registery files

  • Thread starter Bill Cunningham
  • Start date
B

Bill Cunningham

What do these following extensions mean in the registry files and are
any safe to delete? .evt .Evt .rrr .log .sav ?
I have these regsitry files on my system. Since I am running two operating
systems I was able to copy these files to the root directory and defragment
them. Software was in the most fragments. I then moved them back. My system
seems to accept the newly defraged files. Now these files will never
fragment again right?

Bill
 
P

peter

The "registry" file that you defragged what would the extension be??
There is a difference between a "registry" file and files that end with the
listed
extensions.

So that poses the question of what you actually "defragged" ???

A quick and simple explanation of defrag: moving the files on a harddrive so
that they are
all in order. When writing a file to the HD it does not necessarily go all
in one place. That
file could be scattered in different fragments over empty spaces on your HD.
Defrag finds those fragments and puts them together.
peter
 
D

db

those extensions simply sound like
log files for a game.

you can browse for the extensions
here:

http://www.sharpened.net/helpcenter/file_extensions.php?S


what you may want to try is to make
a system restore point then move them
to the recycle bin and if you computer stays
functional, forget about them.

--
db·´¯`·...¸><)))º>
DatabaseBen, Retired Professional
- Systems Analyst
- Database Developer
- Accountancy
- Veteran of the Armed Forces
- @Hotmail.com
- nntp Postologist
~ "share the nirvana" - dbZen

~~~~~~~~~~~~~~~
 
B

Bill Cunningham

PA Bear said:
Where are these "registry files" located?
Click to expand...

The main files I think are registry files have no ext. They are system,
software, default, and a couple of others.

Bill
 
B

Bill Cunningham

This seems to be interesting. It exaplins those .evt
files.http://support.microsoft.com/kb/308427
Click to expand...

Have you ever run anything like Registry Mechanic, Registry Fixup,
Registry TuneUp... You know - those kinds of programs?

Yes but they charge for those and I personally don't think they're worth
the money. I do have a program called regclean.exe that I use.

When I was using win98 you could export the entire hive into one file. I
don't know that exporting and importing can be done with XP'x regedit.

Bill
 
J

Jose

Have you ever run anything like Registry Mechanic, Registry Fixup,
Registry TuneUp... You know - those kinds of programs?

    Yes but they charge for those and I personally don't think they're worth
the money. I do have a program called regclean.exe that I use.

    When I was using win98 you could export the entire hive into one file. I
don't know that exporting and importing can be done with XP'x regedit.

Bill
Click to expand...

I am not suggesting you run any, but those tools are responsible for
many of those files., hence my question.
 
T

Twayne

In
Bill Cunningham said:
\windows\system32\Config

Bill
Click to expand...

Those aren't all "registry" files by any means. Defragging FILES has
nothing to do with the registry, will not damage it, and may have been the
right thing to do; I can't tell from here.

HTH,

Twayne`
 
B

Bill Cunningham

Those aren't all "registry" files by any means. Defragging FILES has
nothing to do with the registry, will not damage it, and may have been the
right thing to do; I can't tell from here.
Click to expand...

The various files I see and identify as registry files are software,
userdiff, sam, default, and the files that have no exension basically. I
can't answer for those .sav files if they are some kind of backup or what.
The .log files are backups obviously and looks like that for the registry
files. The .evt and .Evt files are from the event handler. I think they are
all safe to delete except the actual registry files as windows will just
recreate them, one might not bother. But the copies I copied of the
regsitry files that had no extensions and used contig.exe to defrag them one
was pretty badly damaged. The other had one fragment or so.

Bill
 
J

John John - MVP

Bill said:
The various files I see and identify as registry files are software,
userdiff, sam, default, and the files that have no exension basically. I
can't answer for those .sav files if they are some kind of backup or what.
The .log files are backups obviously and looks like that for the registry
files. The .evt and .Evt files are from the event handler. I think they are
all safe to delete except the actual registry files as windows will just
recreate them, one might not bother. But the copies I copied of the
regsitry files that had no extensions and used contig.exe to defrag them one
was pretty badly damaged. The other had one fragment or so.
Click to expand...

Don't delete these files. These files are created and changed as part
of the normal Windows operation.

The .evt files are Event Log files and are always in use, they can't be
deleted from the Explorer GUI. If you want to delete them use the Event
Viewer. If they are corrupt and in need of manual deletion you have to
disable the Event Log Service and reboot to be able to delete them.

The .log files are registry transactional logs, these files are used to
recover failed registry changes and to assure atomicity of individual
action in the registry. For example, if there is a power failure while
you are trying to change a registry value the .log file will be used to
ensure that the value that you were attempting to change doesn't have a
meaningless value. These .log files are part of the normal Windows
operation, as with the .evt files the .log files cannot be deleted while
Windows is running.

The .sav files are the original registry hives that were used during the
text mode portion of the Windows installation, best not to delete these
files, in 'extreme' repair attempts they could come in handy.

John
 
B

Bill Cunningham

Don't delete these files. These files are created and changed as part of
the normal Windows operation.

The .evt files are Event Log files and are always in use, they can't be
deleted from the Explorer GUI. If you want to delete them use the Event
Viewer. If they are corrupt and in need of manual deletion you have to
disable the Event Log Service and reboot to be able to delete them.

The .log files are registry transactional logs, these files are used to
recover failed registry changes and to assure atomicity of individual
action in the registry. For example, if there is a power failure while
you are trying to change a registry value the .log file will be used to
ensure that the value that you were attempting to change doesn't have a
meaningless value. These .log files are part of the normal Windows
operation, as with the .evt files the .log files cannot be deleted while
Windows is running.

The .sav files are the original registry hives that were used during the
text mode portion of the Windows installation, best not to delete these
files, in 'extreme' repair attempts they could come in handy.

John
Click to expand...

Ok I see. I wondered about those .sav files. Is disabling the vent
handler though something I want to do? Atleast for a long time and not just
a moment. You mentioned atomic, now does that have to do with the kernel? I
have seen C functions called atom().

Bill
 
J

John John - MVP

Bill said:
Ok I see. I wondered about those .sav files. Is disabling the vent
handler though something I want to do? Atleast for a long time and not just
a moment. You mentioned atomic, now does that have to do with the kernel? I
have seen C functions called atom().
Click to expand...

No, you do not want to disable the Event Log! The log is an important
source of information about 'stuff' that happens on your computer.
Problems and errors are often recorded in the Event Log, the log can be
an invaluable troubleshooting tool, it is almost always one of the first
place to look when problems arise. You should familiarize yourself with
the Event Viewer and make it a habit of taking a look in there once in a
while, you might get early warnings of impending problems or be warned
of things going on that would otherwise go unnoticed on your machine.
To launch the Event Viewer enter eventvwr in the Start menur Run box.

Atomicity: A transaction is a unit of work in which a series of
operations occur between the BEGIN TRANSACTION and END TRANSACTION
statements of an application. A transaction executes exactly once and is
atomic — all the work is done or none of it is.

Atomicity and Hive Recovery in the Registry

The Registry ensures atomicity of individual actions. This means that
any change made to a value (to set, delete, or save) either works or
does not work: The result will not be a corrupted combination of the old
and new configuration even if the system stops unexpectedly because of
power failure, hardware failure, or software problems. For example, if
an application sets a value for an entry and the system shuts down while
this change is being made, when the system restarts, the entry will have
either the old value or the new value, but not a meaningless combination
of both values. In addition, the size and time data for the key
containing the affected entry will be accurate whether the value was
changed or not changed.
Flushing Data

In Windows NT, data is written to the Registry only when a flush occurs,
which happens after changed data ages past a few seconds, or when an
application intentionally flushes the data to the hard disk.

The system performs the following flush process for all hives (except
for the System hive):

1. All changed data is written to the hive's .log file along with a
map of where it is in the hive, and then a flush is performed on the
..log file. All changed data has now been written in the .log file.

2. The first sector of the hive file is marked to indicate that the
file is in transition.

3. The changed data is written to the hive file.

4. The hive file is marked as completed.

Note If the system shuts down between steps 2 and 4, when the hive is
next loaded at startup (unless it's a profile hive that is loaded at
logon), the system sees the mark left in step 2, and proceeds to recover
the hive using the changes contained in the .log file. That is, the .log
files are not used if the hive is not in transition. If the hive is in
transition, it cannot be loaded without the .log file.

A different flush process is used for the System hive because it is an
important element during system startup and is used too early during
startup to be recovered as described in the previous flush process.

The System.alt file contains a copy of the data contained in the System
file. During the flush process, changes are marked, written, and then
marked as done. Then the same flush process is followed for the
System.alt file. If there is a power failure, hardware failure, or
software problems at any point during the process, either the System or
System.alt file contains the correct information.

The System.alt file is similar to a .log file except that at load time,
rather than having to reapply the logged changes, the system just
switches to System.alt. The System.alt file is not needed unless the
System hive is in transition.

http://www.microsoft.com/resources/...rkstation/reskit/en-us/23_regov.mspx?mfr=true
Windows NT Workstation Resource Kit: Overview of the Windows NT Registry

http://msdn.microsoft.com/en-us/library/aa719484(VS.71).aspx
ACID Properties

John
 
B

Bill Cunningham

I remember I used to compress manually my registry files in win98. I
don't know if that can be done anymore or not. Everyone says get a registry
compression tool. I have several registry cleaner tools and one cleans up
where another is clueless. The following hive keys seem to have a header in
them. That could recreate the registry. System, software, sam and hardware.
I would rename my old user.dat and system.dat only onlt two registry files
back then, import the saved reg files from DOS and have a new registry never
needing to be compressed again.

I also made a copy of the swap file then win386.??? something or other.
defrag the copy, rename it and erase the original made by windows. Windows
should also place the swap pagefile.sys now of course at the beginning of
the drive. Can I use these little twinks with XP MCE now? I am running SP2
and I believe I have all the updates. I also have a copy of SSP3 but I'm
just not running it right now.

Bill
 
J

John John - MVP

Bill said:
I remember I used to compress manually my registry files in win98. I
don't know if that can be done anymore or not. Everyone says get a registry
compression tool. I have several registry cleaner tools and one cleans up
where another is clueless. The following hive keys seem to have a header in
them. That could recreate the registry. System, software, sam and hardware.
I would rename my old user.dat and system.dat only onlt two registry files
back then, import the saved reg files from DOS and have a new registry never
needing to be compressed again.
Click to expand...

You don't really need to bother with these on any of the NT versions
(Windows XP is NT 5.1) System Restore does registry backups. If you
want to use another backup tool try Erunt. If you want to compact the
registry try NTRegOpt, both are available here:
http://www.larshederer.homepage.t-online.de/erunt/

In my opinion registry cleaners are next to utterly useless and for most
part they cause more harm than good, you really don't need to use these
cleaners on Windows XP.

I also made a copy of the swap file then win386.??? something or other.
defrag the copy, rename it and erase the original made by windows. Windows
should also place the swap pagefile.sys now of course at the beginning of
the drive. Can I use these little twinks with XP MCE now? I am running SP2
and I believe I have all the updates. I also have a copy of SSP3 but I'm
just not running it right now.
Click to expand...

If you want to defrag the pagefile use SysInternals' PageDefrag:

http://technet.microsoft.com/en-us/sysinternals/bb897426.aspx
PageDefrag

PageDefrag will also defrag the registry hives and the event logs.

John
 
B

Bill Cunningham

No, you do not want to disable the Event Log! The log is an important
source of information about 'stuff' that happens on your computer.
Problems and errors are often recorded in the Event Log, the log can be an
invaluable troubleshooting tool, it is almost always one of the first
place to look when problems arise. You should familiarize yourself with
the Event Viewer and make it a habit of taking a look in there once in a
while, you might get early warnings of impending problems or be warned of
things going on that would otherwise go unnoticed on your machine. To
launch the Event Viewer enter eventvwr in the Start menur Run box.

Atomicity: A transaction is a unit of work in which a series of
operations occur between the BEGIN TRANSACTION and END TRANSACTION
statements of an application. A transaction executes exactly once and is
atomic — all the work is done or none of it is.

Atomicity and Hive Recovery in the Registry

The Registry ensures atomicity of individual actions. This means that any
change made to a value (to set, delete, or save) either works or does not
work: The result will not be a corrupted combination of the old and new
configuration even if the system stops unexpectedly because of power
failure, hardware failure, or software problems. For example, if an
application sets a value for an entry and the system shuts down while this
change is being made, when the system restarts, the entry will have either
the old value or the new value, but not a meaningless combination of both
values. In addition, the size and time data for the key containing the
affected entry will be accurate whether the value was changed or not
changed.
Flushing Data

In Windows NT, data is written to the Registry only when a flush occurs,
which happens after changed data ages past a few seconds, or when an
application intentionally flushes the data to the hard disk.

The system performs the following flush process for all hives (except for
the System hive):

1. All changed data is written to the hive's .log file along with a map
of where it is in the hive, and then a flush is performed on the .log
file. All changed data has now been written in the .log file.

2. The first sector of the hive file is marked to indicate that the
file is in transition.

3. The changed data is written to the hive file.

4. The hive file is marked as completed.

Note If the system shuts down between steps 2 and 4, when the hive is next
loaded at startup (unless it's a profile hive that is loaded at logon),
the system sees the mark left in step 2, and proceeds to recover the hive
using the changes contained in the .log file. That is, the .log files are
not used if the hive is not in transition. If the hive is in transition,
it cannot be loaded without the .log file.

A different flush process is used for the System hive because it is an
important element during system startup and is used too early during
startup to be recovered as described in the previous flush process.

The System.alt file contains a copy of the data contained in the System
file. During the flush process, changes are marked, written, and then
marked as done. Then the same flush process is followed for the System.alt
file. If there is a power failure, hardware failure, or software problems
at any point during the process, either the System or System.alt file
contains the correct information.

The System.alt file is similar to a .log file except that at load time,
rather than having to reapply the logged changes, the system just switches
to System.alt. The System.alt file is not needed unless the System hive is
in transition.

http://www.microsoft.com/resources/...rkstation/reskit/en-us/23_regov.mspx?mfr=true
Windows NT Workstation Resource Kit: Overview of the Windows NT Registry

http://msdn.microsoft.com/en-us/library/aa719484(VS.71).aspx
ACID Properties

John
Click to expand...

What device makes the log and sav files? My system doesn't seem to have
a system.alt on it.

Bill
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Fragments Left after running XP Defrag Program 4
Defrag doesn't 7
How to delete ALL temporary files 6
Problem with Files After Saving them From Internet to My Computer 4
Registery error at start up 1
The Aftermath of the Deadly Win32/Sality Virus 1
just what exactly are "temporary files" in DiskCleanup? 2
Too many files! scandisk, uninstall, temp files! 9

Top