Anyone interested in having a guide on how to recover a registry hive in XP or 2K? I just recently did this and thought it might be nice to have a how-to here on OCForums.com.

I would, someone how I borked the hive with a registry cleaner program about two years back and it always bothered me that I couldn't fix it

I'd like to read yours. I did a reload once with MS Support, but it's been awhile.

Ok, this is from a site report from my business. We had a server that experienced a hive problem. It was reported to me during my weekly visit to ensure things were running properly. The customer had reported that the server had been acting erratic and was giving strange messages regarding the C: drive. I first proceeded to check free space on the drive. Next, I went to check system resources, when the computer blue-screened and then went into an infinite boot loop. The following information is partly from an After Action Review and partly from what I have written for this thread.

This worked great for us however keep in mind this was a 2000 computer. You can adapt the method for XP, and I will give the information for that at the end of the document for the absolute path of the hive locations.

Issue/Symptoms: “During the course of a scheduled site visit for backup, C.W. and AMD Phreak recieved the following Stop/Run Error Message: c0000218 {Registry File Failure} The Registry Cannot Load The Hive (file): \SystemRoot\System32\Config\SOFTWARE Error on the server. The server would continue to attempt to reboot, cycle through the Blue Screen of Death (BSOD), and cycle repeatedly as if caught in an infinite loop. Customer had noted to AMD Phreak that the server had been performing in an erratic manner in the last week.”

Steps used to resolve the problem: We used the recovery console. This console is not meant to be used by a person that is not well versed in manipulation of the operating system as you can really screw things up and then be in a world of hurt more than you are at this point. Inexperienced users beware from this point. If you are not comfortable, locate some help before proceeding! YOU HAVE BEEN WARNED.

With that said, lets move forward!

You will need the original installation disks for your operating system. Place those into the CD drive so that during boot it grabs the CD drive first before HDD. You might have to change BIOS settings accordingly. When the system prompts you to press any key to boot from CD, do so. At this point we had to use third party drive controller drivers, so we pressed “F6” when it prompted us, if you have to do the same, do so. If not, skip that step. When the system enters the welcome screen, press “R”. Next, when the computer enters the recovery options menu press “C” for the console. This will take you to the console, and you will have to enter the administrator’s password. You can enter the password here, or if you never set one or do not know it press enter. This will take you out to the command prompt with limited access to the system.

This is the fun part, or rather the dangerous part. Beware!

You will need to create a directory called temp or regtemp or something of the sort, so that you can back up the corrupted registry, just in case. I used regbak. Do this by typing md regbak or the directory name of your choice. The command md is used to Make Directory. Next, you will need to copy out the corrupted registry to the new directory we created. The following commands are to do so:

Back up the active registry:
copy c:\winnt\system32\config\system c:\winnt\regbak\system.bak
copy c:\winnt\system32\config\software c:\winnt\regbak\software.bak
copy c:\winnt\system32\config\sam c:\winnt\regbak\sam.bak
copy c:\winnt\system32\config\security c:\winnt\regbak\security.bak
copy c:\winnt\system32\config\default c:\winnt\regbak\default.bak

The commands above take the registry hives located in the /winnt/system32/config directory and copy them to the new directory we created. We renamed the extension to .bak, so we are able to differentiate between the backup and non-backup.

Next, you will need to copy the ORIGINAL registry into the active location. After the OS is installed initially, Windows takes the registry and backs it up to another directory. This is a good thing, however this registry does not have any information as to what you installed after you first brought the OS online. Any software will have to be reinstalled, users must be recreated, network settings be edited, and so on. After copying this over, you have a fresh install. However, your program files are still theoretically intact unless your hard drive is FUBAR.

Here’s the command set for doing the explained operation:

First, we delete the active registry:
delete c:\winnt\system32\config\system
delete c:\winnt\system32\config\software
delete c:\winnt\system32\config\sam
delete c:\winnt\system32\config\security
delete c:\winnt\system32\config\default

Now, we copy:
copy c:\winnt\repair\system c:\winnt\system32\config\system
copy c:\winnt\repair\software c:\winnt\system32\config\software
copy c:\winnt\repair\sam c:\winnt\system32\config\sam
copy c:\winnt\repair\security c:\winnt\system32\config\security
copy c:\winnt\repair\default c:\winnt\system32\config\default

That’s it. Now type exit, and that will exit the console. Remove the disk from the CD drive and reboot. If everything went well you should be able to boot the OS. At this point you will need to pretty much start from scratch as far as system settings are concerned, just as you would if you were doing a fresh install. You must reinstall all of your programs and recover your data, although sometimes you can install directly over the current copy. I take no responsibility for what you do from this point; you will have to figure it out yourself, as it is situation-specific. That’s why it pays to have backups of your data.

Looking back:
Looking back at my experience, it would have been helpful to have a backup of a good registry state. That would have made things much easier as I simply could have taken the registry information from that and copied that into the active registry instead of copying the original post install state.

Windows XP:
Those people that are doing this for Windows XP, you will need to modify the file locations for your registry information. The following data is for such users. Remember, I take no responsibility for what you do!

First, create your temp directory:
md regbak (or the directory of your choice)

Now, copy your registry data:
copy c:\windows\system32\config\system c:\windows\regbak\system.bak
copy c:\windows\system32\config\software c:\windows\regbak\software.bak
copy c:\windows\system32\config\sam c:\windows\regbak\sam.bak
copy c:\windows\system32\config\security c:\windows\regbak\security.bak
copy c:\windows\system32\config\default c:\windows\regbak\default.bak

Now, delete the active registry:
delete c:\windows\system32\config\system
delete c:\windows\system32\config\software
delete c:\windows\system32\config\sam
delete c:\windows\system32\config\security
delete c:\windows\system32\config\default

Copy over the original registry to the active registry:
copy c:\windows\repair\system c:\windows\system32\config\system
copy c:\windows\repair\software c:\windows\system32\config\software
copy c:\windows\repair\sam c:\windows\system32\config\sam
copy c:\windows\repair\security c:\windows\system32\config\security
copy c:\windows\repair\default c:\windows\system32\config\default

Finish:
Exit
Now reboot, and follow the procedure explained for the 2000 recovery to restore your OS.
Disclaimer:
The information contained in this how-to, is provided as-is. There is no guarantee that this will work for your system, however it worked for me. If you break things worse, it is up to you to figure out how to fix it. I am not responsible for what occurs to you or your computer during the recovery of your operating system. Do not come to me saying my how-to made your pc worse than it was before. The best advice is to always make good backups of your system, so that it makes doing things like this less risky. It also prevents you from having to use guides like this one. YOU HAVE BEEN WARNED.

That’s it for my guide. Special thanks to Greg C. for helping to proof the final document. Here are the references that I used to obtain the information how to do such a recovery:

References:

Barnette, John, “How Do I Repair A Stop: c0000218 {Registry File Failure} The Registry Cannot Load The Hive (file): \SystemRoot\System32\Config\SOFTWARE Error”
http://xphelpandsupport.mvps.org/how_do_i_repair_a_stop.htm

Microsoft’s Help database:

Error information:
http://support.microsoft.com/default.aspx?scid=kb;en-us;104203
http://support.microsoft.com/default.aspx?scid=kb;en-us;830084

How to recover a corrupted registry that prevents Windows XP from starting:
http://support.microsoft
.com/default.aspx?scid=kb;en-us;307545

If anyone thinks that this is worth a sticky, please say so in your replies.

In addition to the above, you could also boot to the Recovery Console, and type the following commands (hitting ENTER after each)...

cd system32\config
ren system system.old
ren system.alt systemalt.old
copy c:\windows\repair\system
copy c:\windows\repair\regback\system
exit

Correct, that would do it faster than typing each individual one. Either way works good!