The following lines were added (+) and removed (-):
=== Manually Restore Registry Hives ===This is verified to have worked on a system where the automatic backup of the registry was still intact. #Boot from Hiren's boot or a live linux distro via USB or optical media#Mount the Windows partition#Navigate to %SYSTEMROOT%\system32\config #copy the registry hives (these are the damaged ones) to another location or media#Navigate to %SYSTEMROOT%\system32\config\RegBack #copy all the backup registry hives in this folder and paste to the config folder overwriting the damaged registry hives#Reboot You may find that there are no backup registry hives in %SYSTEMROOT%\system32\config\RegBack because the intruder removed them. However, it has been my experience that they are still present.