Driver exe's auto run after DISM/PNPUtil Import

Posted on 2014-04-16
Medium Priority
Last Modified: 2016-11-23
I've tried adding Dell drivers to my .wim file using DISM, and I have also tried using pnputil to add the drivers then re-capturing the image.
But it appears, after I use either method, when the computer starts up, executable files are in the start up (HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run) that call the exe of some of the drivers.

All of these Run entries appear out of box:

"Apoint"="C:\\Program Files\\DellTPad\\Apoint.exe"
"RtHDVCpl"="C:\\Program Files\\Realtek\\Audio\\HDA\\RtkNGUI64.exe /s"
"RtHDVBg"="\"C:\\Program Files\\Realtek\\Audio\\HDA\\RAVBg64.exe\" /MAXX4P1"
"WavesSvc"="C:\\Program Files\\Realtek\\Audio\\HDA\\WavesSvc64.exe"
"RtHDVBg_PushButton"="\"C:\\Program Files\\Realtek\\Audio\\HDA\\RAVBg64.exe\" /IM"

Windows at startup of loading the desktop, prompts me to Run or cancel, in order for each of these entries.

If I click "run", I guess they install. For a couple, like the Realtek one, it appears to add a system tray icon of a sound icon (separate from the Windows sound volume icon).

When I reboot, the same thing happens again, all these programs try to run.

If I delete the entries, then reboot, they go away, but the icons in the system tray like for Realtek for example, are gone.
However no devices appear to be missing from the device manager...
Question by:garryshape
  • 5
LVL 88

Expert Comment

ID: 40006393
Drivers installed via exe files, are usually just compressed zip packages, which get extracted by running the exe file. Those extracted files are then copied to another directory, and after that the installer installs them.

On a Dell, when you manually run those files, you can usually choose where those extracted files will be stored at. So what you should do is to first run those exe's, then look at the extracted folders and just copy the relevant folders or contents of folders to your installation directory. Don't copy the complete exe. You'll probably also notice that the folders contain sub folders for different OS's, so you only need those that are relevant to your OS.

Author Comment

ID: 40006476
What I did was I had downloaded the .cab file from Dell for this particular computer model

I didn't download individual exe drivers

I just downloaded that .cab file above, extracted it, then mounted the .wim image of my Windows 7 image and used DISM with /recurse command to add all inf drivers found within that x64 folder of the extracted cab file from Dell.

It's the same process I used for the E6430 laptop but the E6430 didn't have this issue with driver exe's running after reboot.

Author Comment

ID: 40006713
Ok I came across a couple of other threads and it appears it's because maybe the .cab file I extracted had to be "unblocked" first.



These entries are indeed supposed to remain in the Run key, but because the exe's seem to have originated from another computer, I need to try and "unblock" the files so I don't get that security prompt every time.

I will try it out and check.
Managed Security Services Webinar - March 15

Selecting the right managed security services platform to grow your business can be a huge undertaking. Join WatchGuard and Frost & Sullivan in an upcoming webinar as we dive into the key elements of selecting a vendor platform and partnership to fuel a successful MSSP business.


Author Comment

ID: 40006831
Now I've got to figure out how to remove all these exes and drivers so I can re-add the "unblocked" ones. Restoring old image then will try dism add-drivers with unblocked ones

Accepted Solution

garryshape earned 0 total points
ID: 40007035
Ok, UNBLOCKING the .cab file of driver pack I downloaded from Dell (right-click cab file, properties, then unblock", before extracting it.
Then I extracted it and slipstreamed the drivers into my .wim image.

Now the driver exes run at startup just fine and I get no security prompts.

Author Closing Comment

ID: 40014375

Featured Post

SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

SingleRun is a tool that ensures that only one instance of an application is started, running it again brings the application to focus.
A simple method to resolve a "keyboard not working" problem by modifying the Windows registry. This issue can often be encountered after using the VMware vCenter Converter Standalone Agent to perform a Physical-to-Virtual (P2V) conversion process.
In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happen…
This Micro Tutorial will go in depth within Systems and Security in Windows 7 and will go into detail regarding Action Center, Windows Firewall, System, etc. This will be demonstrated using Windows 7 operating system.

600 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question