Recover from a Corrupted Registry That Prevents Windows XP from Starting
Template:CopyeditbotThis article describes how to recover a Windows XP system (without using the recovery console) that does not start because of corruption in the registry.
Steps
- When you try to start or restart your Windows XP-based computer, you may receive one of the following error messages:
- Windows XP could not start because the following file is missing or corrupt: \WINDOWSYSTEM32\CONFIG\SYSTEM
- Windows XP could not start because the following file is missing or corrupt: \WINDOWSYSTEM32\CONFIG\SOFTWARE
- Stop: c0000218 {Registry File Failure} The registry cannot load the hive (file): \SystemRoot\System32\Config\SOFTWARE or its log or alternate
- System error: Lsass.exe
- When trying to update a password the return status indicates that the value provided as the current password is not correct.
- In this article, we will call the computer with the corrupted registry “Computer A” and we will call the other computer with a working Windows XP “Computer B”.
- Make sure both “Computer A” and “Computer B” are powered off. Unplug the power cord from both computers and take off the case from both computers. Before touching any components inside of the computer, touch the metal case to discharge any static electricity that may be built up in your body. The use of a wrist strap is recommended.
- Carefully remove the IDE ribbon cable and the power connector from the HDD (C: Drive) in “Computer A”. Remove any screws that are securing the HDD to the case, and remove the HDD from “Computer A”.
- Carefully plug an available IDE ribbon cable connector and power connector from “Computer B” into the HDD that you removed from “Computer A”. Take note of which position of the IDE cable you just connected to the HDD, and set the jumper on that HDD accordingly. (The connector on the end of the IDE ribbon cable is always the master and the one in the middle is always the slave.)
- Plug the power cord into “Computer B” and boot the system. Windows XP should find the HDD from “Computer A” and install the drivers for it. Then Windows XP should prompt you to reboot. When this happens, reboot the system.
- In order to gain access to the System Volume Information folder, use the one step in steps 8-12 that is the appropriate section for your computer.
- Microsoft Windows XP Professional or Windows XP Home Edition Using the FAT32 File System
- Click Start, and then click My Computer.
- On the Tools menu, click Folder Options.
- On the View tab, click Show hidden files and folders.
- Clear the Hide protected operating system files (Recommended) check box. Click Yes when you are prompted to confirm the change.
- Click OK.
- Double-click the System Volume Information folder in the root folder to open it.
- Windows XP Professional Using the NTFS File System on a Domain
- Click Start, and then click My Computer.
- On the Tools menu, click Folder Options.
- On the View tab, click Show hidden files and folders.
- Clear the Hide protected operating system files (Recommended) check box. Click Yes when you are prompted to confirm the change.
- Click OK.
- Right-click the System Volume Information folder in the root folder, and then click Sharing and Security.
- Click the Security tab.
If the security tab does not show as stated in this article, you need to enable the security tab to be shown by doing the following (In a NTFS partition): Access Windows Explorer. (Start-All Programs-Accessories-Windows Explorer) Click “Tools”, click “Folder Options”, click the “View” tab, and clear the checkbox next to “Use simple file sharing (Recommended)”. Click “Apply” and then click “OK”. - Click Add, and then type the name of the user to whom you want to give access to the folder. Choose the account location if appropriate (either local or from the domain). Typically, this is the account with which you are logged on. Click OK, and then click OK again.
- Double-click the System Volume Information folder in the root folder to open it.
- Windows XP Professional using the NTFS File System on a Workgroup or Standalone Computer
- Click Start, and then click My Computer.
- On the Tools menu, click Folder Options.
- On the View tab, click Show hidden files and folders.
- Clear the Hide protected operating system files (Recommended) check box. Click Yes when you are prompted to confirm the change.
- Clear the Use simple file sharing (Recommended) check box.
- Click OK.
- Right-click the System Volume Information folder in the root folder, and then click Properties.
- Click the Security tab.
If the security tab does not show as stated in that article, you need to enable the security tab to be shown by doing the following (In a NTFS partition): Access Windows Explorer. (Start-All Programs-Accessories-Windows Explorer) Click “Tools”, click “Folder Options”, click the “View” tab, and clear the checkbox next to “Use simple file sharing (Recommended)”. Click “Apply” and then click “OK”. - Click Add, and then type the name of the user to whom you want to give access to the folder. Typically, this is the account with which you are logged on. Click OK, and then click OK again.
- Double-click the System Volume Information folder in the root folder to open it.
- Using CACLS with Windows XP Home Edition Using the NTFS File System
- Click Start, click Run, type cmd, and then click OK.
- Make sure that you are in the root folder of the partition for which you want to gain access to the System Volume Information folder. For example, to gain access the C:\System Volume Information folder, make sure that you are in the root folder of drive C (at a "C:\" prompt).
- Type the following line, and then press ENTER: cacls "driveletter.\System Volume Information" /E /G username:F
Make sure to type the quotation marks as indicated. This command adds the specified user to the folder with Full Control permissions. - Click the System Volume Information folder in the root folder to open it.
- If you need to remove the permissions after troubleshooting, type the following line at a command prompt, and then press ENTER: cacls "driveletter.\System Volume Information" /E /R username
This command removes all permissions for the specified user.
- The following steps also work if you restart the computer to Safe mode because simple file sharing is automatically turned off when you run the computer in Safe mode.
- Open My Computer, right-click the System Volume Information folder, and then click Properties.
- Click the Security tab.
- Click Add, and then type the name of the user to whom you want to give access to the folder. Typically, this is the account with which you are logged on.
- Click OK, and then click OK again.
- Double-click the System Volume Information folder to open it.
- In Windows Explorer, Navigate to “X: Drive:” (where the “X” indicates the HDD that was taken out of “Computer A”). Highlight “X: Drive”
- Click “File”, “New”, “Folder”. Name the new folder “TMP”.
Note: In most cases, the “C: Drive” is where this computer will have the Windows XP operating system, it is important that you DO NOT do steps 6 on in the “C: Drive”, make sure you are doing them in the HDD that came from “Computer A” with the corrupt registry. - In Windows Explorer, Navigate to the folder X:\WINDOWS\system32\config. Rename the following files as indicated.
rename DEFAULT to DEFAULT.bak
rename SAM to SAM.bak
rename SECURITY to SECURITY.bak
rename SOFTWARE to SOFTWARE.bak
rename SYSTEM to SYSTEM.bak - Move those 5 files to the folder X:\TMP
- Navigate to the folder X:\System Volume Information
This folder should have one or more sub-folders named something like
_restore{2DFE4378-585C-4511-9C11-E98B62D7827B}
In one or more of those sub-folders, there should be more sub-folders called RPxx. (the xx will be a number.) These are the locations that system restore creates and stores files for system restore points. In each of the RPxx folder, there should be a sub-folder called “snapshot”.
The following path is an example of a folder path to the snapshot folder:
X:\System Volume Information\_restore{2DFE4378-585C-4511-9C11-E98B62D7827B}\RP1\snapshot - In the “snapshot” folders, the first five files should be called:
_REGISTRY_MACHINE_SAM
_REGISTRY_MACHINE_SECURITY
_REGISTRY_MACHINE_SOFTWARE
_REGISTRY_MACHINE_SYSTEM
_REGISTRY_USER_DEFAULT
Navigate through these “snapshot” folders until you find the preceding five files dated a day or two before the registry got corrupted. (It helps to click “View” and “details” on these folders to see the date the files were modified.) - Once you find those five files with the date you are comfortable with, copy those five files to X:\WINDOWS\system32\config. Rename the following files as indicated.
rename_REGISTRY_MACHINE_SAM to SAM
rename_REGISTRY_MACHINE_SECURITY to SECURITY
rename_REGISTRY_MACHINE_SOFTWARE to SOFTWARE
rename_REGISTRY_MACHINE_SYSTEM to SYSTEM
rename_REGISTRY_USER_DEFAULT to DEFAULT - Power down “Computer B” now.
- Unplug the power cord from “Computer B”. Before touching any components inside of the computer, touch the metal case to discharge any static electricity that may be built up in your body. The use of a wrist strap is recommended.
- Carefully remove the IDE ribbon cable and the power connector from the HDD (X: Drive) in “Computer B”, and remove the HDD.
- Carefully plug the IDE ribbon cable connector and power connector from “Computer A” into the HDD. (Use the same connector location on the IDE ribbon cable that you originally removed from this drive.) Reset the jumper on that HDD according to the position indicated by the IDE connection location. (The connector on the end of the IDE ribbon cable is always the master and the one in the middle is always the slave.)
- Plug the power cord into “Computer A” and boot the system. Windows XP should boot up to the desktop now. (You may need to re-activate Windows XP at this point.
- Replace the case on both computers.
Tips
- This article assumes that typical recovery methods have failed and access to the system is not available.
- This procedure does not require the use of the Recovery Console, but it does require the use of a separate computer with a working copy of Microsoft Windows XP installed.
- Although this procedure does not guarantee full recovery of the system to a previous state, there is a great chance that that will be the outcome. At the very least, you should be able to recover your data when you use this procedure. This procedure does not require the use of the Recovery Console, but it does require the use of a separate computer with a working copy of Microsoft Windows XP installed, separate from the one you are trying to recover. This article also takes it for granted that you are familiar, competent, and comfortable working with the inside of a computer, namely the installing and removing of Hard Disk Drives (HDD’s) and the jumper settings for the HDD’s to switch back and forth from Master and Slave settings. After this procedure is complete, you may need to activate Windows XP again.
- It is possible to do the above using a Linux installation, or a Knoppix live CD. Recent versions of Knoppix support read-write to NTFS file systems.
- Once completed, it might be worth:
- Running windows update
- Checking your system for viruses
- Create new system restore point
Warnings
- This article lists all the required steps in specific order to make sure that the process is fully completed.
- This article takes for granted that you are familiar, competent, and comfortable working with the inside of a computer, namely the installing and removing of Hard Disk Drives (HDD’s) and the jumper settings for the HDD’s to switch back and forth from Master and Slave settings.
- Make sure to replace all five of the registry hives (the five "files" talked about in this article). If you only replace a single hive or two, this can cause potential issues because software and hardware may have settings in multiple locations in the registry.
- You may lose your users and passwords, therefore any NTFS encrypted files will no longer be accessible.
- After this procedure is complete, you may need to activate Windows XP again.
Things You'll Need
- A separate computer with a working copy of Microsoft Windows XP installed.
- Possibly a phillips screwdriver to remove the case cover and/or HDD.
- Possibly needle nose pliers to manipulate HDD Jumpers.
Related Articles
- Unhide Folders in Windows 7
- Install Windows XP
- Reinstall Windows XP
- Back Up Windows XP
- Use Windows XP
- Make Windows XP Startup Faster
- Do a Windows XP "Repair Install"
- Purge Your Windows XP Computer
- Change a Drive Letter in Windows XP
- Un Hide Folders and Files on XP
- Run a Chkdsk Function on Windows XP
- Avoid Slow Windows XP Shutdowns
- Brand Your Copy of XP