URGENT: Registry Editor starts with Windows - Why?
I have a Windows 98 PC that starts RegEdit when Windows starts. There are no programs in the StartUp folder that would do this, nor are there any that I can see in the Run or RunOnce portions of the Registry. There are no viruses on the computer (Norton AntiVirus scan earlier today) and Norton SystemsWorks did not find and fix this problem (which it has fixed in the past for me on a different PC). Any suggestions? I need them in the next two hours.
If you run msconfig and look under the startup tab,is there anything listed that could be launching regedit?
ASKER
I don't see anything that says regedit. Here's what the Startup Tab shows:
ScanRegistry c:\windows\system\scanregw
TaskMonitor c:\windows\taskmon.exe
SystemTray systray.exe
ScanRegistry c:\windows\system\scanregw
TaskMonitor c:\windows\taskmon.exe
SystemTray systray.exe
I would disable them one at a time and see if this resolves the problem.
Also check for a wininit.* file anywhere on your machine.
Also if this is new,
You may try doing a scanreg /fix from a DOS prompt.
Scanreg /opt also.
You may try doing a scanreg /restore from a DOS prompt
and select a registry date from before the problem started.
I hope this helps !
Also check for a wininit.* file anywhere on your machine.
Also if this is new,
You may try doing a scanreg /fix from a DOS prompt.
Scanreg /opt also.
You may try doing a scanreg /restore from a DOS prompt
and select a registry date from before the problem started.
I hope this helps !
Look in the registry at:
HKEY_LOCAL_MACHINE\SOFTWAR
HKEY_CURRENT_USER\Software
File c:\windows\win.ini
section run=....
File c:\winstart.bat
Hope this helps.
HKEY_LOCAL_MACHINE\SOFTWAR
HKEY_CURRENT_USER\Software
File c:\windows\win.ini
section run=....
File c:\winstart.bat
Hope this helps.
ASKER
Continued....
LoadPowerProfile Rundll32.exe powerprof.dll,LoadCurrentP
ConfigSafe c:\csafe\autochk.exe <- This is an IBM program
AEZBProc c:\ibmtools\aptezbtn\aptez
StillImageMonitor c:\windows\system\stimon.e
bpcpost.exe c:\windows\system\bpcpost.
EM_EXEC c:\progra~1\logitech\mouse
Request c:\windows\options\cabs\re
CriticalUpdate c:\windows\system\wucrtupd
NAV Agent c:\progra~1\Norton~1\Norto
NProtect c:\program files\Norton Systemworks\Norton Utilities\Nprotect.exe
LoadPowerProfile Rundll32.exe powerprof.dll,LoadCurrentP
SchedulingAgent mstask.exe
ScriptBlocking "C:\program files\common files\symantec shared\Script blocking\sbserv.exe" -reg
CSINJECT.EXE c:\program files\norton systemworks\norton cleansweep\CSINJECT.EXE
NPROTECT c:\program files\norton systemworks\norton utilities\NPROTECT.EXE
SymTray - Norton SystemWorks c:\program files\common files\symantec shared\symtray.exe "Norton SystemWorks"
Webshots c:\progra~1\webshots\websh
Lotus Smartcenter c:\lotus\smartctr\smartctr
CleanSweep SmartSweep-Internet Sweep C:\progra~1\norton~1\norto
LoadPowerProfile Rundll32.exe powerprof.dll,LoadCurrentP
ConfigSafe c:\csafe\autochk.exe <- This is an IBM program
AEZBProc c:\ibmtools\aptezbtn\aptez
StillImageMonitor c:\windows\system\stimon.e
bpcpost.exe c:\windows\system\bpcpost.
EM_EXEC c:\progra~1\logitech\mouse
Request c:\windows\options\cabs\re
CriticalUpdate c:\windows\system\wucrtupd
NAV Agent c:\progra~1\Norton~1\Norto
NProtect c:\program files\Norton Systemworks\Norton Utilities\Nprotect.exe
LoadPowerProfile Rundll32.exe powerprof.dll,LoadCurrentP
SchedulingAgent mstask.exe
ScriptBlocking "C:\program files\common files\symantec shared\Script blocking\sbserv.exe" -reg
CSINJECT.EXE c:\program files\norton systemworks\norton cleansweep\CSINJECT.EXE
NPROTECT c:\program files\norton systemworks\norton utilities\NPROTECT.EXE
SymTray - Norton SystemWorks c:\program files\common files\symantec shared\symtray.exe "Norton SystemWorks"
Webshots c:\progra~1\webshots\websh
Lotus Smartcenter c:\lotus\smartctr\smartctr
CleanSweep SmartSweep-Internet Sweep C:\progra~1\norton~1\norto
This line that you quoted above looks suspicious to me:
ScriptBlocking "C:\program files\common files\symantec shared\Script blocking\sbserv.exe" -reg
ScriptBlocking "C:\program files\common files\symantec shared\Script blocking\sbserv.exe" -reg
ASKER
That is part of Norton AntiVirus. Some virus' are vbs scripts and that blocks them from doing any damage.
what is this one
Request c:\windows\options\cabs\re
go to start --> run and type msinfo32
go to software environment, startup and see where it is being loaded from
Request c:\windows\options\cabs\re
go to start --> run and type msinfo32
go to software environment, startup and see where it is being loaded from
ASKER
It is loaded from Registry (Machine Run)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Removed the REQUEST line and it rebooted without bringing up RegEdit.
Thanks everyone for your help.
Thanks everyone for your help.
bhlang Glad we could help
That request line looked suspicious to me, I've never seen it before, and know it isn't a normal startup item
That request line looked suspicious to me, I've never seen it before, and know it isn't a normal startup item
But, you haven't answered the implied question: "Why was it there -- what put it there"?
I don't know what put it there, and frankly I don't care. I don't pretend to know, every piece of software on the planet, and what they all install or not. I do know that request.exe is not a normal startup item, and suspected it was where regedit was being loaded from. My goal here was to stop regedit from being loaded on startup, and we accomplished this. If I chased down every implied question here, I would not have time to do anything else
Listening
Seems the question was answered as requested.
Computer101
E-E Moderator
Seems the question was answered as requested.
Computer101
E-E Moderator