Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Registry section information


06 Jul 2012   #1

Windows 8.1.1 Pro 64-bit
 
 
Registry section information

I hope this is the right place for this question. The last couple of times that I have run Sysinternals Autoruns, when it got to HKLM\System\Current Control Set\Control\Sessions Manger\Boot Execute, the program stopped responding. I thought there was a problem with the program, so I uninstalled it and got the latest version 11.32 and installed that. It does the same thing. There are some strange characters in that section. I don't have a clue what they are. I have included a screen shot of that section. The computer is working fine. I have Windows 7 Home Premium 64-bit. Does this look like a problem? Thanks for any help.



Attached Thumbnails
Registry section information-image3.jpg  
My System SpecsSystem Spec
.

22 Jul 2012   #2

Windows 7 Ultimate x64
 
 

Don't know if it's a problem, but it's definitely not clean. Some of those entries look to me as though they can be deleted (deselected) as they indicate 'file not found' anyway.

I'd also check for the existence of malware. You've got some very odd keys there!
My System SpecsSystem Spec
24 Jul 2012   #3

Windows 8.1.1 Pro 64-bit
 
 

I have run Malwarebytes, AVG and Spybot Search and Destroy. Neither found anything. In Regedit I searched for autologger. It found it in 3 locations.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\BootExecute
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\BootExecute HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Session Manager\BootExecute.


I found this at the Autoruns site.

About regkeys named AutorunsDisabled

If you untick any entry inside Autoruns, then autoruns will create a new regkey named AutorunsDisabled and move the unticked entry there.
If you tick such an item again, Autoruns will move the entry back from the AutorunsDisabled regkey one level up to the original location.


Is This a legitimate file?
C:\Users\Clint\AppData\Roaming\No Company Name \No Client Name\No Client Internal Version\Trace Database.txt? The file is 1KB. It says (Master 1 0)

[ATTACH][ATTACH]Registry section information-image2.jpg

Registry section information-reg1.jpg

Registry section information-reg2.jpg[/ATTACH][/ATTACH]


My System SpecsSystem Spec
.


25 Jul 2012   #4

Windows 7 Ultimate x64
 
 

Quote   Quote: Originally Posted by 5Clint7 View Post
I have run Malwarebytes, AVG and Spybot Search and Destroy. Neither found anything. In Regedit I searched for autologger. It found it in 3 locations.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\BootExecute
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\BootExecute HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Session Manager\BootExecute.
Just curious, what prompted you to search the registry for 'autologger'?

BTW, I'm guessing that as you're messing in the registry you're comfortable in doing so, right? Watching yourself while you're in it, having it backed up and can restore it if necessary?

Quote   Quote: Originally Posted by 5Clint7 View Post
I found this at the Autoruns site.
Quote   Quote: Originally Posted by 5Clint7 View Post

About regkeys named AutorunsDisabled

If you untick any entry inside Autoruns, then autoruns will create a new regkey named AutorunsDisabled and move the unticked entry there.
If you tick such an item again, Autoruns will move the entry back from the AutorunsDisabled regkey one level up to the original location.
Normal and expected.

Quote   Quote: Originally Posted by 5Clint7 View Post
Is This a legitimate file?
C:\Users\Clint\AppData\Roaming\No Company Name \No Client Name\No Client Internal Version\Trace Database.txt? The file is 1KB. It says (Master 1 0)
Odd pathname. When you say "It says (Master 1 0)" do you mean you opened the file and found that's all it contained?

In order to help ensure your machine is clean try this:

http://www.sevenforums.com/tutorials/166445-windows-defender-offline.html
My System SpecsSystem Spec
25 Jul 2012   #5

Windows 8.1.1 Pro 64-bit
 
 

"Just curious, what prompted you to search the registry for 'autologger'?"

When I saw "autologger" I thought it was a key logger.

I have backed up my registry.

"Odd pathname. When you say "It says (Master 1 0)" do you mean you opened the file and found that's all it contained?"

Boy I'll say. That was one thing that scared me. Yes I did open the file and that's all that was there. Master 1 0.


"In order to help ensure your machine is clean try this:"
http://www.sevenforums.com/tutorials/166445-windows-defender-offline.html

I did make the WDO flash drive and ran it, and it found nothing either. Thanks for the help.

Clint
My System SpecsSystem Spec
25 Jul 2012   #6

Windows 7 Ultimate x64
 
 

Quote   Quote: Originally Posted by 5Clint7 View Post
The last couple of times that I have run Sysinternals Autoruns, when it got to HKLM\System\Current Control Set\Control\Sessions Manger\Boot Execute, the program stopped responding.

There are some strange characters in that section. I don't have a clue what they are. I have included a screen shot of that section. The computer is working fine. I have Windows 7 Home Premium 64-bit. Does this look like a problem? Thanks for any help.
When you start Autoruns it opens and starts scanning for ~1 minute (as seen in status bar at lower left). Does it complete the scan and show 'Ready' in the status bar or does it stop responding before that point?

I think the 'autochk' entry in the BootExecute key is supposed to be there. I think it's there to allow automatic runs of 'chkdsk' if they were scheduled to run after a reboot (before Windows completely loads). Can you navigate to the BootExecute key in Regedit, highlite it and press enter to popup the dialog box for it? You should get something like this:

Name:  Capture5.PNG
Views: 19
Size:  18.9 KB

Quote   Quote: Originally Posted by 5Clint7 View Post
"Just curious, what prompted you to search the registry for 'autologger'?"

When I saw "autologger" I thought it was a key logger.
Sorry, I had missed 'autologger' in your screenshots yesterday. I'm not sure if you should have that in the key. I just looked at 3 different Windows 7 machines and none of them have anything similar.

Quote   Quote: Originally Posted by 5Clint7 View Post

"Odd pathname. When you say "It says (Master 1 0)" do you mean you opened the file and found that's all it contained?"

Boy I'll say. That was one thing that scared me. Yes I did open the file and that's all that was there. Master 1 0.
Still wondering about this file. What other files show up in that subfolder structure (within 'No Company Name' and deeper')? Check the created/modified dates/times of the subfolders and the file itself; maybe you'll recall something you did at those times that may help explain their existence.

Quote   Quote: Originally Posted by 5Clint7 View Post
I did make the WDO flash drive and ran it, and it found nothing either. Thanks for the help.

Clint
That's a good sign of course. And you're welcome!

The more supplemental malware scans you do the more comfortable you can be about the security of your machine (because none of them are 100% effective). Booting and running something like WDO allows scanning without interference from Windows or the malware itself. You can also do free online scans from some of the antimalware vendors like Eset, Kaspersky and others by visiting their websites.


My System SpecsSystem Spec
26 Jul 2012   #7

Windows 8.1.1 Pro 64-bit
 
 

"When you start Autoruns it opens and starts scanning for ~1 minute (as seen in status bar at lower left). Does it complete the scan and show 'Ready' in the status bar or does it stop responding before that point?"

Yes, It completes the scan and shows Ready. When I select the Boot Execute Tab and try to use the scroll bars is when it stops responding.


" Can you navigate to the Boot Execute key in Regedit, highlight it and press enter to popup the dialog box for it?"

There's so much stuff in it, It will take 3 shots.

Name:  autologger1.jpg
Views: 22
Size:  51.6 KB

Name:  autologger2.jpg
Views: 22
Size:  33.3 KB

Name:  autologger3.jpg
Views: 22
Size:  38.5 KB


"Still wondering about this file. What other files show up in that sub folder structure (within 'No Company Name' and deeper')? Check the created/modified dates/times of the sub folders and the file itself; maybe you'll recall something you did at those times that may help explain their existence."

There were no other files in that folder or sub folder. My PC was built 02-26-2012. The file in question is 03-07-2012. I did a search by date and looked at all the other files by that date. None looked odd. That was about the time I was having trouble getting a drawing tablet installed. Monoprice sent me some new drivers to install. Never did get it fixed. Just uninstalled it and forgot about it. The language in the Boot Execute Key looks like Chinese. I don't know if it is though. One other thing, When I was having a problem with my card readers about that time, Dell took control of my PC and did something, but they are in India.


My System SpecsSystem Spec
27 Jul 2012   #8

Windows 7 Ultimate x64
 
 

I would guess that Autoruns stops responding when trying to process the characters in that key when you scroll to it.

Your screenshots of that regkey shows "everything", but not quite. Notice the scrollbar at the bottom. There's potentially a lot more there. I hate to say just delete the junk in there as I can't see each full line. Can you export the Session Manager key to a file and upload it here so I can look at it?

I'm not sure about the quoation marks wrapped around the autochk line at the beginning either. If you open an elevated command prompt, type chkdsk /f <enter>, type Y to schedule at reboot, then reboot, does a chkdsk actually occur before Windows loads?
My System SpecsSystem Spec
27 Jul 2012   #9

Windows 8.1.1 Pro 64-bit
 
 

" Can you export the Session Manager key to a file and upload it here so I can look at it?"

Session Manager.reg

I got this before I ran Chkdsk. Glad I did.


"I'm not sure about the quoation marks wrapped around the autochk line at the beginning either. If you open an elevated command prompt, type chkdsk /f <enter>, type Y to schedule at reboot, then reboot, does a chkdsk actually occur before Windows loads?"

Yes it runs before Windows loads. It must not have found any errors, because I can't find a log anywhere.

I can't believe that fixed it. I ran autoruns again and all that crap was gone from the Boot Execute tab and it didn't stop responding. I looked in the registry again and all was gone from Boot Execute in all 3 places of Sessions Manger. Thanks F5ing for the suggestion. I've got 2 shots with them clean. I'm not going to mark it solved for a couple of days yet.

Name:  autologger4.jpg
Views: 20
Size:  19.8 KB

Registry section information-autologger5.jpg


My System SpecsSystem Spec
27 Jul 2012   #10

Windows 7 Ultimate x64
 
 

You should be able to find chkdsk results, even when no errors were found, by going into event viewer and searching for wininit and/or chkdsk events. Can you post it here when you find it?
My System SpecsSystem Spec
Reply

 Registry section information




Thread Tools




Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 02:35 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33