Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: How do I locate a script that re-writes a registry value?

28 Dec 2011   #1
winpigler

Windows 7 64 bit home Premium
 
 
How do I locate a script that re-writes a registry value?

Right now I am running on Windows 7 home premium 64-bit. There is a legalnoticecaption and legalnoticetext enabled in the registry, and when I delete these values and restart, they re-appear! I've even tried deleting them altogether. I'm guessing there is some sort of script enabled that re-writes the registry values upon deletion, and I need some help identifying and getting rid of said script. Or, if you have any suspicions on what else it may be, please do not hesitate to tell me to check it out.

Thanks!


My System SpecsSystem Spec
.
28 Dec 2011   #2
Brink

64-bit Windows 10 Pro
 
 

Hello Winpigler, and welcome to Seven Forums.

It is normal for these two registry entries to be here. By default their "Data" field is empty.

These two registry entries are for having a logon title and message as in METHOD TWO of the tutorial below if wanted. You can just right click on them, click on Modify, and leave the "Data" empty to not have a custom message.

Logon Title and Text Message - Vista Forums

Hope this helps,
Shawn
My System SpecsSystem Spec
28 Dec 2011   #3
winpigler

Windows 7 64 bit home Premium
 
 

I understand that they are there by default, but when we purchased the laptop, these registry values were filled with text, and when I try and delete the text, it always re-appears upon startup. I am suspecting that there is a script running that auto-fills the values when they have been edited, and I was wondering if there was a way to find the script and delete it, so that when I delete the legalnoticecaption and legalnoticetext, they are gone for good.

I hope that clarifies my question a little. Thank you!
My System SpecsSystem Spec
.

28 Dec 2011   #4
cluberti

Windows 10 Pro x64
 
 

Can you get a process monitor log of the boot process? Seeing which process is writing the values will help determine where it's coming from.

To get a trace, download/extract/run procmon (from the above link) and accept the EULA if prompted. Then, from the menu, click Options, then Enable Boot Logging. This should prompt you that you have just told procmon to log the next boot process (and asks you to click the "OK" button - please do so). Now, clear the values in the registry of any data (so that they are blank), and then reboot. Once you've logged in, start procmon again and save the log to a .pml file when prompted. You can use WinRAR or 7zip to compress this file, and upload to a sharing site. Post a link to that file, and we'll download it and look at it for clues (or even answers, maybe).
My System SpecsSystem Spec
28 Dec 2011   #5
Brink

64-bit Windows 10 Pro
 
 

Are you part of a domain? If so, that would be doing it, and only the domain administrator will be able to remove or change them on the domain's system.

If not, then in addition to what cluberti (Carl) posted above, also check those registry values at all of the different registry locations below that they are found at, and modify to clear their "Data" fields. One location may be rewriting the other.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\System


Next, check all of the different startup program list locations in the tutorial below to see if one of them may be what is rewriting it if the above is not it.

Startup Programs - Change
My System SpecsSystem Spec
28 Dec 2011   #6
winpigler

Windows 7 64 bit home Premium
 
 

Brink: I checked in all of the locations you specified, and it is only located once, in the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
I also did a Ctrl-F and searched for it, and it only found the one. (Gotta love Ctrl-F)

Cluberti: I will try what you suggested tomorrow. It's 11pm here, so I think it's time for bed. I'll reply to the thread when I get home tomorrow night.

Thank you both very much for the quick responses.
My System SpecsSystem Spec
Reply

 How do I locate a script that re-writes a registry value?




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Tip: Speeding up writes to DVD RAM
Writing to DVD RAM seems to be somewhat of a problem on W7, with speeds going through the floor, yesterday copying around 3.5Gb started at a decent speed of over 1Mb/s, only to drop off to around 100kb/s after about half an hour, with a "time remaining" increasing beyond every reason. Then,...
Performance & Maintenance
Writes to hyberfil.sys
Does Win 7 constantly write to the hyberfil.sys file or only when the computer is going into hibernation?The reason I ask is the only way my UPS can save my work before shutting down the computer in the event of a power failure is to hibernate it so, obviously, I need hibernate enabled, complete...
Performance & Maintenance
Torrent writes and SSD
I wanted to confirm just how much more writes torrents do. my options are these -torrent directly onto a SSD -torrent onto a 8-20gb of ramdisk, and then move the file onto SSD upon completing the file imho both have same amount of writes because of file size so for both options it should...
Software
New to SSD's. First install attempt with bad read/writes
Hi everyone, first time poster here. Maybe you all can help me figure out what i did wrong. I switched over from a hdd to a ssd for the first time. I installed the new 120gb Patriot Pyro on my sata mobo and took the advice from some other posts here about doing a quick win7 backup/restore to...
Hardware & Devices
need to change input language for new users via registry script
Hello, I need script or string by regedit to change input language for new user accounts to Portuguese (Portugal) - Portuguese. Thanks
General Discussion


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 00:11.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App