question about "MS04-011, 835732 Remote Code Execution"

  • Thread starter Thread starter Rick Chauvin
  • Start date Start date
R

Rick Chauvin

W2000 Pro SP4 and I installed MS04-011, 835732

When I installed this update I noticed that a "Userenv.log" file was newly
created in the debug folder, and my question is about what the new
information in it means please.

Can anyone explain beyond the obvious what all five entries mean that it was
doing ..and if it's anything important or if I need to fix something.

Thank you.

USERENV(e8.d0) 09:32:39:562 MyRegUnLoadKey: Hive unload for
S-1-5-21-790525478-1972579041-839522115-1000 failed due to open registry key.
Windows will try unloading the registry hive once a second for the next 60
seconds (max).

USERENV(e8.d0) 09:33:39:765 MyRegUnLoadKey: Windows was not able to unload
the registry hive.

USERENV(e8.d0) 09:33:39:765 MyRegUnLoadKey: Failed to unmount hive 5

USERENV(e8.d0) 09:33:39:765 UnloadUserProfile: Didn't unload user profile
<err = 5>

USERENV(e8.d0) 09:33:39:765 DumpOpenRegistryHandle: 9 user registry Handles
leaked from \Registry\User\S-1-5-21-790525478-1972579041-839522115-1000
 
ps, yes I've already searched google first thing before I posted, and I found
and read alot of webpages on it all, but nothing that put the meaning of the
whole thing together in one good explanation and what to do - if anything,
and so that's why I wanted to ask someone who has seen this particular
listing before and understands it fully ...has been there done that.

USERENV
Hive unload for failed due to open registry key.

Windows was not able to unload the registry hive.

Failed to unmount hive 5

Didn't unload user profile <err = 5>

9 user registry Handles leaked from \Registry\User\

....is there anything I need to do with this?
 
Okay I've got the issue pretty well resolved I think.

I like the challenge of solving the riddles I guess.

A long story short, and being out on the wires and in my travels came across
this application:
http://www.microsoft.com/downloads/...b570-42470e2f3582&displaylang=en&Hash=H5S8RC5
And it looked like it was the ticket to solve my queries, so for a test I:
....re-imaged my 2K partition back to before the MS04-011 835732 update
....installed this new UPHClean application
....reinstalled the MS04-011 835732 update ...and behold it had no errors
this time nor did the userenv.log ever get created now, and system event
application log shows that UPHClean took care of this problem from the
MS04-011 835732 installation for me, and it even detailed the culprits or one
of the updates within the update that caused my problem in the first place.

Event Source: UPHClean
Description: The following handles in user profile hive W2000\Rick ...have
been closed because they were preventing the profile from unloading
successfully:

services.exe (300)
HKCU\SOFTWARE\MICROSOFT\SystemCertificates\ROOT (0xab4)
HKCU\SOFTWARE\MICROSOFT\SystemCertificates\Trust (0xacc)
HKCU (0xad0)
HKCU\SOFTWARE\MICROSOFT\SystemCertificates\ca (0xadc)
HKCU (0xae0)
HKCU\SOFTWARE\MICROSOFT\SystemCertificates\my (0xaec)
HKCU\SOFTWARE\Policies\MICROSOFT\SystemCertificates (0xb64)
HKCU\SOFTWARE\Policies\MICROSOFT\SystemCertificates (0xbb4)
 
Back
Top