Re: Registry changes and Re-appearing programs in system start up
- From: G-Zard <GZard@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Sat, 25 Aug 2007 03:58:36 -0700
Yes, let's make sure we're on the same page so we can get to the bottom of
this. I will paste the three items you requested:
1. from SysInfo I see the following. This is an exact copy and paste of
the information shown in the shell:
All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
BLOG rundll32 c:\progra~1\thinkpad\utilit~1\batlogex.dll,startbattlog All
Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
DLA c:\windows\system32\dla\dlactrlw.exe All
Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
DS Clock "c:\program files\ds clock\dsclock.exe" LENOVO-A3ECC532\GZard
HKU\S-1-5-21-3942663255-3160304959-3873833068-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Digital Line Detect c:\progra~1\digita~1\dlg.exe All Users Common Startup
IBM Warranty Notification "c:\program files\ibm\acp\erts0749\erts0749.exe
/nointro" All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
JeticoPFStartup "c:\program files\jetico\jetico personal
firewall\fwsrv.exe" All
Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
LPManager c:\progra~1\thinkv~2\prdctr\lpmgr.exe All
Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Logitech Utility logi_mwx.exe All
Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
PSQLLauncher "c:\program files\thinkvantage fingerprint
software\launcher.exe" /startup All
Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
PWRMGRTR rundll32
c:\progra~1\thinkpad\utilit~1\pwrmgrtr.dll,pwrmgrbkgndmonitor All
Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Skype "c:\program files\skype\phone\skype.exe" /nosplash
/minimized LENOVO-A3ECC532\Gunnard
Johnston HKU\S-1-5-21-3942663255-3160304959-3873833068-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SynTPEnh c:\program files\synaptics\syntp\syntpenh.exe All
Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SynTPLpr c:\program files\synaptics\syntp\syntplpr.exe All
Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
TPHOTKEY c:\progra~1\lenovo\pkgmgr\hotkey\tphkmgr.exe All
Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
TVT Scheduler Proxy c:\program files\common
files\lenovo\scheduler\scheduler_proxy.exe All
Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
TpShocks tpshocks.exe All
Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ctfmon.exe c:\windows\system32\ctfmon.exe NT
AUTHORITY\SYSTEM HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ctfmon.exe c:\windows\system32\ctfmon.exe LENOVO-A3ECC532\Gunnard
Johnston HKU\S-1-5-21-3942663255-3160304959-3873833068-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ctfmon.exe c:\windows\system32\ctfmon.exe .DEFAULT HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
desktop desktop.ini All Users Common Startup
nod32kui "c:\program files\eset\nod32kui.exe" /waitservice All
Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
This is not very pretty -- it doesn't paste the way it looks in the MSInfo
shell -- but the one key point is that at the very beginning of my MSInfo
view you can see there are empty fields under the "Program" and "Command"
columns. All of my other entries in this Run Key have references to things
like "Skype", "desktop", and "BLOG" in those columns; only this first entry
in the key is totally empty in those two columns. In fact, after this first
entry (first line) of the key, everything else looks perfectly normal.
2. This is an exact copy/paste of the key, using Regedit:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"TpShocks"="TpShocks.exe"
"TPHOTKEY"="C:\\PROGRA~1\\Lenovo\\PkgMgr\\HOTKEY\\TPHKMGR.exe"
"DLA"="C:\\WINDOWS\\System32\\DLA\\DLACTRLW.EXE"
"nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"
"BLOG"="rundll32 C:\\PROGRA~1\\ThinkPad\\UTILIT~1\\BatLogEx.DLL,StartBattLog"
"PWRMGRTR"="rundll32
C:\\PROGRA~1\\ThinkPad\\UTILIT~1\\PWRMGRTR.DLL,PwrMgrBkGndMonitor"
"JeticoPFStartup"="\"C:\\Program Files\\Jetico\\Jetico Personal
Firewall\\fwsrv.exe\""
@=""
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"LPManager"="C:\\PROGRA~1\\THINKV~2\\PrdCtr\\LPMGR.exe"
"PSQLLauncher"="\"C:\\Program Files\\ThinkVantage Fingerprint
Software\\launcher.exe\" /startup"
"Logitech Utility"="Logi_MwX.Exe"
"TVT Scheduler Proxy"="C:\\Program Files\\Common
Files\\Lenovo\\Scheduler\\scheduler_proxy.exe"
"IBM Warranty Notification"="\"C:\\Program
Files\\IBM\\acp\\ERTS0749\\ERTS0749.exe /nointro\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
@=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
@=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
@=""
3. Finally, the contents of my START->ALL PROGRAMS->STARTUP folder is only
one application: my Drive Letter Access (DLA) program. That's it. [It
may be of interest to know that this Startup folder was always completely
empty until recently. Not sure when this reference to DLA first appeared, or
why it suddenly appeared. I don't know why it now suddenly has appeared in
the Startup folder; nor do I know why it is the *only* item in my startup
folder. Could *this be the culprit??? I mean the adding of this entry in
my startup folder? No, that doesn't sound right... ]
GZard
//
"Gary S. Terhune" wrote:
You don't want to modify the binary data of a string value. Just modify the.
string. The proper data for the (Default) entry is "value not set", binary
data 0000. Sorry I didn't catch that earlier. When I try to modify the
original (default) binary data, I can't. I also can't delete it entirely. I
can only modify the string. When I do that, the binary data is changed and I
can then delete it, but it is immediately replaced with a new (default)
(value not set).
But the Default value shouldn't show up in MSCONFIG. If I understand you
correctly, that isn't the problem, anyway. You have phantom/duplicate
entries in MSCONFIG, and yes, I wouldn't put it past some "registry
optimizer/booster/cleaner to do something really strange like that.
..
Remember that the same entry can't appear in the same Key (Run key, in this
case). There can be no true duplicates, something must be different about
them, either in the name, the data or the location.
When you talk of the Startup folder, you don't mean the one in
Start>Programs, do you? You mean the Startup tab of MSCONFIG? Have you
uninstalled all that crap you say you used?
No, unless there's a nasty in your system, an analysis of your HJT logs
won't help. Then again, there might just be a nasty there, or whatever the
Registry cleaner crap you installed is doing might get spotted there. So go
ahead. NOTE!!! DO NOT try to analyze the HJT log yourself. Lots of what HJT
logs is SUPPOSED to be there. ONLY, ONLY post the log to an appropriate
forum (not here!) and let them tell you what to do. Otherwise, get ready for
reinstall.
Hope that helps you figure things out. If you want, go to System Information
(MSINFO32), Software Environment, Startup, press Ctrl-A to select all,
Ctrl-C to copy it, then paste it into a reply here (Ctrl-V). Then, Export
the Run key to a REG file, open that to Edit, and copy/paste that into the
message also. Maybe I can see what's going on, or at least be sure we're
talking about the same thing. Also, list the items in Start>Programs>Startup
folder.
--
Gary S. Terhune
MS-MVP Shell/User
www.grystmill.com
"G-Zard" <GZard@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:78F603C7-55D9-42F5-8C28-1F8CACFFF8EA@xxxxxxxxxxxxxxxx
OK, my terminology may be off -- sorry if it is. When using regedit I can
see the "Run" folder, then the cointents of the folder, starting with the
first entry "(Default)".
That "(Default)" entry ("key"?) has nothing entered on the regedit
browser;
the "REG_SZ" is blank, as I believe you are mentioning. It is only when
I
right-click on the "Default" entry that I get a choice to modify the entry
contents, modify the binary data (which is as I last mentioned: 0000 00
00
.. ); a third option is to delete the key
entirely.
I've tried changing the binary data from the above to simply " 0000 ", but
that just makes the entry re-appear but with the same reference to another
"Run" program, chosen either at random or another reason. Instead of the
startup in MSConfig saying that the entry has no reference to any
prog/app,
the entry will show reference to one other startup app, but with nothing
in
the "startup" or "command" columns, only a reference to the registry
location
in the "Location" column.
//
- Follow-Ups:
- Re: Registry changes and Re-appearing programs in system start up
- From: Gary S. Terhune
- Re: Registry changes and Re-appearing programs in system start up
- References:
- Re: Registry changes and Re-appearing programs in system start up
- From: Gary S. Terhune
- Re: Registry changes and Re-appearing programs in system start up
- From: Gary S. Terhune
- Re: Registry changes and Re-appearing programs in system start up
- From: G-Zard
- Re: Registry changes and Re-appearing programs in system start up
- From: Gary S. Terhune
- Re: Registry changes and Re-appearing programs in system start up
- From: G-Zard
- Re: Registry changes and Re-appearing programs in system start up
- From: Gary S. Terhune
- Re: Registry changes and Re-appearing programs in system start up
- Prev by Date: Re: Removing empty folder from Control Panel
- Next by Date: Re: XP CD/DVD Auto Play
- Previous by thread: Re: Registry changes and Re-appearing programs in system start up
- Next by thread: Re: Registry changes and Re-appearing programs in system start up
- Index(es):
Relevant Pages
|
|
