Registry section information

Page 1 of 4 123 ... LastLast

  1. Posts : 97
    Windows 10 Pro 64-bit
       #1

    Registry section information


    I hope this is the right place for this question. The last couple of times that I have run Sysinternals Autoruns, when it got to HKLM\System\Current Control Set\Control\Sessions Manger\Boot Execute, the program stopped responding. I thought there was a problem with the program, so I uninstalled it and got the latest version 11.32 and installed that. It does the same thing. There are some strange characters in that section. I don't have a clue what they are. I have included a screen shot of that section. The computer is working fine. I have Windows 7 Home Premium 64-bit. Does this look like a problem? Thanks for any help.
    Attached Thumbnails Attached Thumbnails Registry section information-image3.jpg  
      My Computer


  2. Posts : 2,171
    Windows 7 Ultimate x64
       #2

    Don't know if it's a problem, but it's definitely not clean. Some of those entries look to me as though they can be deleted (deselected) as they indicate 'file not found' anyway.

    I'd also check for the existence of malware. You've got some very odd keys there!
    Last edited by F5ing; 25 Jul 2012 at 01:42. Reason: clarification and grammer.
      My Computer


  3. Posts : 97
    Windows 10 Pro 64-bit
    Thread Starter
       #3

    I have run Malwarebytes, AVG and Spybot Search and Destroy. Neither found anything. In Regedit I searched for autologger. It found it in 3 locations.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\BootExecute
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\BootExecute HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Session Manager\BootExecute.


    I found this at the Autoruns site.

    About regkeys named AutorunsDisabled

    If you untick any entry inside Autoruns, then autoruns will create a new regkey named AutorunsDisabled and move the unticked entry there.
    If you tick such an item again, Autoruns will move the entry back from the AutorunsDisabled regkey one level up to the original location.


    Is This a legitimate file?
    C:\Users\Clint\AppData\Roaming\No Company Name \No Client Name\No Client Internal Version\Trace Database.txt? The file is 1KB. It says (Master 1 0)

    [ATTACH][ATTACH]Registry section information-image2.jpg

    Registry section information-reg1.jpg

    Registry section information-reg2.jpg[/ATTACH][/ATTACH]
    Last edited by 5Clint7; 24 Jul 2012 at 12:37.
      My Computer


  4. Posts : 2,171
    Windows 7 Ultimate x64
       #4

    5Clint7 said:
    I have run Malwarebytes, AVG and Spybot Search and Destroy. Neither found anything. In Regedit I searched for autologger. It found it in 3 locations.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\BootExecute
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\BootExecute HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Session Manager\BootExecute.
    Just curious, what prompted you to search the registry for 'autologger'?

    BTW, I'm guessing that as you're messing in the registry you're comfortable in doing so, right? Watching yourself while you're in it, having it backed up and can restore it if necessary?

    5Clint7 said:
    I found this at the Autoruns site.
    5Clint7 said:

    About regkeys named AutorunsDisabled

    If you untick any entry inside Autoruns, then autoruns will create a new regkey named AutorunsDisabled and move the unticked entry there.
    If you tick such an item again, Autoruns will move the entry back from the AutorunsDisabled regkey one level up to the original location.
    Normal and expected.

    5Clint7 said:
    Is This a legitimate file?
    C:\Users\Clint\AppData\Roaming\No Company Name \No Client Name\No Client Internal Version\Trace Database.txt? The file is 1KB. It says (Master 1 0)
    Odd pathname. When you say "It says (Master 1 0)" do you mean you opened the file and found that's all it contained?

    In order to help ensure your machine is clean try this:

    https://www.sevenforums.com/tutorials/166445-windows-defender-offline.html
      My Computer


  5. Posts : 97
    Windows 10 Pro 64-bit
    Thread Starter
       #5

    "Just curious, what prompted you to search the registry for 'autologger'?"

    When I saw "autologger" I thought it was a key logger.

    I have backed up my registry.

    "Odd pathname. When you say "It says (Master 1 0)" do you mean you opened the file and found that's all it contained?"

    Boy I'll say. That was one thing that scared me. Yes I did open the file and that's all that was there. Master 1 0.


    "In order to help ensure your machine is clean try this:"
    https://www.sevenforums.com/tutorials/166445-windows-defender-offline.html

    I did make the WDO flash drive and ran it, and it found nothing either. Thanks for the help.

    Clint
      My Computer


  6. Posts : 2,171
    Windows 7 Ultimate x64
       #6

    5Clint7 said:
    The last couple of times that I have run Sysinternals Autoruns, when it got to HKLM\System\Current Control Set\Control\Sessions Manger\Boot Execute, the program stopped responding.

    There are some strange characters in that section. I don't have a clue what they are. I have included a screen shot of that section. The computer is working fine. I have Windows 7 Home Premium 64-bit. Does this look like a problem? Thanks for any help.
    When you start Autoruns it opens and starts scanning for ~1 minute (as seen in status bar at lower left). Does it complete the scan and show 'Ready' in the status bar or does it stop responding before that point?

    I think the 'autochk' entry in the BootExecute key is supposed to be there. I think it's there to allow automatic runs of 'chkdsk' if they were scheduled to run after a reboot (before Windows completely loads). Can you navigate to the BootExecute key in Regedit, highlite it and press enter to popup the dialog box for it? You should get something like this:

    Registry section information-capture5.png

    5Clint7 said:
    "Just curious, what prompted you to search the registry for 'autologger'?"

    When I saw "autologger" I thought it was a key logger.
    Sorry, I had missed 'autologger' in your screenshots yesterday. I'm not sure if you should have that in the key. I just looked at 3 different w7 machines and none of them have anything similar.

    5Clint7 said:

    "Odd pathname. When you say "It says (Master 1 0)" do you mean you opened the file and found that's all it contained?"

    Boy I'll say. That was one thing that scared me. Yes I did open the file and that's all that was there. Master 1 0.
    Still wondering about this file. What other files show up in that subfolder structure (within 'No Company Name' and deeper')? Check the created/modified dates/times of the subfolders and the file itself; maybe you'll recall something you did at those times that may help explain their existence.

    5Clint7 said:
    I did make the WDO flash drive and ran it, and it found nothing either. Thanks for the help.

    Clint
    That's a good sign of course. And you're welcome!

    The more supplemental malware scans you do the more comfortable you can be about the security of your machine (because none of them are 100% effective). Booting and running something like WDO allows scanning without interference from Windows or the malware itself. You can also do free online scans from some of the antimalware vendors like Eset, Kaspersky and others by visiting their websites.
      My Computer


  7. Posts : 97
    Windows 10 Pro 64-bit
    Thread Starter
       #7

    "When you start Autoruns it opens and starts scanning for ~1 minute (as seen in status bar at lower left). Does it complete the scan and show 'Ready' in the status bar or does it stop responding before that point?"

    Yes, It completes the scan and shows Ready. When I select the Boot Execute Tab and try to use the scroll bars is when it stops responding.


    " Can you navigate to the Boot Execute key in Regedit, highlight it and press enter to popup the dialog box for it?"

    There's so much stuff in it, It will take 3 shots.

    Registry section information-autologger1.jpg

    Registry section information-autologger2.jpg

    Registry section information-autologger3.jpg


    "Still wondering about this file. What other files show up in that sub folder structure (within 'No Company Name' and deeper')? Check the created/modified dates/times of the sub folders and the file itself; maybe you'll recall something you did at those times that may help explain their existence."

    There were no other files in that folder or sub folder. My PC was built 02-26-2012. The file in question is 03-07-2012. I did a search by date and looked at all the other files by that date. None looked odd. That was about the time I was having trouble getting a drawing tablet installed. Monoprice sent me some new drivers to install. Never did get it fixed. Just uninstalled it and forgot about it. The language in the Boot Execute Key looks like Chinese. I don't know if it is though. One other thing, When I was having a problem with my card readers about that time, Dell took control of my PC and did something, but they are in India.
      My Computer


  8. Posts : 2,171
    Windows 7 Ultimate x64
       #8

    I would guess that Autoruns stops responding when trying to process the characters in that key when you scroll to it.

    Your screenshots of that regkey shows "everything", but not quite. Notice the scrollbar at the bottom. There's potentially a lot more there. I hate to say just delete the junk in there as I can't see each full line. Can you export the Session Manager key to a file and upload it here so I can look at it?

    I'm not sure about the quoation marks wrapped around the autochk line at the beginning either. If you open an elevated command prompt, type chkdsk /f <enter>, type Y to schedule at reboot, then reboot, does a chkdsk actually occur before Windows loads?
      My Computer


  9. Posts : 97
    Windows 10 Pro 64-bit
    Thread Starter
       #9

    " Can you export the Session Manager key to a file and upload it here so I can look at it?"

    Session Manager.reg

    I got this before I ran Chkdsk. Glad I did.


    "I'm not sure about the quoation marks wrapped around the autochk line at the beginning either. If you open an elevated command prompt, type chkdsk /f <enter>, type Y to schedule at reboot, then reboot, does a chkdsk actually occur before Windows loads?"

    Yes it runs before Windows loads. It must not have found any errors, because I can't find a log anywhere.

    I can't believe that fixed it. I ran autoruns again and all that crap was gone from the Boot Execute tab and it didn't stop responding. I looked in the registry again and all was gone from Boot Execute in all 3 places of Sessions Manger. Thanks F5ing for the suggestion. I've got 2 shots with them clean. I'm not going to mark it solved for a couple of days yet.

    Registry section information-autologger4.jpg

    Registry section information-autologger5.jpg
      My Computer


  10. Posts : 2,171
    Windows 7 Ultimate x64
       #10

    You should be able to find chkdsk results, even when no errors were found, by going into event viewer and searching for wininit and/or chkdsk events. Can you post it here when you find it?
      My Computer


 
Page 1 of 4 123 ... LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 20:51.
Find Us