Friday, July 30, 2010

Corrupted Registry

Corrupted Registry?

This will be my first computer-based entry.  Many techs have found situations where a Windows PC would hang at the boot process or the PC would state that part of the registry is corrupted.  This has been seen in the past as the sort of thing that can only be fixed by either a recovery install, which basically reinstalling Windows over Windows and hoping that nothing gets messed up along the way, or a complete reinstall.

However, these two solutions are not the only solutions.  The truth is that the System Restore feature that we have enjoyed access to since it was first introduced in Windows ME can still help us even though the system is not bootable.  System Restore Point files are still on the hard drive and accessable via tools such as BartPE or other "Live" CDs.

Windows keeps the registry in the location of "C:\windows\System32\config".  System Restore makes restore points in "C:\System Volume Information\_restore{Your GUID}\_restore..." and a backup copy of your registry is contained in each restore point.  My procedure involves copying that backup copy over your current corrupted copy.  This will give you a usable registry that will let you boot the system.  After booting up you would then perform a proper System Restore.  

I have included a guide that I have developed for this procedure.  The guide is below.

How to recover from a corrupted registry that prevents Windows XP from starting

Bart's Preinstalled Environment (BartPE) bootable live windows CD/DVD


Manual System Restore Instructions for a Corrupted Registry
Written by Nickolas Andersen, 08/01/2010
My version is modified process from the referenced Microsoft guide.  It uses a BartPE CD instead of the recovery console.  This removes unnecessary complications to the process as well as shortens the process.  You may also be able to use other "Live" CDs with my guide as well although this guide does not attempt to cover them.  
Instructions:Boot the system from your BartPE CD and drop to the command prompt.  This guide focuses on using the command line to accomplish its goal and assumes that you are familiar with the command line.  

  • Make a backup of the current registry:
    • mkdir C:\windows\system32\config\tmp
    • copy C:\windows\system32\config\system C:\windows\system32\config\tmp\system.bak
    • copy C:\windows\system32\config\software  C:\windows\system32\config\tmp\software.bak
    • copy C:\windows\system32\config\sam       C:\windows\system32\config\tmp\sam.bak
    • copy C:\windows\system32\config\security  C:\windows\system32\config\tmp\security.bak
    • copy C:\windows\system32\config\default   C:\windows\system32\config\tmp\default.bak
  • Delete the old registry:
    • del c:\windows\system32\config\system
    • del c:\windows\system32\config\software
    • del c:\windows\system32\config\sam
    • del c:\windows\system32\config\security
    • del c:\windows\system32\config\default
  • Determine the most recent system restore point
    • Example of a path to a system restore point:  C:\System Volume Information\_restore{D86480E3-73EF-47BC-A0EB-A81BE6EE3ED8}\RP1\Snapshot
    • Please note that you need to navigate (with the “cd” command) to C:\System Volume Information\ then to \_restore{GUID}\ then to RPx\Snapshot where RPx indicates each individual System Restore Point
  • Copy the registry backup from that recent System Restore point to C:\windows\config

    • Use the “copy” command to both copy and rename the files
      • Do this from the Snapshot directory of the specific System Restore Point folder that you are drawing upon:
    • copy _REGISTRY_USER_.DEFAULT C:\Windows\System32\Config\DEFAULT
    • copy _REGISTRY_MACHINE_SECURITY C:\Windows\System32\Config\SECURITY
    • copy _REGISTRY_MACHINE_SOFTWARE C:\Windows\System32\Config\SOFTWARE
    • copy _REGISTRY_MACHINE_SYSTEM C:\Windows\System32\Config\SYSTEM
    • copy _REGISTRY_MACHINE_SAM C:\Windows\System32\Config\SAM
REBOOT the system
Windows should be able to boot up now but the job is not yet complete.

Now perform a system restore from the same recent System Restore point that you used with the manual restore.

    • Click Start, and then click All Programs.
    • Click Accessories, and then click System Tools.
    • Click System Restore, and then click Restore to a previous Restore Point.
  • You can also click start, click run, and then enter %SystemRoot%\system32\restore\rstrui.exe into the run menu and click ok.  
The system should be up and running again.

No comments:

Post a Comment

Keep it clean. :)