Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Mysterious RunOnce Startup Registries

04 Nov 2014   #1
Sunrise12

Win 7 64
 
 
Mysterious RunOnce Startup Registries

Something strange thing happened to my computer today, and I am hoping for feedback from techies here.

WinPatrol alerted me of new RunOnce Startup items and then my computer froze. I was offline when this happened and do not use that computer to go online for surfing or anything.

I was able to get back into my computer but unable to delete the "hidden" registry files that were still appearing in WinPatrol.

I tried to log in as the admin -- still offline -- and the screen was frozen and black; no luck.

But I was able to log in with another account and discovered that the mysterious registries were gone. When I logged in again under my usual account, WinPatrol even alerted me that they were gone.

My security programs did not find anything suspicious. Everything appears to be fine.

I found the following snippet on patchmanagement.org that matched my situation:

The RunOnce registry key is getting populated with the following content on some computers:

MSPCLOCK=rundll32.exe streamci,StreamingDeviceSetup {97ebaacc-95bd-11d0-a3ea-00a0c9223196},{53172480-4791-11D0-A5D6-28DB04C10000},{53172480-4791-11D0-A5D6-28DB04C10000}
MSPQM=rundll32.exe streamci,StreamingDeviceSetup {DDF4358E-BB2C-11D0-A42F-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196}
MSKSSRV=rundll32.exe streamci,StreamingDeviceSetup {96E080C7-143C-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196}
MSTEE.CxTransform=rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},C:\Windows\inf\ksfilter.inf,MSTEE.Interface.Install
MSTEE.Splitter=rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},C:\Windows\inf\ksfilter.inf,MSTEE.Interface.Install
WDM_DRMKAUD=rundll32.exe streamci,StreamingDeviceSetup {EEC12DB6-AD9C-4168-8658-B03DAEF417FE},{ABD61E00-9350-47e2-A632-4438B90C6641},{FFBB6E3F-CCFE-4D84-90D9-421418B03A8E},C:\Windows\inf\WDMAUDIO.inf,WDM_DRMKAUD.Interface.Install


My System SpecsSystem Spec
.
04 Nov 2014   #2
maxie

windows 7 home 64bit
 
 

My System SpecsSystem Spec
04 Nov 2014   #3
Sunrise12

Win 7 64
 
 

Okay, thanks. But why would all of that suddenly populate like that and crash my computer?

When it happened, I was testing a basic web page locally in Firefox while offline but that should not have caused any issues. Perhaps something in Firefox triggered the problem.

The closest thing that I found on Google was here but (that does not really clarify it for me):

http://permalink.gmane.org/gmane.com...managment/2659

I do not use Gmane, which I guess is a program or OS, unless I am missing something and it is a kernel or something that is used in Windows 7.

Should I move on and hope it never happens again or get other software to evaluate whether something bad happened?
My System SpecsSystem Spec
.

04 Nov 2014   #4
maxie

windows 7 home 64bit
 
 

Do you use any other Security Software ? ....
My System SpecsSystem Spec
06 Nov 2014   #5
Sunrise12

Win 7 64
 
 

I am trying not to panic and assume it was some kind of malware (that was not picked up my antivirus software).

I found an article that makes me feel a little about it on a forum at thewindowsclub.com that claimed it is related to a MS security patch from October 2008. It described the exact same issue that I ran into with the WinPatrol alerts.

Not sure why it suddenly was triggered again in November 2014.
My System SpecsSystem Spec
06 Nov 2014   #6
maxie

windows 7 home 64bit
 
 

See if Malwarebytes finds any thing ... There is not much Information about the issue on the Web ... There is a couple of Members here that use WinPatrol do not think they have has any issues though ..
My System SpecsSystem Spec
06 Nov 2014   #7
Sunrise12

Win 7 64
 
 

I used to use Malwarebytes and have an old version of it and should update it and use it again. That is a good suggestion and would not hurt.

I did not like how I have to give Malwarebytes permission to run with my Admin account every time I want to use it. The other programs never ask me to do that. (Other than that, I liked it.)
My System SpecsSystem Spec
06 Nov 2014   #8
maxie

windows 7 home 64bit
 
 

Yes i have that issue also ... Have not had any Problems with the new Version of Malwarebytes either ...
My System SpecsSystem Spec
06 Nov 2014   #9
Layback Bear

Windows 7 Pro. 64/SP-1
 
 

Some times this helps.

Right tick on program.
Select Properties/Advanced and you will see a box for Run as Administrator.
Some time when you install a program it will give a option for all users.
My System SpecsSystem Spec
06 Nov 2014   #10
Tookeri

Windows 7 Pro 32
 
 

I don't remember but maybe it's different with the old Malwarebytes version, and the free new version, but I never get UAC prompts with the latest premium version. mbam.exe starts automatically at startup with Integrity = High, and not Medium like most other programs.
My System SpecsSystem Spec
Reply

 Mysterious RunOnce Startup Registries




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Dynamic to Basic Disk Conversion to do recovery (have bad registries)
Hay there, I use HP Probook 4530s with Windows 7 64-bit Home Premium x86. I installed the HP Protect Tools, but it made my registry bad and I am unable to delete them. As a result my laptop is slow now and takes a lot of time on Welcome screen when powered on. So, I needed to do recovery...
General Discussion
Tools to reset local policies registries to default in windows7
Hello everyone Is there any Third party tool to reset local policies, services, registries, windows update service to default in Windows 7.Earlier for windows xp i used to subinacl it was great tool from Microsoft but its not supported in windows 7.
General Discussion
Software registries messed up
Hello! I'm experiencing the following problem with my current operational system. I have a 32GB SSD where I installed only my System. Then I moved my Users and Program data folders using Audit to my 750GB HDD. Everything worked perfect until just recently the automatic update messed up something...
Software
Avast removing All exe's, runonce trojon
Hey guys, My avast keps flagging most of my programs as trojons under the runonce process. Have to disable avast to work anything. Tried updating and reinstalling, avast boot scan flags all executables. Problem started from a cracked game exe from my external harddrive. I installed the game...
System Security
Fresh OS install on SSD, how to get registries from HDD?
Hi, I did a fresh OS install on my SSD. When I re-install or move programs from my HDD, the settings are "new". So I assume the settings are left behind on the HDD. Is there a way to transfer them? If so how? I need all the settings from all programs.
Hardware & Devices
Mysterious File execution attempt on startup.
Not sure if this is the result of an attempted virus attack or ? A few days ago I began getting this open file attempt during a system start up. Other then an irritant, it doesn't seem be posing a problem. Running scans on my system doesn't find anything overly interesting but I'd like to...
Performance & Maintenance


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 00:20.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App