This came from the Internet. Here is the Link I copied it from. Thanks Ray!
I have used the Microsoft way a few times and it has saved a ton of time!
If you can’t boot into Windows XP at all because you have one of the following errors, reading this page might help you!
In working with many Windows XP computers over the past couple of years in my shop, I’ve run across a few systems with corrupted registry files. Most of the time, I will get an error similar to the following:
Windows could not start because the following file is missing
or corrupt: \WINDOWS\SYSTEM32\CONFIG\SYSTEM \WINDOWS\SYSTEM32\CONFIG\SOFTWARE
Other times I won’t get an error and the system will just reboot continuously without a blue screen error message. One thing is for certain in all of these problems: I can’t boot into safe mode to fix it!!!!
It is cases like this when we want to manually roll back the registry. Basically, this restores your system’s registry files to a point where they might have actually been stable, or at least less destructive than they are now. This process is not the same as system restore, mainly because we’re only replacing the registry files, where system restore also replaces other system files.
If you Turned Off System Restore, turn around and go back where you came from. There is no hope for you.
One of Windows XP’s “features” is something called System Restore. I don’t like to use it for reasons I do not plan to go into, but what is good news for you and me is that System Restore takes a daily snapshot of your Registry files.
The registry snapshots are kept in the System Volume Information directory, typically in the root of the C: drive. The files are difficult to access normally, even in the Recovery Console, because the NTFS security settings on these files do not allow any user except for SYSTEM access to the files. Microsoft’s way of doing what I am explaining now, which is linked at the bottom of this page, explains to restore the original registry files from %Windir%\Repair\ first, then changing the security and blah blah blah eventually getting the right files in. What a crockashit… My way is much easier.
STEP 1 -> Boot your system with WinPE
In order to move these registry files around, we need full, unrestricted access to the NTFS filesystem. This can be done several ways, but the easiest and most efficient way is to use something called the Windows XP PreInstallation Environment, WinPE for short. If you are a Microsoft OEM you likely have a real Microsoft WinPE CD lying around, but if not you can build your own WinPE. I highly recommend building the PE yourself, as it is a most valuable tool as a technician. If you do not care to do this, skip everything else I’m going to say and go do it the Microsoft way.. blah.
STEP 2 -> Find a recent Restore Point Registry Snapshot
So at this point, you’ve fully booted into the WinPE environment and have a cmd.exe prompt open. First off, navigate to the C:\System Volume Information\ directory. Windows XP has a great thing called tab completion Type “cd \sys” and then press the tab key. Voila! press enter.
From here, do a “dir” and see what you have… You may see one or two weird directories that have Microsoft CLSID identifiers. Within one of these directories we’re looking for “Restore Points” which will be directories identified by “RPxx” where xx is a number. Type “cd _restore{CDSFSD”+tab or whatever the name of the directory is and do another ‘dir’. If you see nothing, “cd ..” and then go into the other one.
Now you’ve made it into the directory with all the restore points. Congratulations! Since they’re not in any order, type “dir /od” to sort them by date. Look closely at the timestamp of these directories. Your goal here is to restore the system to a point where it was working and not about to crash. You also do not want to go back so far that it affects your settings or programs that you’ve installed, programs you’ve activated, etc. I try to keep the restore over two days but within a week of when the system crashed. Let’s say it’s 6pm on Thursday, look for midday Tuesday or beforehand, but not much more than that. Once you have found one that you’re satisfied with, change to that directory, and beneath it, change to the “snapshot” directory. Do a directory listing. This is what your registry was at that point. Chances are it isn’t corrupted, and your system might boot with it!
STEP 3 -> Overwrite your corrupt registry with the snapshot
All we have to do now is get these registry files to overwrite your current registry files. Great. Wait, Backup, you say? Why? They’re corrupted. Why backup a corrupted file?
Using the benefits of Tab Completion, type the following commands:
copy _REGISTRY_MACHINE_SAM \windows\system32\config\SAM copy _REGISTRY_MACHINE_SECURITY \windows\system32\config\SECURITY copy _REGISTRY_MACHINE_SOFTWARE \windows\system32\config\SOFTWARE copy _REGISTRY_MACHINE_SYSTEM \windows\system32\config\SYSTEM copy _REGISTRY_USER_.DEFAULT \windows\system32\config\DEFAULT
Congratulations! Wasn’t that easy? Reboot and celebrate in your victory over Microsoft. Didn’t fix it? You might be SOL. Try a repair installation or scanning your hard drive for viruses outside of your computer or in that wonderful WinPE.
Relevant Links:
- How to recover from a Corrupted Registry That Prevents Windows XP from Starting – The “Microsoft Way”. (the long way)
– Hey I was wondering if you could make a .bat file that can do backups?, so I don’t have to use the stupid wizard backup every time, 😀 thanks. Email me if you wish.
Well because the files are protected from normal backup using a copy command but there is a utility that you can use that will do the same thing and you can have it run every time you start your computer. Here is the link
http://www.larshederer.homepage.t-online.de/erunt/
I will also put it under my downloads
Hi, I have had a serious registry problem and have been trying to fix it for the last 3 days (I cant risk formatting).
Earlier today, I installed another windows on the same C drive but to a different folder; does this mean I cant follow your instructions and fix my problems ?
I have PE and was following your instructions but got stuck at step 2 when going through the ‘system volume information’ only two RP0 and RP1 directories which did not have any ‘system restore’ folders within them. I am scared that my second installation has removed other/previous ‘restore points’ !! Pls help if you have any other suggestions.
Under the System Volume Information there should be _restore{XXXXXXX in there should be the RPX folder. Under this folder should be a snapshot folder. Under this it should have the registry files labeled _REGISTRY_MACHINE_SAM _REGISTRY_MACHINE_SYSTEM etc. If there is not a snapshot folder in any if the RPX folders see if there is another _restore{XXXX under the System Volume Information folder. I normally have 2 _restore{XXXX folders. If there is no snapshot folder under any then you are probable screwed. If you disabled system restore monitoring it will delete the files and possible installing the second copy of XP may have caused the deletion. I would have though that Microsoft would keep separate _restore{XXXXX for each installation. If you do find the snapshot folders you also have to consider is it from the first installation of XP or the new installation. Checking the dates should let you know which snapshot folder is right. Because hard drives are so cheap and my BIOS allows me to boot from different drives is why I install OS separately on each drives. I hope this helps and I hope you can find the snapshot folder.
Steve, thank you very much for your help, unfortunately I am screwed. My new XP installation has removed all the old RPxx directories (I guess, because the directory time stamp is of the new installation).But interestingly when I use Eusing free registry cleaner from my new XP installation it still shows all the registry from the original XP and marks them as ‘invalid’ or ‘improper shortcuts’. I was hoping I could do something with them but nothing is working out.
Wish I had found your website earlier…
Steve – One stupid question. After typing the five “copy” commands, I presume that pressing “enter” overwrites the file. Is that correct?
Yes after you press enter it will overwrite the file. This is why you should backup your existing registry first just in case you have to go back.