Registry scan during start up

Fredsone · May 31, 2013

Hi
Vista Ultimate Compaq desktop.
We recently had to shutdown a frozen desktop by pushing and holding the power button.
When we restarted the computer the initial white text on a black background component of this type of restart was delayed while an unknown process started scanning a small number (I think it was 11) of registry functions. The registry scan lasted about 5 minutes and then the normal user log-in screen was displayed.
The scan included text informing us we should not interfere with the computer while the scan was running.

I have never seen anything like this before... does anyone know what it was?

Regards

LMiller7 · May 31, 2013

This was most likely a scan to check hard disk integrity and has nothing to do with the registry. This is a normal occurrence after a forced shutdown. After such a shutdown portions of the disk structure will be in an abnormal state and this corrects the problem.

richc46 · May 31, 2013

Welcome
First make a full anti virus scan
then
Download and make a full scan with malwarebytes. If these are negative.
Use this procedure to get the results of your last chkdsk scan. It will give the time and date of the scan
Check Disk (chkdsk) - Read Event Viewer Log - Windows 7 Help Forums
If the time corresponds with the scan, that was the cause. If not we must delve deeper.

Fredsone · Jun 1, 2013

richc46 said:
Welcome
First make a full anti virus scan
then
Download and make a full scan with malwarebytes. If these are negative.
Use this procedure to get the results of your last chkdsk scan. It will give the time and date of the scan
Check Disk (chkdsk) - Read Event Viewer Log - Windows 7 Help Forums
If the time corresponds with the scan, that was the cause. If not we must delve deeper.

Hi richc46 thanks for the suggestions and links.

Progress so far.

I have made a full scan with Norton 360 (I currently have a 30 day trial of Norton after a year of Bitdefender TS) and Malwarebytes, There weren't any problems found by either scan.

I set and restarted the computer to ran the Check Disk function and then had a look at the Event Viewer Log. There were a lot of logs form the time the freeze and restart occurred, all a little ambiguous/confusing but I didn't see anything that stood out. Also there were noWininit logs, should there have been any?
Ironically there was a Wininit log produced yesterday while I was scanning and searching the logs...

Alas, it is all in German so I will need to spend some time on that :sleepy:

.

wither 3 · Jun 1, 2013

Sometimes, if a Windows update is not correctly configured, it will show a registry scan during the Windows startup. However, it normally restarts the computer when it's finished and then will reconfigure the updates during the Windows startup.

I assume the computer functions normally after the registry scan you're seeing is finished. Are there any updates to be installed in Windows Update?

Fredsone · Jun 2, 2013

Hi.
We had a problem yesterday, the screen went black but was still connected to inputs from the computer, i.e it would switch to sleep mode after 15 minutes of no activity and then re-awake by moving the mouse.
So yet again the computer had to be shut down by pushing and holding the power button.
Interestingly when we restarted the machine it went through a normal windows start-up sequence... i.e. there was no sequence of black screens with crude white text and no registry scan.

I had a look at the update history and there was a Definition Update for Windows Defender - KB915597 (Definition 1.151.798.0) on ‎25.‎05 and the most recent being a Hotfix for Windows (KB947821) on 26.‎05. I am certian the computer was restarted between the days 26.‎05. and 31.05.

Regards

townsbg · Jun 3, 2013

A forced shutdown can cause problems with the registry so it might have had to be fixed from a backup. It might also have been hard drive issues. I suggest a full scan of your hard drive. http://www.vistax64.com/tutorials/67612-check-disk-chkdsk.html

Since you are having problems with sleep do you need it enabled? It can cause problems.

Fredsone · Jun 3, 2013

Thanks for the inputTownsbg.

An update for my post @ Local Time: 01:16 AM today.

I have talked to the person using the computer yesterday and the problem was that the computer appeared to get stuck during its normal shutdown procedure.
Apparently they went to the start/shutdown then turned the screen off and went away. A couple of hours later they found the computer was still running, they turned the screen on and saw a blank-black screen.
Moving the mouse had no effect and they noted that after 15 minutes of inactivity (not sure what they were doing during this period) there was a message indicating the screen had powered down-entered sleep mode (we have the Vista Control Panel, Power Options set to put the screen to sleep after 15 minutes).
As would be the normal procedure, moving the mouse caused the screens power on light to re start suggesting the screen functions were restarted, however as before there was only a blank-black screen displayed.

From this I have concluded that although the computer was stuck a some point in its shutdown procedure it was still correctly controlling the screen sleep functions.

They then completed a forced shutdown. However, when we restarted the machine it went through a normal windows start-up sequence... it started as it normally would had it been shutdown normally. I.e. there was not the expected black screen with crude white text and a 20 second timer counting down to a normal restart.

I had a look at the Event Viewer logs from yesterday, nothing jumped out but id did notice the following, could this be a clue... I have no idea :confused:

:

Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
DETAIL -
4 user registry handles leaked from \Registry\User\S-1-5-21-2689138593-1012205953-2850960868-1000:
Process 1196 (\Device\HarddiskVolume1\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe) has opened key \REGISTRY\USER\S-1-5-21-2689138593-1012205953-2850960868-1000
Process 1196 (\Device\HarddiskVolume1\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe) has opened key \REGISTRY\USER\S-1-5-21-2689138593-1012205953-2850960868-1000
Process 1196 (\Device\HarddiskVolume1\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe) has opened key \REGISTRY\USER\S-1-5-21-2689138593-1012205953-2850960868-1000
Process 1196 (\Device\HarddiskVolume1\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe) has opened key \REGISTRY\USER\S-1-5-21-2689138593-1012205953-2850960868-1000

Regards

townsbg · Jun 3, 2013

It sounds like tune up utilities was hung. Perhaps it was performing maintenance on the computer which includes registry clean up. I suggest that you look in the one click maintenance options and disable at least that option.

Fredsone · Jun 4, 2013

Ok, I have disabled the TuneUp Utilities one click maintenance registry options, hopefully this will help.

Thanks for your reply's

townsbg · Jun 4, 2013

Please let us know if you experience any more problems.

Registry scan during start up

Fredsone

My Computer

System One

LMiller7

My Computer

System One

richc46

My Computer

System One

Fredsone

My Computer

System One

wither 3

My Computer

System One

Fredsone

My Computer

System One

townsbg

тσωηsвg

My Computers

System One System Two

Fredsone

My Computer

System One

townsbg

тσωηsвg

My Computers

System One System Two

Fredsone

My Computer

System One

townsbg

тσωηsвg

My Computers

System One System Two

Registry scan during start up

My Computer

My Computer

My Computer

My Computer

My Computer

My Computer

~~тσωηsвg~~

My Computers

My Computer

~~тσωηsвg~~

My Computers

My Computer

~~тσωηsвg~~

My Computers

тσωηsвg

тσωηsвg

тσωηsвg