp\default c:\windows\system32\config\default

After the files have been replaced, type EXIT at the command prompt to restart Windows in normal mode.


Use System Restore to Return to a Good Backup Point

Because there is more to a System Restore than just the registry files, follow these steps to restore your computer to a good backup point.

1. Click Start, and then click All Programs.
2. Click Accessories, and then click System Tools.
3. Click System Restore, and then click Restore to a previous Restore Point and finish the restore.

No comments: