1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Resolved Not able to start any program at start even when fixing the registry

Discussion in 'Windows XP' started by maternag, 2011/09/01.

Page 2 of 2
  1. 2011/09/09
    TonyT

    TonyT SuperGeek Staff

    Joined:
    2002/01/18
    Messages:
    9,072
    Likes Received:
    400
    Try starting the computer using F8 and select Enable Boot Logging.
    Post the ntbtlog.txt that gets created in the Windows directory.

    Also, have a look in C:\Windows\System32\GroupPolicy\2 folders and see if any files in them.
     
    TonyT,
    #21
  2. 2011/09/09
    TonyT

    TonyT SuperGeek Staff

    Joined:
    2002/01/18
    Messages:
    9,072
    Likes Received:
    400
    Other than reinstalling, we could make a bat file that runs at boot which runs the exefix.
     
    TonyT,
    #22


  3. to hide this advert.

  4. 2011/09/09
    TonyT

    TonyT SuperGeek Staff

    Joined:
    2002/01/18
    Messages:
    9,072
    Likes Received:
    400
    More.

    Let's see what occurs in the registry at boot.
    Download the SysInternas RegMon utility. It's now included in their Process Explorer and no longer at the Microsoft/SysInternals site, but you can get the stand alone version here:
    http://majorgeeks.com/RegMon_for_NT2000XP_d530.html

    It has an option to log registry activity that occurs during boot and create a REGMON.LOG in the Windows directory.
     
    TonyT,
    #23
  5. 2011/09/12
    maternag

    maternag Inactive Thread Starter

    Joined:
    2011/08/17
    Messages:
    23
    Likes Received:
    0
    We got it!

    I have used the regmon boot logging as you suggested and in the log I found these 2 lines:
    [...]
    109790: winlogon.exe:1080 DeleteKey HKCR\.exe SUCCESS Key: 0xE269F440
    [...]
    109809: winlogon.exe:1080 DeleteKey HKCR\exefile\shell\open\command SUCCESS Key: 0xE269F440
    [...]

    Above these I found these lines:
    [...]
    109782: winlogon.exe:1080 OpenKey HKLM\Software\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseRegistry\RegItem1 SUCCESS Access: 0x1
    [...]
    109801: winlogon.exe:1080 OpenKey HKLM\Software\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseRegistry\RegItem2 SUCCESS Access: 0x1
    [...]

    I did some search and it seems that SUPERAntiSpyware uses these to keep on eye on registry activities related to malware (not very clear but I did not found a lot of information on this). So it is SUPERAntiSpyware that were deleting these entry at each start. When I was infected, I used SUPERAntiSpyware to get rid of the malware and it seems that it recorded the impacted registry entries and was deleting them at each start.

    I removed SUPERAntiSpyware and everything is now fine. (For the little story, I had the bad idea to try to remove the entries manually in the registry but after that my computer would not boot anymore. I had to restore from the last restore point using the recovery console.)

    Thanks a lot for your tenacity and all your suggestions and advices, they surely made it happen.

    Cheers,
    Gérard.
     
    maternag,
    #24
  6. 2011/09/12
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,896
    Likes Received:
    389
    Excellent news & well done both you & TonyT !

    Who would have thought that Superantispyware had such a nasty trick up it's sleeve.

    Please mark your thread as 'Resolved'.

     
    PeteC,
    #25
  7. 2011/09/12
    TonyT

    TonyT SuperGeek Staff

    Joined:
    2002/01/18
    Messages:
    9,072
    Likes Received:
    400
    TonyT,
    #26
Page 2 of 2

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...