Windows XP Registry Rollback when Unable to Login

Recently Windows on my laptop failed to load. Safe mode and all other options refused to work.

Just as the welcome screen was due to arrive, the system would reboot, so it wasn’t even possible to read what the error message said. Eventually I was able to find an option using the menu by pressing F8 that prevented rebooting on a system failure.

This lead to the following error:

Fearing having to get the Windows install disc, run recovery and pretty much re-install the registry, losing all my applications and settings, I searched online for an alternative solution.

The method below assumes that system restore had been enabled on the failed system and snapshots from past dates are available with which the corrupt registry files will be replaced. If not, a Windows reinstall may be the next best option.

I came across Bart’s Preinstalled Environment (BartPE). It’s a bootable live windows CD.
Downloading the software from there, I was able to put my Windows installation disc into the drive and have the software extract all the necessary files and add it’s own, to create a boot disc. This allows booting into the Windows environment with some basic tools such as command prompt and file explorer.

BartPE-Builder

This program is meant to burn the boot disc, but I couldn’t get that feature to work. Perhaps this is because I had to use the same drive for loading the Windows files as I did for burning. Anyway, I managed to point it to the Windows CD and had it create an ISO image. I then burnt this image as a bootable disc using Starburn burning software (free).

Inserting the newly burnt disc and booting up, I was able to access the command prompt by clicking on the GO button in the lower left of the screen and selecting Command Prompt (CMD) from the popup menu.

This allowed me to get to the necessary folder by typing the following and pressing return after each line. (Tip: pressing tab after typing cd system will auto-complete the line)

c:
cd “system volume information”
dir

Sadly, this resulted with:

Directory of C:\System Volume Information
File Not Found

I was fairly sure I had files in there and fortunately I was able to find another tool from the menu by going to: GO / Programs / A43 File Management Utility

To my delight, this opened up a regular file explorer where I could navigate visually to the same folder.
Sure enough, it showed C:\System Volume Information contained a _restore folder.

Inside this folder was a series of folders beginning with RP. These contain the rollback snapshots. The higher the number, the more recent the rollback, but dates modified can be seen by selecting View/Toolbars/Views and then selecting the Details button (now located under the word ‘New’ in the second line of the toolbars). Inside each of these folder there was a folder called Snapshot.

Opening the Snapshot folder revealed a selection of _REGISTRY… files.
The required ones are:

_REGISTRY_MACHINE_SAM
_REGISTRY_MACHINE_SECURITY
_REGISTRY_MACHINE_SOFTWARE
_REGISTRY_MACHINE_SYSTEM
_REGISTRY_MACHINE_.DEFAULT

At first I tried copying these to c:\Windows\Systme32\config, deleting the existing SAM, SECURITY, SOFTWARE, SYSTEM and DEFAULT files in there and then renaming the newly copied (pasted) files back to these abbreviated names. It didn’t matter how many times I tried this using the various rollback snapshot files, nothing seemed to work. It took a long time too, to reboot each time, find it failing and then reboot into BartPE to try again.

Going round in circles, I thought I’d try something different. I had read about some files in c:\Windows\repair which also went by these filenames, so I copied these into the c:\Windows\Systme32\config folder, overwriting the previously added files and rebooted.

This time, Windows immediately did a disc scan and error check with the light blue screen and white text that it often does if Windows wasn’t shut down properly.

It found and fixed lots of problems in its 3-stage check and then welcomed me with a welcome screen.

It was here I panicked a bit because the screen was VGA and it said Windows was starting for the first time and wanted to be activated. I momentarily thought I had lost everything and would have to reinstall the lot.

BartPE to the rescue once more. I inserted the boot disc and went back in one last time. Back into the bowels of Windows to find the rollback snapshot files again. Copying

_REGISTRY_MACHINE_SAM,
_REGISTRY_MACHINE_SECURITY,
_REGISTRY_MACHINE_SOFTWARE,
_REGISTRY_MACHINE_SYSTEM,
_REGISTRY_MACHINE_.DEFAULT

from the most recent snapshot (largest number), pasting into c:\Windows\System32\config, deleting the previously copied repair files and renaming the snapshot files once again to their respective abbreviated names, I shut down, rebooted (taking out the boot disc) and held my breath.

It had worked. The screen resolution was much better and I got a sneak peak of the desktop wallpaper before Windows logged me out and said this copy of Windows had to be activated before continuing.

Figuring I needed the activation key, I searched high and low for it and eventually found it. Then, when clicking on the activate button, Windows checked for internet access and then said it had been successfully activated without having to enter a code.

My laptop had been restored to its former sluggish glory with all previously installed applications intact.

So there must have been other corrupt files Windows need to fix before accepting the rollback registry files. Applying the registry repair files as described somehow enabled it to do this. I’m not a PC or Windows guru. This has all been trial and error. It worked for me, but I can’t guarantee it will work of others. Attempt the above at your own risk but hopefully it will help out some people and save a bit of time and trauma.

In retrospect this problem was probably my own doing because I became impatient with Windows XP taking too long to shut down and gave it some assistance (by holding down the power button). I don’t think I will be doing that again any time soon.