Registry Changes Lost Upon Reboot

[Randall Schulz]

Mark,

-----Original Message-----

Phew. Anything is possible.
Your scenario certainly sounds plausible. And appears
to be supported empirically... Really should
officially un-install and/or remove Devices no
longer used/present as a general rule. This orphaned
soundman.exe could well have been the culprit. Hope
you did indeed find the cause.

Yeah, I know I should remove device software when the
hardware is removed. I was trying to be "conservative" in
case I had problems with the new hardware.

Good to hear of PROCEXP.EXE as I appreciate
and like most of the Sysinternals tools.
Great research tools.

Please post again Randall with "that was it!"
or something.

Robin sent me UPHClean, though perhaps it won't tell me
anything any more.

I've rebooted again (3rd time, now) and still changes are
being remembered.

I forgot to mention in my previous post that the problem
began around the time I got the new sound card, though I
cannot exactly pinpoint the first occurrence of the
symptom, and I was adding bunches of hardware and software
to the system at the time (also unwise, I suppose).

The issue of the print queue manager (or whatever it's
called) possibly being implicated in this problem led me to
wonder if the symptom was only occurring if I'd printed
since the last reboot. So this last time I did some
printing before rebooting and still all's OK.

Keep your fingers crossed for me, OK?

Randall Schulz

 

[Paul Lady]

Please, how do you run "chkreg". I tried it in the run command line, got
nothing.

Thx, pjl

[ some large snips ... ]

There appear to be many more related messages in
"\WINNT\Debug\UserMode\userenv.log":

Not surprising. There are lots of (rather cryptic) messages there.
I cannot analyze them reliably in most cases.

USERENV(c8.b0) 08:49:56:484 MyRegUnLoadKey: Hive unload for
S-1-5-21-1417001333-1677128483-1801674531-1002_Classes
failed due to open registry key. Windows will try
unloading the registry hive once a second for the next 60
seconds (max).
USERENV(c8.b0) 08:50:56:484 MyRegUnLoadKey: Windows was not
able to unload the registry hive.
USERENV(c8.b0) 08:50:56:484 MyRegUnLoadKey: Failed to
unmount hive 5
USERENV(c8.b0) 08:50:56:484 UnLoadClassHive: failed to
unload classes key with 5
USERENV(c8.b0) 08:50:56:484 DumpOpenRegistryHandle: 3 user
registry Handles leaked from
\Registry\User\S-1-5-21-1417001333-1677128483-1801674531-1002 _Classes
USERENV(c8.b0) 15:00:12:578 UnloadUserProfile: Failed to
flush the current user key, error = 1016

The last one, with error = 1016, is by far the most common
log entry.

Hoping someone with more userenv.log experience can comment on these.

[ ]

Thanks for the up-to-date address for Robin Caron. All
other references I could find to UPHClean mentioned her
now-defunct Hotmail account.

I lifted that address from the Readme for ver. 1.2.0.7
Hope it's good.

[ ]

Check how, exactly?

You were looking at file ACLs on the System hive files, yes? And
they were likely Administrators:FULL, SYSTEM:FULL. The User profile
hive files (ntuser.dat and usrclass.dat) typically have file ACLs the
same but also with the UserName:FULL. Then there are the registry
ACL's "inside" the hive. These are what you would see looking at
HKCU with regedt32.exe as Permissions. This I think though is off
track for the problem perhaps. Unless you have purposely changed
them before.

One seeming anomaly: The Gnu "file" command (part of
Cygwin) reports different file types for my ntuser.dat
files. It identifies my ntuser.dat file as "executable",
which seems odd. It identifies the other three ntuser.dat
files as "Windows NT Registry file". (The "file" command
looks for magic numbers and other content patterns to make
its determination). Although there are only two ".LOG"
counterparts, they show the same misidentification pattern.

Hmm. Not familiar with that, but likely it's the difference between
static hive files (other accounts) and an active (loaded and locked)
one for your logon account.

[ ]

Can ntuser.dat be repaired? Are their tools that will
diangose that file's integrity? Does chkreg.exe process
user hives, too, or only system ones. Absent tools to
diagnose and / or repair an ntuser.dat file, what's to be done?

"Repaired" implies there is a known and detectable error of some
kind. I do not know if we really know that yet. No reliable tools I
know of. Don't know CHKREG.EXE but understand it is rather a "tool
of last resort" in any case. The usual solution for a provable
corrupt profile hive is to blow it away and rebuild it. But don't do
that yet, or at least use another logon to preserve the old one
first. Could be a lot of work rebuilding.

[ ]

Another thing, those errors do not correspond
(in terms of dates) to the latest failures to
retain registry modifications. There are only
three of them: One is from March, the other two
date back a day or so. Nonetheless, presumably
they're relevant clues to what's still happening now.

It is possible that there is nothing wrong in that profile. It could
be something else entirely. I have no way of knowing.
[ ]

Did you use another account? Any trouble? If no then _I_ would be
thinking of rebuilding the problem profile. FWIW and lacking any new
information or other feedback. Recall that your first post was only
just over 1 day ago. Other knowledgeable posters may drop into this
thread yet.

 

[Paul Lady]

Please, how do you run "chkreg". I tried it in the run command line, got
nothing.

Thx, pjl

[ some large snips ... ]

There appear to be many more related messages in
"\WINNT\Debug\UserMode\userenv.log":

Not surprising. There are lots of (rather cryptic) messages there.
I cannot analyze them reliably in most cases.

USERENV(c8.b0) 08:49:56:484 MyRegUnLoadKey: Hive unload for
S-1-5-21-1417001333-1677128483-1801674531-1002_Classes
failed due to open registry key. Windows will try
unloading the registry hive once a second for the next 60
seconds (max).
USERENV(c8.b0) 08:50:56:484 MyRegUnLoadKey: Windows was not
able to unload the registry hive.
USERENV(c8.b0) 08:50:56:484 MyRegUnLoadKey: Failed to
unmount hive 5
USERENV(c8.b0) 08:50:56:484 UnLoadClassHive: failed to
unload classes key with 5
USERENV(c8.b0) 08:50:56:484 DumpOpenRegistryHandle: 3 user
registry Handles leaked from
\Registry\User\S-1-5-21-1417001333-1677128483-1801674531-1002 _Classes
USERENV(c8.b0) 15:00:12:578 UnloadUserProfile: Failed to
flush the current user key, error = 1016

The last one, with error = 1016, is by far the most common
log entry.

Hoping someone with more userenv.log experience can comment on these.

[ ]

Thanks for the up-to-date address for Robin Caron. All
other references I could find to UPHClean mentioned her
now-defunct Hotmail account.

I lifted that address from the Readme for ver. 1.2.0.7
Hope it's good.

[ ]

Check how, exactly?

You were looking at file ACLs on the System hive files, yes? And
they were likely Administrators:FULL, SYSTEM:FULL. The User profile
hive files (ntuser.dat and usrclass.dat) typically have file ACLs the
same but also with the UserName:FULL. Then there are the registry
ACL's "inside" the hive. These are what you would see looking at
HKCU with regedt32.exe as Permissions. This I think though is off
track for the problem perhaps. Unless you have purposely changed
them before.

One seeming anomaly: The Gnu "file" command (part of
Cygwin) reports different file types for my ntuser.dat
files. It identifies my ntuser.dat file as "executable",
which seems odd. It identifies the other three ntuser.dat
files as "Windows NT Registry file". (The "file" command
looks for magic numbers and other content patterns to make
its determination). Although there are only two ".LOG"
counterparts, they show the same misidentification pattern.

Hmm. Not familiar with that, but likely it's the difference between
static hive files (other accounts) and an active (loaded and locked)
one for your logon account.

[ ]

Can ntuser.dat be repaired? Are their tools that will
diangose that file's integrity? Does chkreg.exe process
user hives, too, or only system ones. Absent tools to
diagnose and / or repair an ntuser.dat file, what's to be done?

"Repaired" implies there is a known and detectable error of some
kind. I do not know if we really know that yet. No reliable tools I
know of. Don't know CHKREG.EXE but understand it is rather a "tool
of last resort" in any case. The usual solution for a provable
corrupt profile hive is to blow it away and rebuild it. But don't do
that yet, or at least use another logon to preserve the old one
first. Could be a lot of work rebuilding.

[ ]

Another thing, those errors do not correspond
(in terms of dates) to the latest failures to
retain registry modifications. There are only
three of them: One is from March, the other two
date back a day or so. Nonetheless, presumably
they're relevant clues to what's still happening now.

It is possible that there is nothing wrong in that profile. It could
be something else entirely. I have no way of knowing.
[ ]

Did you use another account? Any trouble? If no then _I_ would be
thinking of rebuilding the problem profile. FWIW and lacking any new
information or other feedback. Recall that your first post was only
just over 1 day ago. Other knowledgeable posters may drop into this
thread yet.

 

[Mark V]

Please, how do you run "chkreg". I tried it in the run command
line, got nothing.

Me? I said:

 

[Mark V]

Please, how do you run "chkreg". I tried it in the run command
line, got nothing.

Me? I said:

 

[Randall Schulz]

Paul,

To run ChkReg.EXE, you must create a set of 6 install
diskettes. You add ChkReg.EXE to diskette #6 then boot from
diskette #1. Once loaded, you're prompted to load each of
the other 5 diskettes in order. When it's done loading the
last one, you choose to _R_epair, and it runs ChkReg.EXE.
ChkReg.EXE then examines your disks looking for any
bootable volume and lets you select which one's registry
you want repaired.

Start here: <http://support.microsoft.com/?kbid=822705>,
where you'll find the link to the Windows 2000 Registry
Repair Utility (ChkReg.EXE). From that page, in turn, you
can find the page that includes the "Windows XP Setup Disks
for Floppy Boot Install" (in the Related Resources box in
the upper right):
<http://www.microsoft.com/downloads/...familyid=55820EDB-5039-4955-BCB7-4FED408EA73F>.
The latter takes the form of an executable that will write
the six diskettes used primarily for Windows XP
installation and, for our purposes, execution of CHKREG.

Good luck.

Randall Schulz

-----Original Message-----
Please, how do you run "chkreg". I tried it in the run

command line, got nothing.

 

[Randall Schulz]

Paul,

To run ChkReg.EXE, you must create a set of 6 install
diskettes. You add ChkReg.EXE to diskette #6 then boot from
diskette #1. Once loaded, you're prompted to load each of
the other 5 diskettes in order. When it's done loading the
last one, you choose to _R_epair, and it runs ChkReg.EXE.
ChkReg.EXE then examines your disks looking for any
bootable volume and lets you select which one's registry
you want repaired.

Start here: <http://support.microsoft.com/?kbid=822705>,
where you'll find the link to the Windows 2000 Registry
Repair Utility (ChkReg.EXE). From that page, in turn, you
can find the page that includes the "Windows XP Setup Disks
for Floppy Boot Install" (in the Related Resources box in
the upper right):
<http://www.microsoft.com/downloads/...familyid=55820EDB-5039-4955-BCB7-4FED408EA73F>.
The latter takes the form of an executable that will write
the six diskettes used primarily for Windows XP
installation and, for our purposes, execution of CHKREG.

Good luck.

Randall Schulz

-----Original Message-----
Please, how do you run "chkreg". I tried it in the run

command line, got nothing.

 

[Randall Schulz]

Mark,

I'm going to declare victory. I've rebooted a fourth time,
and everything is working as it should.

Thanks for putting me on to the problem.

Randall Schulz

 

[Randall Schulz]

Mark,

I'm going to declare victory. I've rebooted a fourth time,
and everything is working as it should.

Thanks for putting me on to the problem.

Randall Schulz

 

[Mark V]

Mark,

I'm going to declare victory. I've rebooted a fourth time,
and everything is working as it should.

Thanks for putting me on to the problem.

You are most welcome and thanks for the follow up.

I see you giving back on CHKREG to. I may have to study this if it
seems popular, but already prefer just making routine registry backups
to fall back to if needed.

 

[Mark V]

Mark,

I'm going to declare victory. I've rebooted a fourth time,
and everything is working as it should.

Thanks for putting me on to the problem.

You are most welcome and thanks for the follow up.

I see you giving back on CHKREG to. I may have to study this if it
seems popular, but already prefer just making routine registry backups
to fall back to if needed.

 

[Paul Lady]

R, Thx for the info.

Now I have what seems a useful project.

pjl

Paul,

To run ChkReg.EXE, you must create a set of 6 install
diskettes. You add ChkReg.EXE to diskette #6 then boot from
diskette #1. Once loaded, you're prompted to load each of
the other 5 diskettes in order. When it's done loading the
last one, you choose to _R_epair, and it runs ChkReg.EXE.
ChkReg.EXE then examines your disks looking for any
bootable volume and lets you select which one's registry
you want repaired.

Start here: <http://support.microsoft.com/?kbid=822705>,
where you'll find the link to the Windows 2000 Registry
Repair Utility (ChkReg.EXE). From that page, in turn, you
can find the page that includes the "Windows XP Setup Disks
for Floppy Boot Install" (in the Related Resources box in
the upper right):
<http://www.microsoft.com/downloads/details.aspx?displaylang=en&familyid=558
20EDB-5039-4955-BCB7-4FED408EA73F>.
The latter takes the form of an executable that will write
the six diskettes used primarily for Windows XP
installation and, for our purposes, execution of CHKREG.

Good luck.

Randall Schulz

-----Original Message-----
Please, how do you run "chkreg". I tried it in the run

command line, got nothing.

 

[Paul Lady]

R, Thx for the info.

Now I have what seems a useful project.

pjl

Paul,

To run ChkReg.EXE, you must create a set of 6 install
diskettes. You add ChkReg.EXE to diskette #6 then boot from
diskette #1. Once loaded, you're prompted to load each of
the other 5 diskettes in order. When it's done loading the
last one, you choose to _R_epair, and it runs ChkReg.EXE.
ChkReg.EXE then examines your disks looking for any
bootable volume and lets you select which one's registry
you want repaired.

Start here: <http://support.microsoft.com/?kbid=822705>,
where you'll find the link to the Windows 2000 Registry
Repair Utility (ChkReg.EXE). From that page, in turn, you
can find the page that includes the "Windows XP Setup Disks
for Floppy Boot Install" (in the Related Resources box in
the upper right):
<http://www.microsoft.com/downloads/details.aspx?displaylang=en&familyid=558
20EDB-5039-4955-BCB7-4FED408EA73F>.
The latter takes the form of an executable that will write
the six diskettes used primarily for Windows XP
installation and, for our purposes, execution of CHKREG.

Good luck.

Randall Schulz

-----Original Message-----
Please, how do you run "chkreg". I tried it in the run

command line, got nothing.

 

[Randall Schulz]

You are most welcome and thanks for the follow up.

I see you giving back on CHKREG to. I may have to
study this if it seems popular, but already prefer
just making routine registry backups to fall back
to if needed.

Mark,

I please to aim.

I think the primary role for ChkReg is in salvaging a
system that is unbootable due to registry corruption. Of
course, it doesn't guarantee success, but if there is
registry trouble preventing the system from booting, it
could be the difference between booting and then applying
your registry backup and having to resort to something more
drastic.

I use Retrospect for backup, and it can create a recovery
CD (image) that you can use (in conjunction with
Retrospect's regular backups) if your system is hopelessly
trashed, but I'm a big believer in using the most minimal
tool necessary to effect needed repairs.

Randall Schulz

 

[Randall Schulz]

You are most welcome and thanks for the follow up.

I see you giving back on CHKREG to. I may have to
study this if it seems popular, but already prefer
just making routine registry backups to fall back
to if needed.

Mark,

I please to aim.

I think the primary role for ChkReg is in salvaging a
system that is unbootable due to registry corruption. Of
course, it doesn't guarantee success, but if there is
registry trouble preventing the system from booting, it
could be the difference between booting and then applying
your registry backup and having to resort to something more
drastic.

I use Retrospect for backup, and it can create a recovery
CD (image) that you can use (in conjunction with
Retrospect's regular backups) if your system is hopelessly
trashed, but I'm a big believer in using the most minimal
tool necessary to effect needed repairs.

Randall Schulz