Posted 27 January 2010 - 01:18 PM
I need a little help concerning a stop error issue I'm seeing on some machines on my network.
Environment is WinXP Embedded and SAV Corp Ed. v10.1.5.5000 on a domain. SAV 10.1 has been installed and running on all out production machines since Feb/Mar 09 with no problems up until now.
Initally, the problem manifested itself when a machine was restarted. WINXP splash screen would show, then the logon screen, which was garbled. Eventually, we would just get a BSOD stop error c0000218 cannot load registry file/hive: sysroot\sys32\config\software is corrupt, unreadable, or not writable.
Restarting the machine and choosing Last Known Good Configuration would allow windows to load and the user to logon. If Symantec was uninstalled, the machine would be fine. You could re-boot/logon without a problem. With Symantec uninstalled, I tried re-installing and re-booting, but that just leads to the same problem once you reboot. Install is being done from the Symantec System Console on our AV server as a remote install, or by navigating to the network share that contains the install files and initiating the install from the client.
So I did a little bit of research on the net and it seems that the problem may lie in Symantec's writing to registry files during the shut down process. I located a program called UPHClean from M$ that is supposed to fix these types of issues and in their readme doc, it specifically states a Userenv 1517 error, that I also see in my App log. Why we're just now seeing this problem after so many months is beyond me. Symantec AV scans report nothing, as do the M$ MSRT, and I've even run MBAM.
I appreciate any help. This has been driving me crazy.