Registry section information

Page 2 of 4 FirstFirst 1234 LastLast

  1. Posts : 97
    Windows 10 Pro 64-bit
    Thread Starter
       #11

    F5ing said:
    You should be able to find chkdsk results, even when no errors were found, by going into event viewer and searching for wininit and/or chkdsk events. Can you post it here when you find it?
    I found the wininit file.

    wininit.txt

    I still have the No Company Name Folder thing.

    I don't now have The autocheck and AVG line in the Boot Execute key like yours. Is that a problem?

    Thanks again F5ing

    Clint
      My Computer


  2. Posts : 25,847
    Windows 10 Pro. 64/ version 1709 Windows 7 Pro/64
       #12

    The bad news. AVG causes all kinds of problems with Windows 7.
    The good news. Microsoft Security Essentials.
    Microsoft Security Essentials - Free Antivirus for Windows
      My Computer


  3. Posts : 2,171
    Windows 7 Ultimate x64
       #13

    5Clint7 said:
    I found the wininit file.
    So it looks like chkdsk found and cleaned some leftover crud.

    5Clint7 said:
    I still have the No Company Name Folder thing.
    If you're sure no other files exist in that folder structure (make sure Explorer is set to 'show hidden' and' don't hide system files' to be sure) I would rename 'No Company Name' by adding another character to the end (maybe 'No Company Name1'). Go through some runtime and reboots. If any issues pop up you can always remove the extra character. If no issues arise delete the txt file and the rest of the folder structure ('No Company Name' and deeper).

    I seriously doubt you'll encounter issues if they only contain that one txt file.

    5Clint7 said:
    I don't now have The autocheck and AVG line in the Boot Execute key like yours. Is that a problem?
    I think both of those entries are required. Does AVG appear to be running? Correctly and with all features available?

    Try this again: open an elevated command prompt, type chkdsk /f <enter>, type Y to schedule at reboot, but before rebooting check to see what appears in the Session Manager regkey. Is the autochk entry there?

    Then reboot and make sure it does another chkdsk. As the last chkdsk reported problems it's best to run it again anyway to ensure repairs were properly completed.

    5Clint7 said:
    Thanks again F5ing

    Clint
    Quite welcome of course!
      My Computer


  4. Posts : 97
    Windows 10 Pro 64-bit
    Thread Starter
       #14

    5Clint7 said:
    I don't now have The autocheck and AVG line in the Boot Execute key like yours. Is that a problem?
    "I think both of those entries are required. Does AVG appear to be running? Correctly and with all features available?"

    All of AVG is working. Looking in Task Manager it is there.

    "Try this again: open an elevated command prompt, type chkdsk /f <enter>, type Y to schedule at reboot, but before rebooting check to see what appears in the Session Manager regkey. Is the autochk entry there?"

    No the autochk is not there and it's not there after reboot.

    "Then reboot and make sure it does another chkdsk. As the last chkdsk reported problems it's best to run it again anyway to ensure repairs were properly completed."

    I found this about "autochk". From what I read, It's not there unless you don't shut down correctly. I have not added it yet.


    The BootExecute subkey is located in the HKEY_LOCAL_MACHINE hive under the SYSTEM, CurrentControlSet, Control and Session Manager keys and subkeys. It contains a default REG_MULTI_SZ value of Autocheck Autochk *. The benefit of BootExcecute is that it allows you to remove certain applications, services and commands from startup, which in turn can greatly enhance your computer's boot speed.

    The Autocheck Autochk * value in the BootExecute subkey tells the operating system to run Autochk* every time the system launches. This tool verifies the logical integrity of the filesystem. It cannot be accessed directly in any other way, though you can indirectly access it through the Chkdsk tool. The benefit of allowing it to run automatically is that it is able to lock the entire disk volume and thus function more effectively.

    Autochk bootup routine and the "dirty bit" (also called the "chkdsk flag")
    When the system is shut down improperly or stops responding, Autochk runs against any volumes that are marked as being "dirty". At least, I know this is done with NTFS, and I think it is also done with FAT32. Autochk will not initiate a check of any partitions if none of them are flagged !! Autochk is set to run during bootup because of the registry entry:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager . . . BootExecute
    The BootExecute entry tells Windows what to run upon bootup. By default, its value is "autocheck autochk *" - this tells Windows to run Autochk on any drive whose dirty bit is set

    You can cancel Autochk within the first few seconds by hitting an key. However, each time you stop chkdsk, the system "remembers" that it still needs to run Autochk due to the flagged partition and will try to run it the next time you reboot. This continues forever, each time you reboot, until you allow Autochk to run and to complete.
      My Computer


  5. Posts : 25,847
    Windows 10 Pro. 64/ version 1709 Windows 7 Pro/64
       #15

    Windows has a autologger on my two computers. Just trying to help.

    Registry section information-capture.png

    amd64_microsoft-windows-setup-autologger_31bf3856ad364e35_6.1.7600.16385_none_215a93120028ac5a.manifest
      My Computer


  6. Posts : 2,171
    Windows 7 Ultimate x64
       #16

    So after rebooting did a chkdsk actually occur?

    When you select 'yes' to do the chkdsk after the restart I think all it may be doing is setting that volume's dirty bit to on (so that a run of autochk can see it and run the chkdsk before Windows completes loading).

    Description of the autochk command from the Microsoft help file:

    Applies To: Windows XP,Windows Server 2008 R2,Windows Server 2008,Windows Vista,Windows Server 2003,Windows Server 2000,Windows Server 2003 R2,Windows 7,Windows Server 2008 R2 with SP1

    Runs when the computer is started and prior to Windows Server® 2008 R2 starting to verify the logical integrity of a file system.


    Autochk.exe is a version of Chkdsk that runs only on NTFS disks and only before Windows Server 2008 R2 starts. Autochk cannot be run directly from the command-line. Instead, Autochk runs in the following situations:
    • If you try to run Chkdsk on the boot volume
    • If Chkdsk cannot gain exclusive use of the volume
    • If the volume is flagged as dirty
    Remarks

    • Warning: The Autochk command-line tool cannot be directly run from the command-line. Instead, use the Chkntfs command-line tool to configure the way you want Autochk to run at startup.

    • You can use Chkntfs with the /x parameter to prevent Autochk from running on a specific volume or multiple volumes.

    • Use the Chkntfs.exe command-line tool with the /t parameter to change the Autochk delay from 0 seconds to up to 3 days (259,200 seconds). However, a long delay means that the computer does not start until the time elapses or until you press a key to cancel Autochk.
      My Computer


  7. Posts : 97
    Windows 10 Pro 64-bit
    Thread Starter
       #17

    "So after rebooting did a chkdsk actually occur?"

    Yes chkdsk did occur.

    I put the "autocheck autochk*" back in the CurentControlSet, 001 and 002 Boot Execute key with the quotation marks and * . When I looked at autoruns it said "file not found". The autochk.exe file is in the System32 folder. Do I need to add the path? I noticed that yours don't have the quotations marks. Is mine wrong?

    I ran the Chkntfs. It said both my internal Hard drives are not dirty.

    Clint
      My Computer


  8. Posts : 2,171
    Windows 7 Ultimate x64
       #18

    5Clint7 said:
    "So after rebooting did a chkdsk actually occur?"

    Yes chkdsk did occur.

    I put the "autocheck autochk*" back in the CurentControlSet, 001 and 002 Boot Execute key with the quotation marks and * . When I looked at autoruns it said "file not found". The autochk.exe file is in the System32 folder. Do I need to add the path? I noticed that yours don't have the quotations marks. Is mine wrong?

    I ran the Chkntfs. It said both my internal Hard drives are not dirty.

    Clint
    CurentControlSet is the only one that matters. The OS will propogate the data to 001 and 002 and any others as appropriate.

    Post another screenshot of autoruns so I can see that "file not found". You should not need the path as the path is already known by the environment variables that are already set (autochk, chkntfs and chkdsk should all reside in the System32 folder). You also might try removing the quotes from the entry and make sure there is a space between 'autochk' and the '*'.

    Open Task Manager, click on Processes, and make sure avgrsa.exe is running. The last few machines I've worked on that had AVG installed (that I had while working with your thread) all had that extra line in the Boot Execute key.
      My Computer


  9. Posts : 97
    Windows 10 Pro 64-bit
    Thread Starter
       #19

    "Post another screenshot of autoruns so I can see that "file not found". You should not need the path as the path is already known by the environment variables that are already set (autochk, chkntfs and chkdsk should all reside in the System32 folder). You also might try removing the quotes from the entry and make sure there is a space between 'autochk' and the '*'.

    Open Task Manager, click on Processes, and make sure avgrsa.exe is running. The last few machines I've worked on that had AVG installed (that I had while working with your thread) all had that extra line in the Boot Execute key. "

    This Is autoruns with "file not found" before I removed the space and quotation marks.

    Registry section information-autochk.jpg

    This is autoruns after removing space and quotation marks from autochk. It puts the path in automaticaly. I Also added the AVG line with no quotation marks.


    Registry section information-autochk4.jpg


    This is reg. after adding autochk and AVG. It put autochk in Session Manger (Default) key also. Is this OK?

    Registry section information-autochk6.jpg


    This is TaskManger before I added the line to Boot Execute. The avgrsa.exe was loaded then. It must have loaded after windows started this way. I think now it loads at boot before Windows starts, because it takes longer for Windows to start.

    Registry section information-avg.jpg

    I have rebooted several times now and everything seems to be working OK. I will still wait a few days before I mark it solved.

    Thanks again
    Clint
      My Computer


  10. Posts : 2,171
    Windows 7 Ultimate x64
       #20

    5Clint7 said:
    This is autoruns after removing space and quotation marks from autochk. It puts the path in automaticaly. I Also added the AVG line with no quotation marks.
    Autoruns is likely just using the "path" environment variable in order to find the exact file location. Even if you have two versions of autochk on your disk (not likely) it's letting you know that this is the one that'll run when the key gets processed.

    5Clint7 said:
    This is reg. after adding autochk and AVG. It put autochk in Session Manger (Default) key also. Is this OK?
    I'm not sure if it'll harm anything, but it's not needed. See if you can modify the (Default) key by deleting its contents so that it end up with the value of '(value not set)'. Reboot and recheck it to see that it stays that way and that the BootExecute entry remains as is (because it now looks good).

    5Clint7 said:
    This is TaskManger before I added the line to Boot Execute. The avgrsa.exe was loaded then. It must have loaded after windows started this way. I think now it loads at boot before Windows starts, because it takes longer for Windows to start.
    I think you're right. Starting it this way helps to ensure it gets up and running before any malware can start and possibly interfere. That '/restart' switch may also be there to make it 'persistent' (if malware succeeds in shutting it down it'll attempt to restart itself).

    When you started this thread one of your concerns was finding a reference to an autologger. Perfectly natural to jump to the conclusion that it may be malware. But remember that Windows and some legitimate third party software is autologging data all the time (even when Windows is seemingly idle you can see it doing stuff).

    That autologger reference you had found in the registry appears to be legitimate but in the wrong location. You might find the correct location to be at HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Autologger. You had stated early in the thread that you had searched the registry for 'autologger' and only found it in the three BootExecute keys. Were you searching with 'keys', 'values' and 'data' all selected?

    I wonder how your BootExecute key got so discombobulated to begin with.
      My Computer


 
Page 2 of 4 FirstFirst 1234 LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 13:17.
Find Us