There is a way to restore the registry if System Restore is enabled.
If you can boot into Windows you can use System Restore to restore the registry by restoring the system to a restore point before the incident.
If you cannot boot into Windows, you can try booting into Windows safe mode. You can use System Restore from safe mode as well.
If you cannot boot into Windows normal mode nor into safe mode, you can try performing a startup repair, and at the same time restore the system to a restore point before the incident by using WinPE/WinRE.
- Boot from the Windows installation media (DVD).
- Select Language to install, Time and currency format, and Keyboard or input method.
- Click Next.
- Click Repair your computer.
- If the System Recovery Options dialog shows up, allow it to scan for Windows installations and follow the instructions shown on screen. It should give you the option to restore the system from a restore point.
- If you are not prompted to restore from a restore point, or if no startup errors are found you should see the main System Recovery Options screen.
- Click on System Restore and follow the instructions to restore from a restore point before the incident.
If you want to restore only the Windows registry you will have to do it manually. System Restore stores its Restore Points (RP) in a folder called _Restore{#} where # represents a Hex number. It is located in C:\System Volume Information. You will have to take ownership of this folder and all of its subfolders. Each restore point has its own folder of the format RP### where the ### stands for a 3-digit number.
After taking ownership of the C:\System Volume Information folder and its subfolders, locate the RP folder that goes back to a date before the incident.
For example, to restore Windows registry from restore point 100, issue following commands in a command prompt.
cd c:\system volume information\_restore{#}\rp100\snapshot
copy _REGISTRY_MACHINE_COMPONENTS c:\windows\system32\config\COMPONENTS
copy _REGISTRY_MACHINE_SECURITY c:\windows\system32\config\SECURITY
copy _REGISTRY_MACHINE_SYSTEM c:\windows\system32\config\SYSTEM
copy _REGISTRY_MACHINE_SOFTWARE c:\windows\system32\config\SOFTWARE
You don't have to copy them all unless you need to or you want to.
Reboot and the registry should be restored.
Please correct me if I'm wrong but it seems that backups of the registry were stored in
C:\Windows\System32\Config
in old Windows 9x versions. As of Windows XP/Vista it should be stored inC:\System Volume Information
as part of the System Restore. – Samir – 2013-06-19T15:38:26.263Does windows boot at all? – cybernard – 2013-06-19T17:09:13.970
@cybernard Yes, it boots now and it booted then. It belongs to the past now. It was just that some of the services were messed up, mainly the Windows Audio and the Audio Endpoint Builder which refused to start and I could not use
– Samir – 2013-06-19T17:15:18.700sfc /scannow
due to a repair pending error. But I have sorted it out by performing a repair install. It took 5 hours to complete but it works now.