"file 9" problem (ChkDsk kills winXP, secedit.sdb corrupt)

Discussion in 'Software' started by On edge, Jan 3, 2009.

  1. On edge

    On edge Corporal

    I've posted a few times about this on-going problem, but I have more specifics now. I'm experiencing a ChkDsk "file 9" problem on my HP Windows XP

    with SP3. Basically, if I run ChkDsk /f, it begins (stage 1 - file verification) by deleting a bunch of "corrupt" attribute list entries and records. Stage 2 (index

    verification) goes through fine. In stage 3 (security descriptors), it deletes over 10,000 $SII and $SDH index entries related to "file 9," followed by over

    security id replacements for over 200,000 files. When Windows loads, I cannot move the desktop icons, for example, and have lost most other basic rights

    under both the Admin and Default User accounts. I've tried fixing it, but in the end have always had to revert to an earlier Acronis True Image backup of my

    C-partition or an ERUNT registry backup, and forgo ChkDsk.

    Other symptoms (pre-ChkDsk):
    1. Error message regarding secedit.sdb (see attached) when I try to access Local Security Policy (Control Panel -> Admin Tools).
    2. Cannot register Windows modules (DLL-files).

    Attempted (failed) solutions (in addition to general cleanup, defrags, etc.):
    1. I've tried running Windows Repair from the installation CD.
    2. I tried installed Hotfix KB884018 from MS, but the install failed (see attached log).
    3. At the moment, I've disabled "Simple File Sharing" in hopes that redefining file security might help (but 1 still applies).
    4. Hardware is not to blame (ChkDsk worked fine after clean WinXP install - but I reverted back because that was just for comparison/check).

    Any ideas besides a clean install of Windows?

    p.s. FWIW, the ChkDsk log is actually of a clone of my C-partition (hence the disk space error message).
     

    Attached Files:

  2. a_cup

    a_cup Private E-2

  3. On edge

    On edge Corporal

    Thanks a_cup -- I have come across that KB before, but dismissed it because (a) the hotfix is for Windows Server 2003 and (b) my laptop only has about 400,000 files (as opposed to 4M that might cause problems), and my understanding re MBR is that it's quite small on regular PCs. That said, I have set up my computers in a small home network, so that may have messed something up; maybe there's been 1 moment in time when I was connected to several computers at the same time, and a few external hard drives, and had several windows xp setup CD on my computer too (for nLite custom (streamlined) Windows projects, etc.) - but 4,000,000+ is still pushing it...

    Anyway, I tried the hotfix and it would install because it's not for Windows XP/SP3, however, if SP3 is supposed have fixed stuff like this on Windows XP, then I suppose my next step is to reinstall that - my original disks are HP's XP/SP2 so my earlier repair install attempt did not include SP3.
     
  4. a_cup

    a_cup Private E-2

  5. On edge

    On edge Corporal

    Thanks for the links.

    To update: My computer is (and was) up-to-date on all MS updates and autocheck is enabled. I reinstalled SP3, but I don't think it did anything - the setup took ~5 minutes followed by a reboot request. I left the computer to reboot expecting a lengthy process, but when I got back from using the bathroom, SP3 had already finished... but I'm still unable view Local Group Policies without the secedit.sdb error message. I assume ChkDsk would fail too, though I haven't had time or desire to test it...

    The MS Auto Check Utility is on the Boot Execute list of autoruns, however, it does not call for automatic ChkDsk fixing unless the previous shutdown involved some drive problem. And I've had no drive C: problems of that type lately. Maybe the User Profile Hive Cleanup Service program from MG is helping (recent addition to my setup)... In general, most programs and functions are running smoothly. However, I did experience some DEP-problems, and subsequently 'disabled' it (i.e. started adding programs to its ignore list from Control Panel -> System -> Advanced -> Performance -> DEP). I'm also getting frequent error messages from Windows Explorer (Windows Explorer reports an inconsequential(?) problem after I close a Windows or remove a USB drive - previously DEP had been messing with Explorer too.

    Also UndeletePlus gives me the 'Cannot load MFT' (or something like that) message for C:, and Piriform's Defraggler doesn't work either. In addition, Partition Table Doctor 3.5 won't run (though it was working last week)...

    Question: How do I check MFT size? Are there any good apps for analyzing and optimizing the MFT?


    p.s. I mixed up MFT and MBR in an earlier response... The latter should be fine, not so sure about the former...
     
  6. a_cup

    a_cup Private E-2

    Hi On Edge,


    What errors are showing in event viewer....Right click on 'my computer'...click 'manage>>event viewer..click on the plus sign to expand...click on 'systems'...Look for errors (marked with a red X) under 'systems'....check the source and event ID (ex: source SceCli event ID 1202) double click on an error and the properties box will open...this will give you more information...In the properties box there is a link you can click that may have a solution.....

    The secedit.sdb file may be corrupted. Check this link for information

    Scecli.dll errors occur when opening Account Policies or Local Policies

    More information on scecli.dll errors/warnings
    Event ID Scecli.dll

    I tend to stay away from 3rd party applications...Using only the bare necessities like anti-virus, firewall, and a couple of anti-malware programs...The more programs you add the higher the chances of causing problems and the more work in detecting what is causing them...
     
  7. On edge

    On edge Corporal

    I saw no error in the system log for the past two weeks. Under applications, I have lots of explorer.exe error notifications:

    "Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x043f3158."

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp."

    The event viewer logs for Security, Identity Manager and Internet Explorer are empty, though I get the secedit.sdb error show in the attached pic in my initial post when I enter Admin Tools -> Local Security Policies
    (and again when I further view any subcategory of Local Security Policies -> Local Policies).

    When I ran the esentutl command (copy/paste from the link) it started running in an apparently infinite loop, which I broke manually (see pic). Same thing happened when I tried it with just the /? qualifier.

    That said, I'm pretty sure the secedit.sdb file is corrupt and I tried to repair it using the aforementioned MS hotfixes, but to no avail. I'll read the the links you posted in detail later, maybe there's something that can do the trick... Plus I'll try the esentutl later in safe mode.

    As far as anti-malware programs go, I only have Rising Antivirus Free and Online Armor Free installed (Windows Firewall is off), plus a few MG rec'ed add-ons; A-Squared Free and HijackThis for the occasional manual scans, and Spywareblaster for updating something... In the past I've had others, but they generally only 1 active malware defense program + 1 firewall at a time.
     

    Attached Files:

  8. On edge

    On edge Corporal

    a_cup, I got my computer sorted out. i'll post the details later, but the short version is that i needed to (a) use the esentutl mentioned in your link to fix the secedit.sdb. Not sure if it would have averted the chkdsk problem because I solved that by (b) running chkdsk /f and letting it delete/replace everything, and then disabling "simple folder sharing" property for C: (mine was already disabled actually) to access the Security tab in folder properties, and then resetting security choices for C: and all subfolders. I also had to reset permissions for registry keys using a suitable reg editor (i used registry workshop). and i deleted the $UsnJrnl files using another utility from my utility Windows XP Pro CD (but not included during normal install) because they had grown huge, badly defragmented, and were beyond the reach of DiskKeeper and JKDefrag/Pagedefrag/Contig...

    Thanks for the help.

    P.S. If anyone knows a guide to the correct security settings and registry permissions for Windows XP with Simple File Sharing disabled, please let me know. (I also stopped indexing and removed my computers from their home network, even though I'd like to network them again after everything is squared away).
     
    Last edited: Jan 12, 2009
  9. On edge

    On edge Corporal

    For the benefit of anyone who may come across this thread while trying to solve a similar problem, here's my solution:

    [0. Use ERUNT (freeware) to backup the registry, and/or Acronis True Image if you have it before letting ChkDsk run. Also, I always disable my antivirus, firewall and all non-essential start-up programs before repairs.]

    1. Let ChkDsk /f run during boot-up even though it deletes files or modifies their attributes. Apparently using ChkDsk /r is even better because it can repair access free setup files for further repairs, but it's only available from the Recovery Console i.e. from the WinXP setup CD, unless previously installed.

    2. ChkDsk may run for hours, and the percentage progress figures may appear frozen, but just give it time. The first time this happened I thought it had frozen, turned the computer off, and subsequently couldn't boot to Windows anymore. If you cannot boot to Windows, then you have to use ERUNT from Recovery Console or Bart's PE type boot disk, or some other restoration utility, but assuming you can still get to Windows, or the command prompt at least, then you can probably fix the ChkDsk damage.

    3. If you cannot move folders, the taskbar has disappeared, nothing works, etc. after ChkDsk has finished, then try changing the security settings for C. Microsoft provides this command prompt command to give everyone access:

    link: http://support.microsoft.com/kb/311724

    It takes a while to run too. However, modified 'Properties -> Security -> Advanced' options for C: to (a) take ownership of all files and folders (for Admins), (b) remove restrictions, and (c) grant Full Control to Admins, Creator Owner, and System, and Read access to Users... There's various boxes you have to check/uncheck and tabs to go through to get it all to work, plus you have to disable 'Simple Folder Sharing' before you can even access the Security tab, and again then it takes a long time for the computer to modifying those attributes for each folder and file.

    Also, I had to do equivalent of the above process for all the registry keys (take ownership and reset permissions) - I used Registry Workshop to do it. And sometimes reboots were needed before the changes took effect.

    That's it for the ChkDsk.

    Next I had the secedit.sdb problem, which may or may not have been independent of the ChkDsk problem. In any case, I still got the secedit error message at Control Panel -> Adminstrative Tools -> Local Security Policy -> ...

    That problem was solved by (a) copying the esentutl.exe file from my Windows setup CD on the C: drive, and (b) subsequently running the following command prompt command:

    You may need to use /g or /r or something instead of the /p option, but /p (repair) worked for me. I also used /d later to defrag it. One of the links a_cup posted has the details.

    That took care of secedit, but my $UsnJrnl file was still all over the place (1.5GB or something), very fragmented, and inaccessible to DiskKeeper and JKdefrag - I solved that by deleting it using another utility available on the Windows setup CD; fsutil.exe. The command for running that was:

    The details are at my previous link. My understanding is that Windows will reinitialize the file once a program requests it. You may also be able to repair it, but I opted for the deletion since the file had grown and mutated into a monster.

    For future purposes, I changed NtfsMftZoneReservation value to 3 in the registry; HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Filesystem. Default is 1 (smallest) and 4 is the max. I'm hoping that will reserve more space for my system files making it easier to defrag them and keep them healthy.

    Next... Well, almost everything is running smoothly now. I switched back Simple File Sharing, Firewall and Anti-Virus are back on. However, I still cannot run Piriform's Defraggler except in Safe Mode (other defraggers I've tried work fine), and I had to re-install the Recovery Console from Safe Mode. It may have something to do with HP's iastor/iaahci drivers (3rd party SATA drivers); they are always complicating things. I may ask about that in another thread, but for now I'm done dealing with computer problems...
     
  10. a_cup

    a_cup Private E-2


MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds