Sunday, February 12, 2012

Hiren's cd fix for lsass and Registry Corruption

(Source: TechSupportForum)

This is what worked for me.

1) System Restore enabled in windows.
2) NTFS Dos Pro and a Boot CD/Disk - Preferabbly Hiren's Boot C (which is loaded with all the apps you need). 
3) Don't use the system.bak file located in windows\repair.
4) Don't assume that either of the _regis~1, ~2, ~3 or ~4 files in a RP\Snapshot folder are the registry files you need - they are not.

1) In your BIOS, set 1st boot device to CD.
2) Reboot with Hiren's Boot CD (or similar).
3) Load NTFS DOS Pro. (in the NTFS Ext2Fs Tools menu on the Hiren CD). You can skip Checkdisk
(use pro instead of regular NTFS as it lists long file name details)
4) Once loaded, the 2nd last line of text indicates the new temporary drive letter of your HDD, in my case D:
5) switch to D:
6)i) You will probably have short file and folder names displayed instead of long when you 'dir', however the full name appears once you are in the directory.
6ii) type (without quotes ' cd system~1\_restor~1\rp95\snapshot '
(RP = restore point, the higher the number the more recent the rp. if this doesn't work for you, try a lower/older number).
7)type ' dir/p ' to list the files in the directory. (use /p, not /w for this)
8) Look through the text (file details) on the right to find ' _REGISTRY_MACHINE_SYSTEM '. Look across to the left, this is the file size (which should be fairly large, eg 5,365,760 in my case). To the left again is the actual file name, in my case ' _r62e7~1 '.
9) You may need to tap the space bar again to finish listing all the files.
10) Once at the command prompt, type ' copy _r62e7~1 d:\windows\system32\config\system '
11) Overwrite = Y
12) Reboot (CTR+ALT+DEL)
13) Load windows.... sucessfully hopefully.

If this doesn't work for you, try;

A) Reload NTFS PRO, go back to the same RP\snapshot directory and copy the following files (copy the actual file name, not the details text).


copy (overwrite) the above files to their corresponding file in the config directory (step 10). eg _REGISTRY_MACHINE_SOFTARE copy over ' software '

Above are all the files that Microsoft recommends you overwrite..... however MS caused my lsass loop in the first place!