Registry contents keep reverting back?

C

***** charles

Hi all,

I have an XPH machine that has McAffee programs
that start up in a RUN key. When I go into the
registry and delete the three entries in the key and
then exit regedit as soon as I reboot the computer
they are all back. So my quesions are:

How do I track the boot routine from the time it
hits the mbr if possible?

How do figure out which program is changing
the contents of the registry at boot time?

How do I fix it?

thanks,
charles.....
 
D

Doug Knox MS-MVP

For tracking the boot from power on:

http://www.microsoft.com/technet/prodtechnol/winxppro/reskit/c29621675.mspx

Boot logging

Boot logging lists the files that were successfully and unsuccessfully processed during startup. Boot logging enables you to log the Windows XP Professional components that are processed when you start your computer in safe mode and also in normal mode. Compare the differences between the two logs to determine which components are not required to start.

Enable boot logging using either of these methods:

• Edit the Boot.ini file as described in “Reviewing and Correcting Boot.ini Settings” later in this chapter. Add the /bootlog parameter, save the revised Boot.ini, and restart the computer. For more information about the /bootlog parameter, see Table 29-14 later in this chapter.

• Restart the computer and press F8 when prompted. On the Windows Advanced Options menu, select Enable Boot Logging.

For tracking Registry activity during the boot:

http://www.sysinternals.com/Utilities/Regmon.html

Check its options to log the boot process and create any filter(s) you want. Reboot.
 
C

***** charles

Thanks for the reply. I think it has something to do with
services. I went to the service manager and it had a lot
of services that had to do the McAfee and other things.
The regmon program looks like a good possibility too.

later....


For tracking the boot from power on:

http://www.microsoft.com/technet/prodtechnol/winxppro/reskit/c29621675.mspx

Boot logging

Boot logging lists the files that were successfully and unsuccessfully
processed during startup. Boot logging enables you to log the Windows XP
Professional components that are processed when you start your computer in
safe mode and also in normal mode. Compare the differences between the two
logs to determine which components are not required to start.

Enable boot logging using either of these methods:

• Edit the Boot.ini file as described in “Reviewing and Correcting Boot.ini
Settings” later in this chapter. Add the /bootlog parameter, save the
revised Boot.ini, and restart the computer. For more information about the
/bootlog parameter, see Table 29-14 later in this chapter.

• Restart the computer and press F8 when prompted. On the Windows Advanced
Options menu, select Enable Boot Logging.

For tracking Registry activity during the boot:

http://www.sysinternals.com/Utilities/Regmon.html

Check its options to log the boot process and create any filter(s) you want.
Reboot.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Backing up/restoring customized Windows Explorer (WE) toolbar? 5
Registry Back Up and Restore? 25
Registry Question? 1
Corrupted bootup configuration? 6
Some Registry Measurements 14
Backing up and restoring the registry 1
DELETING REGISTRY ENTRIES 6
About Registry Cleaners 7

Top