Is it normal to have the word "dirt" in all your logs in config folder?

[Sarah Kanary]

My other computer runs W2K, and would not boot, not even into Safe mode.
The error message referred to files in \WINNT\system32\config folder as
corrupt or missing. So I removed its hard drive and attached it (via usb
enclosure) to a computer running XP Pro.

Opening explorer, I looked in the \WINNT\system32\config folder, and looked
at all the logs that had data in them. This is the data I found from the
five logs that had any:

system log:

regf  °ÃAî`gÄ



À‚
C : \ W I N N T \ s y s t e
m 3 2 \ c o n f i g \ s y s t e m R W , c d r m m c . d r v , 1 7 6 , , 9
€ÿÿÿA T K D V D R W D D 0 4 0 1 , A T K , D V D R W D D 0 4 0 1 , D V
D + - R / R W , c d r m m c . d r v , 1 7 8 , , 9 €ÿÿÿA C C E S S T K D
D 0 4 0 1 , A C C E S S T K , D D 0 4 0 1 , D V D + - R / R W , c d r m m c
.. d r v , 1 7 8 , , 9 xÿÿÿA C E R D V D + R W 4 X M a x , A C E R
, D V D + R W 4 X M a x , D V D + R / R W ²ò±vDIRTÿ

Userdiff log:

regf  ØQ ½ÜÃ

 

1 \ W I N N T \ S Y S T E M
3 2 \ C O N F I G \ u s e r d i f f
Eqâ€Ã‡DIRTÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ

SAM log:

regf= = €eòRøjÄ

 
P
\ S y s t e m R o o t \ S y
s t e m 3 2 \ C o n f i g \ S A M GridX.UnboundMode.1ÿÿÿÿÿ¨ÿÿÿ{ 6 2 C B D
D B 4 - 7 0 D D - 1 1 D 3 - A 2 D 9 - 0 0 8 0 A D 3 0 3 A 9 A }
ÿÿÿÿÿÿðÿÿÿlf
xÜ
CLSI ÿÿÿnk
ˆþ$ Ã
 # ÿÿÿÿ
P!  ÿÿÿÿ _ 
GridX.ValueItem øÿÿÿX! èÿÿÿvk p!
ØÿÿÿV a l u e I t e m C l
a s s ¨ÿÿÿnk
ˆþ$ Ã
ð  ÿÿÿÿÿÿÿÿ
ð!  ÿÿÿÿ N  CLSID
øÿÿÿø! èÿÿÿ½ÕÃyDIRT‡


Security log:

regf‚ ‚ ÀÜ̵ÊlÄ

 
p
e m R o o t \ S y s t e m 3
2 \ C o n f i g \ S E C U R I T Y ÿ‹ðY‰u …öÆEü?„P ‹Îèì
ÆEü@Ç
ÉeÆEü?é!þÿÿj,è4ÿÿ‹ðY‰u …öÆEüA„ ‹Îè¹ ÆEüBÇÌ
ÉeÆEüAéîýÿÿj,èÛ3ÿÿ‹ðY‰u …öÆEü=„ê ‹Îè† ÆEü>Ç|
ÉeÆEü=é»ýÿÿj,è¨3ÿÿ‹ðY‰u …öÆEü;„· ‹ÎèS ÆEü<Ç,
ÉeÆEü;éˆýÿÿj,èu3ÿÿ‹ðY‰u …öÆEü2„„ ‹Îè 
ÆEü3ÇÜÿÈeÆEü2éUýÿÿj,èB3ÿÿ‹ðY‰u …öÆEü-„Q ‹Îèš ÆEü.ƒN$ÿƒf(
ÇŒÿÈeÆEü/Ç
ÉeÆEü-éýÿÿj,èý2ÿÿ‹ðY‰u …öÆEü)„  ‹Îè¨
ÆEü*Ç<ÿÈeÆEü)éÃüÿÿƒè„à H„³
H„‚ HtLH“7ÂDIRT#

default log:

regf  0OæE’kÄ

 
À
t e m R o o t \ S y s t e m
3 2 \ C o n f i g \ D E F A U L T EntriesInQueryCache ¨Ê
Ãÿÿÿvk  €ˆ 

MaxRestrictionNodes »
Ãÿÿÿvk  €  

PropertyStoreBackupSize Èÿÿÿvk  €  

SecPropertyStoreBackupSize
8¿
Øÿÿÿvk < H! 
1 DLLsToRegisterc ÀýÿÿC : \ W I N N T \ S y s t e m 3
2 \ q u e r y . d l l C : \ W I N N T \ S y s t e m 3 2 \ c i a d m i n .
d l l C : \ W I N N T \ S y s t e m 3 2 \ i x s s o . d l l C :
*×ílDIRT
` 


Anyone have a clue? I sure don't.

=========================

Sarah Kanary

 

[Dave Patrick]

Those are registry transaction logs. You didn't mention the hive. Assuming
the system hive and you already tried LKG, It may be possible to rename the
system hive found in
%windir%\system32\config\system
to system.old
then rename
%windir%\system32\config\system.alt
to
%windir%\system32\config\system

You can also try using the most recent backup found in
%windir%\repair\regback

If that fails you haven't much choice but to copy/ use the
original-as-installed system hive from
%windir%\repair\system
to
%windir%\system32\config\system
You'll need to reinstall the device drivers for any hardware added since the
original OS install.

If the software hive, it may be possible to rename the software hive found
in;
%windir%\system32\config\software
to software.old
then copy the most recent backup found in
%windir%\repair\regback
as
%windir%\system32\config\software

If that fails you can copy/ use the file
%windir%\repair\software
This file is an image of the hive at the time the OS was installed, so you'd
have to reinstall all software. This being the case you might just as well
blow it away and start a new install. (note: this would at least allow you
to start the OS to make any necessary backups prior to wiping the drive.)

To start the Recovery Console, start the computer from the Windows 2000
Setup CD or the Windows 2000 Setup floppy disks. If you do not have Setup
floppy disks and your computer cannot start from the Windows 2000 Setup CD,
use another Windows 2000-based computer to create the Setup floppy disks.
Press ENTER at the "Setup Notification" screen. Press R to repair a Windows
2000 installation, and then press C to use the Recovery Console. The
Recovery Console then prompts you for the administrator password. If you do
not have the correct password, Recovery Console does not allow access to the
computer. If an incorrect password is entered three times, the Recovery
Console quits and restarts the computer. Note If the registry is corrupted
or missing or no valid installations are found, the Recovery Console starts
in the root of the startup volume without requiring a password. You cannot
access any folders, but you can carry out commands such as chkdsk, fixboot,
and fixmbr for limited disk repairs. Once the password has been validated,
you have full access to the Recovery Console, but limited access to the hard
disk. You can only access the following folders on your computer:
%systemroot% and %windir%


--
Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect

:
| My other computer runs W2K, and would not boot, not even into Safe mode.
| The error message referred to files in \WINNT\system32\config folder as
| corrupt or missing. So I removed its hard drive and attached it (via usb
| enclosure) to a computer running XP Pro.
|
| Opening explorer, I looked in the \WINNT\system32\config folder, and
looked
| at all the logs that had data in them. This is the data I found from the
| five logs that had any:
|
| system log:
|
| regf  °ÏAî`gÄ



À,
C : \ W I N N T \ s y s t
e
| m 3 2 \ c o n f i g \ s y s t e m R W , c d r m m c . d r v , 1 7 6 , ,
9
| ?ÿÿÿA T K D V D R W D D 0 4 0 1 , A T K , D V D R W D D 0 4 0 1 , D
V
| D + - R / R W , c d r m m c . d r v , 1 7 8 , , 9 ?ÿÿÿA C C E S S T K
D
| D 0 4 0 1 , A C C E S S T K , D D 0 4 0 1 , D V D + - R / R W , c d r m m
c
| . d r v , 1 7 8 , , 9 xÿÿÿA C E R D V D + R W 4 X M a x , A C E
R
| , D V D + R W 4 X M a x , D V D + R / R W ²ò±vDIRTÿ
|
| Userdiff log:
|
| regf  ØQ ½ÜÁ

 

1 \ W I N N T \ S Y S T E
M
| 3 2 \ C O N F I G \ u s e r d i f f
| Eq"ÇDIRTÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
|
| SAM log:
|
| regf= = ?eòRøjÄ

 
P
\ S y s t e m R o o t \ S
y
| s t e m 3 2 \ C o n f i g \ S A M GridX.UnboundMode.1ÿÿÿÿÿ¨ÿÿÿ{ 6 2 C B
D
| D B 4 - 7 0 D D - 1 1 D 3 - A 2 D 9 - 0 0 8 0 A D 3 0 3 A 9 A }
| ÿÿÿÿÿÿðÿÿÿlf
xÜ
CLSI ÿÿÿnk
| ^þ$ Ã
 # ÿÿÿÿ
P!  ÿÿÿÿ _ 
| GridX.ValueItem øÿÿÿX! èÿÿÿvk p!
ØÿÿÿV a l u e I t e m C
l
| a s s ¨ÿÿÿnk
| ^þ$ Ã
ð  ÿÿÿÿÿÿÿÿ
ð!  ÿÿÿÿ N 
CLSID
| øÿÿÿø! èÿÿÿ½ÕÐyDIRT?

|
| Security log:
|
| regf, , ÀÜ̵ÊlÄ

 
p
e m R o o t \ S y s t e m
3
| 2 \ C o n f i g \ S E C U R I T Y ÿ<ðY?u .öÆEü?"P <Îèì
| ÆEü@Ç
ÉeÆEü?é!þÿÿj,è4ÿÿ<ðY?u .öÆEüA" <Îè¹ ÆEüBÇÌ
| ÉeÆEüAéîýÿÿj,èÛ3ÿÿ<ðY?u .öÆEü="ê <Îè? ÆEü>Ç|
| ÉeÆEü=é»ýÿÿj,è¨3ÿÿ<ðY?u .öÆEü;"· <ÎèS ÆEü<Ç,
| ÉeÆEü;é^ýÿÿj,èu3ÿÿ<ðY?u .öÆEü2"" <Îè 
| ÆEü3ÇÜÿÈeÆEü2éUýÿÿj,èB3ÿÿ<ðY?u .öÆEü-"Q <Îès ÆEü.fN$ÿff(
| ÇOÿÈeÆEü/Ç
ÉeÆEü-éýÿÿj,èý2ÿÿ<ðY?u .öÆEü)"  <Îè¨
| ÆEü*Ç<ÿÈeÆEü)éÝüÿÿfè"à H"³
H", HtLH"7DIRT#
|
| default log:
|
| regf  0OæE'kÄ

 
À
t e m R o o t \ S y s t e
m
| 3 2 \ C o n f i g \ D E F A U L T EntriesInQueryCache ¨Ê
| Ðÿÿÿvk  ?^ 

| MaxRestrictionNodes »
| Ðÿÿÿvk  ?  

| PropertyStoreBackupSize Èÿÿÿvk  ?  

| SecPropertyStoreBackupSize
| 8¿
| Øÿÿÿvk < H! 
1 DLLsToRegisterc ÀýÿÿC : \ W I N N T \ S y s t e m
3
| 2 \ q u e r y . d l l C : \ W I N N T \ S y s t e m 3 2 \ c i a d m i n
..
| d l l C : \ W I N N T \ S y s t e m 3 2 \ i x s s o . d l l C :
| *×ílDIRT
` 
|
|
| Anyone have a clue? I sure don't.
|
| =========================
|
| Sarah Kanary
|