Re: Animate Windows setting keeps coming back- I want to stop it

From: David Candy (david_at_mvps.org)
Date: 06/29/04 

Date: Tue, 29 Jun 2004 16:59:50 +1000

We can set up an audit of the key and the security log will tell us whom (what exe) is changing it.

Local Security Policy - Local Policy - Security Options
Audit Policy:Audit Access Global System Objects

Local Security Policy - Local Policy - Audit Policy
Audit Object Access (do fail and sucess)

Regedit and set up auditing for the registry key for System and Everyone for Set Value

Then read about it in Event Viewer Security Log. Get something like this which here says mmc queried the value under the key (but your will say set). But regmon is easier.

Event Type: Success Audit
Event Source: Security
Event Category: Object Access
Event ID: 567
Date: 29/06/2004
Time: 4:55:37 PM
User: SERENITY\David Candy
Computer: SERENITY
Description:
Object Access Attempt:
  Object Server: Security
  Handle ID: 424
  Object Type: Key
  Process ID: 1748
  Image File Name: C:\WINDOWS\system32\mmc.exe
  Access Mask: Query key value
   

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Then undo all of the above. 

-- 
----------------------------------------------------------
'Not happy John! Defending our democracy',
http://www.smh.com.au/articles/2004/06/29/1088392635123.html
"Michael Solomon (MS-MVP Windows Shell/User)" <user@#notme.com> wrote in message news:umT4tBZXEHA.796@TK2MSFTNGP10.phx.gbl...
> That's true but running it down unless it is the Dell Media Experience could 
> be quite a process.  My thinking was, whatever it might be, it has likely 
> changed something to cause this and SFC or the Repair ought to be able to 
> resolve it.
> 
> Other than that, he'd have to uninstall things one by one and then test 
> after each one...it could be a lot of work trying to run it down.
> 
> -- 
> Michael Solomon MS-MVP
> Windows Shell/User
> Backup is a PC User's Best Friend
> DTS-L.Org: http://www.dts-l.org/
> 
> "David Candy" <david@mvps.org> wrote in message 
> news:egkDeyYXEHA.1656@TK2MSFTNGP09.phx.gbl...
> It would be a program or driver that is doing it. For instance the opposite 
> problem (it won't stay set) is caused by Dell Media Experience.
> 
> -- 
> ----------------------------------------------------------
> http://www.counterpunch.org/bageant06132004.html
> "Michael Solomon (MS-MVP Windows Shell/User)" <user@#notme.com> wrote in 
> message news:%23r9y8wXXEHA.2408@tk2msftngp13.phx.gbl...
> > You're welcome, Greg, good luck.
> >
> > I'll give it a few days and post back if my system reverts.
> >
> > -- 
> > Michael Solomon MS-MVP
> > Windows Shell/User
> > Backup is a PC User's Best Friend
> > DTS-L.Org: http://www.dts-l.org/
> >
> > "Greg@bite-me-spammers.now" <Greg@bite-me-spammers.com> wrote in message
> > news:n2i1e05qahr4d7h2t9i7m7tsidfn83arol@4ax.com...
> > > On Mon, 28 Jun 2004 18:20:08 -0700, "Michael Solomon \(MS-MVP Windows
> > > Shell/User\)" <user@#notme.com> wrote:
> > >
> > >>LOL, well, Ad Aware and Spybot should take care of any ghosts or 
> > >>gremlins.
> > >>
> > >>When you finish, are you certain to hit the apply button because hitting
> > >>ok
> > >>won't do it?
> > >>
> > >>I use the animated effect so I turned it off when I saw your post in 
> > >>order
> > >>to test to see if perhaps this was a bug but since its been a few hours
> > >>and
> > >>the setting has held, we can rule out bug!:-)
> > >
> > > Don't bet on it. I have also gone a couple of days before it reverts
> > > back.
> > >
> > >>You don't know if this is a recent issue or able to put a time frame on 
> > >>it
> > >>so that pretty much rules out System Restore.
> > >
> > > I can't put a time frame on it.
> > >
> > >>Here are a few other things you can try:
> > >>The following assumes you have an actual XP CD as opposed to a restore 
> > >>CD
> > >>or
> > >>restore partition supplied by your PC manufacturer.
> > >>
> > >>Go to Start, type sfc /scannow in the run box and press enter.  Note,
> > >>there
> > >>is a space between sfc and the forward slash.  You will be asked for 
> > >>your
> > >>XP
> > >>CD.  Be aware, upon inserting the CD the XP setup screen may appear, 
> > >>this
> > >>is
> > >>not a part of sfc /scannow, rather it is being invoked by autorun. 
> > >>Simply
> > >>minimize the screen and allow sfc to continue.
> > >>
> > >>If the above fails to resolve the issue, try a repair install as 
> > >>follows:
> > >>
> > >>Be sure you are well backed up in case there is a problem from which you
> > >>are
> > >>unable to recover.  NOTE, while a repair install should leave your data
> > >>files intact, if something goes wrong during the repair install, you may
> > >>be
> > >>forced to start over and do a clean install of XP.  If you don't have 
> > >>your
> > >>data backed up, you would lose your data should that eventuality occur.
> > >>
> > >>Assuming your system is set to boot from the CD-ROM drive, boot with the
> > >>XP
> > >>CD in the drive.  If it isn't or you are not sure, you need to enter the
> > >>system's BIOS.  When you boot the system, the first screen usually has
> > >>instructions that if you wish to enter setup press a specific key, when
> > >>you
> > >>see that, do so.  Then you will have to navigate to the boot sequence, 
> > >>if
> > >>the CD-ROM drive is not first line, set it first in the boot sequence.
> > >>Save
> > >>your settings and exit with the XP CD in the drive.  The system will
> > >>reboot.
> > >>
> > >>Boot from the CD.  If your system is set to be able to boot from the CD,
> > >>it
> > >>should detect the disk and give a brief message, during the boot up, if
> > >>you
> > >>wish to boot from the CD press any key.
> > >>
> > >>Once you have pressed a key, setup should begin.  You will see a 
> > >>reference
> > >>asking if you need to load special drivers and another notice that if 
> > >>you
> > >>wish to begin the ASR (Automatic Recovery Console) depress F2.  Just let
> > >>setup run past all of that.  It will continue to load files and drivers.
> > >>
> > >>Then it will bring you to a screen.  Eventually, you will come to a 
> > >>screen
> > >>with the option to (1) setup Windows or (2) Repair Windows Installation
> > >>using the Recovery console.
> > >>
> > >>The first option, to setup Windows is the one you want and requires you 
> > >>to
> > >>press enter.  When asked, press F8 to accept the end user agreement.
> > >>Setup
> > >>will then search for previous versions of Windows.  Upon finding your
> > >>version, it will ask if you wish to Repair your current installation or
> > >>install fresh.  Press R, that will run a repair installation.  From 
> > >>there
> > >>on, follow the screens.
> > >
> > >
> > > Geez. Hmmm, that sounds a little more involved than I care to get,
> > > unless I have some other things that go funky too.
> > >
> > > Hit the "apply" button? Sounds like a goofy question, but I know why you
> > > had to ask it  :)  yes I did
> > >
> > > Yes, I have the XP cd. I built the system and bought XP (horrors, I had
> > > to pay money for it, a novel experience...just kidding).
> > >
> > > I am going to save your post, but not do the above for the time being.
> > > I'm a little burned out restoring stuff. Had to completely redo my other
> > > 98 machine to get rid of a problem. Not in the mood to do that again for
> > > a while.
> > >
> > > Thanks, Greg
> > > If you can remember the 60's....you weren't really there
> >
> > 
> 
>