Original Location of Information
http://forums.pcper.com/showthread.php?t=384102
Registry Recovery in Windows 2K/XP
INTRODUCTION
If you’re reading this, you’ve probably just encountered one of the following errors:
•Windows could not start because the following file is missing or corrupt: WINDOWSSYSTEM32CONFIGSYSTEM
•Windows could not start because the following file is missing or corrupt: WINDOWSSYSTEM32CONFIGSYSTEMced
•Windows could not start because the following file is missing or corrupt: WINDOWSSYSTEM32CONFIGSOFTWARE
•Stop: c0000218 {Registry File Failure} The registry cannot load the hive (file): SystemRootSystem32ConfigSOFTWARE or its log or alternate
These errors occur as a result of files in the Registry Hive being corrupted or are missing. The two files are SOFTWARE and SYSTEM under C:WINDOWSSystem32config. Sometimes registry corruption can happen seemingly without reason but is usually caused by the registry being too big, software glitches (apps, drivers, viruses, etc) or hardware faults (eg. RAM and Hard Drives). Hopefully you’ve already got a good backup scheme to protect your valuable data
In Windows XP at least, there is a significant chance of being able to recover your system without having to completely reinstall Windows. If you use Windows XP’s System Restore, you’re in with a good chance.
Windows 2000 doesn’t have System Restore, however, MS have released a Windows 2000 Registry Repair Utility which is certainly worth a shot, however if it doesn’t work, a reinstall of Windows is probably quicker.
STEP 1: Automated Recovery
The easiest step that may resolve this issue is to boot using your system’s ‘Last known good configuration’. It is most likely to work if the errors were as a result of a botched hardware driver install but probably won’t work if the error is from a software error or some setting related to aesthetics or user settings in Windows.
Both WinXP and Win2K users can do this. Simply press ‘F8’ immediately after the P.O.S.T. (Power On Self Test) – the last screen where your PC displays hardware info before it puts up the first Windows screen. In the F8 menu, you should see ‘Last known good configuration’. Use the arrow keys and the ENTER key to navigate to and select options in the menu.
If this works, then you’re one of the lucky ones. If not, then you’ll need to read on…
STEP 2: Hardware Analysis
This step is optional but still recommended. The purpose of doing this now is to determine the viability of resurrecting Windows. If it’s a hardware fault, the problem could easily occur again, hence you’ll end up doing the whole process again. On the other hand, it may be a software problem and you end up spending time doing analyses on your hardware. At least you’ll know that it still works
1.Test your power supply as per the instructions on this page.
2.Download Memtest86 from www.memtest86.com and run it for at least one pass. If Memtest86 encounters any errors, this could possibly be the cause of your problem.
3.Find out the brand of hard drive you have, then visit the manufacturer’s website and search for their diagnostics software. Run this software on the problem PC.
There are other types of hardware fault that can cause registry corruption, with PSU, RAM and hard drive faults being the most likely causes. If you can’t spot a fault with the above tests and still can’t get it working after finishing the following procedures, post a new thread in this forum explaining your situation.
STEP 3a: Manual Recovery – Getting into Safe Mode
If you are using Windows 2000, please scroll to the last post in this thread.
If you do not use System Restore in Windows XP, please read the footnotes for this step for further advice before proceeding.
The process involves the replacing current registry hive files with backups of registry files that System Restore has saved at some point or from a very bare windows repair hive file. Its effectiveness depends heavily on the existence and dates of Restore Points made under System Restore. The more recent the Restore Point is, the more chance of a total recovery. For users who do have Restore Points, this step is required to access STEP 3b and STEP 3c.
This process requires you to have your Windows installation CD so that you can boot into the Windows Recovery Console. The Recovery Console is a very restricted DOS-like system, which only allows for a few select commands. Read through it carefully as it can get quite tedious and is easy to make small mistakes with big consequences.
** %windir% will be used to substitute C:WINDOWS or C:WINNT.
%windir% means the folder where Windows was installed.
You can actually type “%windir%” as a substitute for “C:WINDOWS” or “C:WINNT”.
1.Enter your Computers BIOS setup options and change the Boot Sequence so that the CD boots first. Insert the Windows CD and then save & exit the BIOS settings.
2.Press ‘R’ to enter the Recovery Console when you see the prompt, then select your Windows installation and log in using an account with Administrator level rights. If your usual account login denies you permission to execute any of the following steps, try logging in as ‘Administrator’ (without the ‘ ‘) and a blank password (just press ENTER).
3.You should be in the Windows directory (C:WINDOWS or C:WINNT). If not, then move into the Windows directory by typing:
cd %windir%
4.Create a backup directory by typing:
md bak
(you’ve just created c:%windir%bak)
5.Change to the registry’s container folder by typing:
cd %windir%system32config6.Back up the current registry hive by typing these lines one by one:
copy system %windir%baksystem.000
copy software %windir%baksoftware.000
copy sam %windir%baksam.000
copy security %windir%baksecurity.000
copy default %windir%bakdefault.000
(adding the ‘.000’ at the end helps to prevent overwriting these files and any mistakes )
7.Confirm that they are all in the backup folder by typing:
dir %windir%bak8.Delete the current registry hive by typing these lines one by one:
del system
del software
del sam
del security
del default
9.Replace the active registry hive with the repair hive substitutes by typing these lines one by one:
copy %windir%repairsystem
copy %windir%repairsoftware
copy %windir%repairsam
copy %windir%repairsecurity
copy %windir%repairdefault
10.Confirm that the repair hive substitutes are now in the %windir%system32config folder by typing:
dir
11.Proceed to Step 3b.
** Users who have disabled System Restore won’t be able to continue to Step 3b. You can gain basic functionality by using these files, however they are practically blank. They will render almost all of your installed applications useless, you will need to reinstall drivers and your user settings will be lost. It still beats not being able to get into Windows and can be helpful in backing up valuable data. You will most likely have to reinstall Windows to get things working properly again.
STEP 3b: Manual Recovery – Recovering Saved Registry Files
This step doesn’t apply to Windows 2000 users.
This process requires you to enter your BIOS again and change the boot sequence to boot from your hard drive again. You’ll need to use the F8 menu as described in STEP 1 to get into Safe Mode. If you reach the Safe Mode login screen, proceed with this step. If you encounter errors at this point, your problem may not be restricted to the registry. It is possible that other important system files have been affected or hardware may be at fault.
You may get a message box requesting you to choose between entering Safe Mode or to use System Restore to restore to a previous state – you want to enter Safe Mode.
1.At the Safe Mode login screen, log in using an account with Administrator level rights – use the account that you used in STEP 3a.
2.You need to be able to see system files and folders:
Open Windows Explorer and go to the Tools menu > Folder Options > View, and in the list box change the following settings:
– Select ‘Show hidden files and folders’
– De-select ‘Hide extensions for known file types’
– De-select ‘Hide protected operating system files’
– De-select ‘Use simple file sharing’
Click ‘Apply’ and then ‘OK’.
3.Now you should be able to see a folder in ‘C:’ drive called ‘System Volume Information’. This contains the System Restore Points, which in turn contain backups of the registry hive. You need to give yourself permission to access this folder and it’s contents if you don’t already have access to it:
– Use the mouse to right click on ‘C:System Volume Information’ and choose ‘Properties’.
– Open the ‘Security’ tab and click ‘Add’. Type your current login name in the white space and then click ‘Check Names’ and then ‘OK’.
– Use the mouse to highlight you username in the next screen then tick the ‘Full Control’ box under the ‘Allow’ column.
– Click ‘Apply’ and then ‘OK’.
4.Now you need to find a fairly recent restore point:
Inside the ‘System Volume Information’ folder, there will be one or more folders with a name similar to ‘_restore{A41FD8B9-27F4-4FC5-AE69-D3A03EA91657}’. These are Restore Points. Inside each of these are lots of folders titles ‘RP…’ – these are repositories containing backups of system files that have been preserved periodically. Check the ‘Date Created’ properties on the ‘RP…’ folders. Don’t go for the newest one in case it also contains the problem. Go for the second oldest one – write down the date and then open it.
5.Now you want to copy the registry files from there to your C:Windowsbak:
In the ‘RP…’ folder, you should see a sub-folder called ‘snapshot’. You need to select and copy (do not cut!) the following files so you can paste them into C:Windowsbak:
_REGISTRY_MACHINE_SAM
_REGISTRY_MACHINE_SECURITY
_REGISTRY_MACHINE_SOFTWARE
_REGISTRY_MACHINE_SYSTEM
_REGISTRY_MACHINE_.DEFAULT
6.Now you need to rename the files that you’ve just copied to C:Windowsbak. Make sure you’re in C:Windowsbak!!
Click on each one individually and then press F2 to rename them.
Rename ‘_REGISTRY_MACHINE_SAM’ to SAM
Rename ‘_REGISTRY_MACHINE_SECURITY’ to SECURITY
Rename ‘_REGISTRY_MACHINE_SOFTWARE’ to SOFTWARE
Rename ‘_REGISTRY_MACHINE_SYSTEM’ to SYSTEM
Rename ‘_REGISTRY_MACHINE_.DEFAULT’ to DEFAULT (no dot!)
STEP 3c: Manual Recovery – Restoring the Registry Hive
This step doesn’t apply to Windows 2000 users.
This step requires you to run the Recovery Console off the Windows Installation CD again so you’ll need to get back into BIOS and configure your system to boot from the CD first.
1.Once you’ve logged in as per STEP 3a, you need to move to the containing folder by typing:
cd %windir%system32config
2.Now you need to delete the currently used registry hive files by typing these lines one by one:
del system
del software
del sam
del security
del default
3.Now you need to copy the Restore Point files so that Windows can load from them. Restore the hives with their replacement by typing these lines one by one:
copy %windir%baksystem
copy %windir%baksoftware
copy %windir%baksam
copy %windir%baksecurity
copy %windir%bakdefault
4.Confirm that the registry hive replacements are now all there by typing:
dir
(you should be looking at files in C:%windir%system32config)
Once you’ve done that, restart your PC and set the Boot Sequence in BIOS to boot from the hard drive again. Boot into Windows normally. It should work properly. As a further measure in case there are hidden glitches created as a result of manual restoration, you can open System Restore (in the Start Menu) and roll back to the second last Restore Point prior to the time you encountered this problem.
Windows 2000 – Automated Registry Recovery
This step doesn’t apply to Windows XP users.
As mentioned in the first post, MS released a Windows 2000 Registry Repair Utility. It works by creating a set of Windows XP boot floppies (six 3½” discs) and then modifies the last disc. Yes, that’s correct. XP setup disks.
There are two ways of going about this. You can either download the Windows 2000 Registry Repair Utility and the Windows XP Setup Disks for Floppy Boot Install and then create those disks and then modify them OR you can create a bootable CD as per the instructions below.
Obviously you’ll need a working PC to do this, but then if you didn’t have one, you wouldn’t be reading this You’ll also need a Windows XP CD. I found the instructions on this guide, but typing out all those commands was tedious. I’ve automated that bit for your pleasure:
1.Make a folder on your C: drive called “a” (so you have c:a)
2.Download the following files:
Windows 2000 Registry Repair Utility
XP Pro Utility: Setup Disks for Floppy Boot Install
Gilles Vollant – Modified EXTRACT.EXE
CDRTools
Bart’s Boot Image Extractor
Mjölnir’s Win2K Recovery CD ISO Maker
3.Copy WinXP_EN_PRO_BF.EXE and ChkReg.EXE to c:a4.Unzip the contents of the following ZIP files to c:abbie10.zip
cdrtools-1.11a12-win32-bin.zip
extrac21.zip
mkcd.zip
5.Insert your Windows XP CD into the CD/DVD drive.
6.Navigate to c:a – there should be 21 files in there.
Run mkcd.cmd
…
It’ll do a bunch of copying and other stuff, leaving the finished product (w2kreg.iso) on your Desktop. It should be ~7.25MB.
7.Right-click w2kreg.iso and choose “Open With”, then select your burning software. Slap in a blank CD and click “Burn”.
8.When the CD is finished, put it in your Win2K PC and boot from the CD. It’ll load the Windows setup and then come the a menu. Press R to repair using the Recovery Console.
9.You’ll be asked which installation to repair. It’ll list each one with a corresponding number. Press that number and then press ENTER. Now it should start repairing the registry. When it’s done, you’ll get a message stating if it was successful or not.
Once you’ve done that, restart your PC and set the Boot Sequence in BIOS to boot from the hard drive again. Boot into Windows normally. It should work properly. You can now delete the c:a folder. If it didn’t work, read through Step 3a above.
If you have trouble making the CD, PM me and I will upload the completed ISO file for you to download.
Hopefully this guide will help bail you out!