barrowhill said:
Friend has asked for help having just dropped off his emachines 3240
desktop after falling for Microsoft support scam. He can't believe he
fell for it and feels a complete idiot.
System (XP Home) now no longer boots as
C:/Windows/system32/config/system file is indicated as missing or corrupt
Cannot use recovery console as asking for administrators password which
is unknown
Cannot resort to last known good configuration as get BSOD error 0x09A
(System license Violation)
Cannot get to safe mode or command prompt ditto system file
Cannot repair windows installation as this option not given.
can anyone help with suggestions as to best way forward. Re-install is
last resort. I there a way round recovery console password ??
If that happened to me, the first thing I'd be checking is whether
there were any System Restore points. (It's always possible, that
whatever malware or similar is on the machine, has ruined the system
restore points in C:\System Volume Information , so the following is
not a sure thing... You could still be looking at a repair install
or the like. You could go to all the trouble of copying/renaming
some Registry files, and discover it isn't working right.)
First thing you need, is something to boot with. Like a Linux LiveCD.
Ubuntu would do, but there are others out there that function
as well like Knoppix. Linux LiveCDs have had the ability to work
with NTFS partitions for several years now, and tend to ignore Windows
permissions and make working on the file system, a bit easier.
You could even slave the hard drive, to your own computer, and use
your own Windows to do the copying or renaming of files. But there
are bound to be permission issues along the way. I like Linux LiveCDs
for this, because at least for the moment, they tend to ignore Windows
specific permissions, allowing you to get things done quicker.
*******
If I look at my WinXP SP3 system right now, I see
C:/Windows/system32/config/SYSTEM 11,796,480 bytes
and in my restore points, I've got
C:\System Volume Information\_restore{AAB841EA-B06A-40C3-BFFE-A97A5C886FBA}\RP64\snapshot\_REGISTRY_MACHINE_SYSTEM
11,599,872 bytes Today, August 27, 2011, 3:58:12 PM
So I can see some possibilities, if I needed to repair something.
The registry file in that case, needs to be renamed, before it can be
used, as the real registry file name is just "SYSTEM".
*******
See this article, which discusses the supply of Registry files on
the computer. You have an "empty" set of registry files, suitable
for booting, but not suitable for much else. This procedure restores
those first. Then, once the computer is bootable again, the person
uses System Restore to put back a consistent picture of the operating
system. They mention, that if you put back the "empty" set of registry
files, the operating system won't know about system restore. So using
a recent set of registry files ("Part 2"), is necessary so rstrui.exe
will know where things are. (You would think all necessary state
information would be stored in System Volume Information - I can't
believe the registry is needed for this, but there you go.)
http://support.microsoft.com/?kbid=307545
Now, if you were to do that from a Linux LiveCD, you could skip a
step. Since Windows is not running, when you're using the LiveCD,
there won't be any new restore points created along the way to
confuse things. And you could try the "rename" step, and just put
back the files from the last restore point, from Linux.
*******
If you back up the C: partition, by slaving the hard drive of that
computer, to your own computer, you can carry out these kinds of
operations, without endangering the contents of that machine. If
you foul up along the way, then you can put things back.
I generally do stuff like that, by doing a sector by sector copy.
Mainly, because I feel confident I have a complete snapshot of C:
by doing so. If you own backup software you trust, you can come up
with your own recipe. I like tools which are the equivalent of
this, as this allows me to do sector by sector copying. And if
Windows permissions prevent me from using this, I just flip over
to a Linux LiveCD, and do it from there. (This tool won't touch
some partitions, where Windows has denied me access. I just use
Linux to get around that, when needed.)
http://www.chrysocome.net/dd
The syntax in Linux is a bit shorter to type. This would be an
example of backing up my C: drive while in Linux.
dd if=/dev/sdb2 of=/media/wally/winxpimage.dd
and that copies until it hits the end of partition number 2 on
the sdb disk. The volume "/media/wally" would be an NTFS partition,
automounted under /media and my entire ~80GB partition would be stored
as a single file on the partition labeled "wally". Later, when I want
to restore, just reverse the syntax. Now, you can't tell I've been
messing around. Since the winxpimage.dd file is exactly the same
size as the partition, the command stops precisely when both
volumes have "hit the end". In some other situations, you need
to add additional parameters, to control how much data is written etc.
You can't be careless with commands like this, because they're
unforgiving and can overwrite stuff.
dd if=/media/wally/winxpimage.dd of=/dev/sdb2
But you're free to come up with your own backup scheme.
So if you want to "play the Registry game", there are tools to
provide you with a safety net. If you don't get it right the first
time, that backup will prevent you from losing anything.
HTH,
Paul
