Windows’ built-in System Restore function can oftentimes be handy, especially when things don’t run well the next time you start your computer up, and you don’t want to mess up with any registry settings first.

But sometimes Windows acts up even before the start-up screen appears, and even then Safe Mode is still inaccessible. You know its a bit exaggerated to reformat (especially when the error reports just a missing config file), and its time to put out the Windows CD and go to the Recovery Console.

The situation arose before we were about to have a LAN game with my friend, and starting his laptop up, we were greeted by the error:

Windows could not start because the following file is missing or corrupt:
WINDOWS\SYSTEM32\CONFIG\SYSTEM

The problem was I only had slipstreamed Windows XP cd’s which apparently skipped the Recovery Console part of the setup. This was the part where I plugged in my Linux Mint Live USB and booted to Linux (or you can try the Live CD’s from Ubuntu as well) to use their terminal instead of the Recovery Console.

Upon booting Linux, I just clicked on the local Hard Drive (which mounts it automatically), then go to System Volume Information Folder. This is a hidden system folder where your System Restore Snapshots are seen. Following this directory is a directory where it has a series of folders starting with a letter R in it (R10, R12, etc.). These are your System Restore points.

Choose the second to the last folder in the list and you’ll see a series of files and a snapshot directory. Go to the snapshot folder.

In the snapshot folder, copy the following files:

  • _registry_user_.default
  • _registry_machine_security
  • _registry_machine_software
  • _registry_machine_system
  • _registry_machine_sam

Paste the following files to the (\media\disk)\WINDOWS\SYSTEM32\CONFIG\ file. Rename the default, security, software, system and sam files that are currently there by appending a .OLD at the end, so that just in case things don’t go well the original ones are still there.

Rename the files you just pasted as default, security, software, system and sam respectively (basically, just remove the “_registry_machine_” on it).

Close the window and unmount your hard drive (usually by right-clicking the drive, then choosing “unmount volume”)

Restart and the system should revert to an earlier time with it booting just fine!