Registry keys read on shutdown?

[Tegger®]

Specifically, are there any Registry keys that are read and executed only
on shutdown?

I'd like to add a Registry entry to delete a file on shutdown so it is not
there at the next startup.

 

[Wesley Vogel]

If XP Pro you can run scripts.
Open the Group Policy snap-in.
Start | Run | Type: gpedit.msc | OK |
Click Help | Index tab | Type: scripts |

[[Scripts (Startup/Shutdown): You can use this extension, which is located
under Computer Configuration\Windows Settings in the Group Policy console,
to specify scripts that are to run when the computer starts up or shuts
down. These scripts run as Local System.

Scripts (Logon/Logoff): You can use this extension, which is located under
User Configuration\Windows Settings in the Group Policy console, to specify
scripts that are to run when the user logs on or logs off the computer.
These scripts run as User, not as Administrator. ]]

Or...

Make a batch file.
Add it to >>>
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
or
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

I have one in >>>
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: My Indexdat Killer
Value Type: REG_SZ
Value Data: C:\run.bat

run.bat was created using Index.dat Suite
=============
@echo off
echo This file will remove Index.dat files. The Cookies, Temporary Internet
Files, History, and Temp folders will be cleared as per user Settings.
echo
echo Please note, use of this file is AT YOUR OWN RISK, Ur I.T. Mate Group
will NOT be held liable for any problems caused due to the use of this file
or any part of the Index.dat Suite software


del C:\DOCUME~1\WESLEY~1.VOG\LOCALS~1\TEMPOR~1\Content.IE5\index.dat
cd c:\DOCUME~1\WESLEY~1.VOG\cookies
rd /s /q c:\DOCUME~1\WESLEY~1.VOG\cookies
cd c:\DOCUME~1\WESLEY~1.VOG\LOCALS~1\history
rd /s /q c:\DOCUME~1\WESLEY~1.VOG\LOCALS~1\history
cd c:\docume~1\wesley~1.vog\locals~1\temp\
rd /s /q c:\docume~1\wesley~1.vog\locals~1\temp\
cd C:\DOCUME~1\WESLEY~1.VOG\LOCALS~1\TEMPOR~1\
rd /s /q C:\DOCUME~1\WESLEY~1.VOG\LOCALS~1\TEMPOR~1\
cd C:\DOCUME~1\WESLEY~1.VOG\Recent
rd /s /q C:\DOCUME~1\WESLEY~1.VOG\Recent
exit
============

Index.dat Suite
http://support.it-mate.co.uk/?mode=Home

 

[Tegger®]

"Wesley Vogel" <[email protected]> sprach im

Make a batch file.
Add it to >>>
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
or
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Unfortunately, it appears that the Run key is executed at STARTUP, not at
SHUTDOWN.

I need to have this command execute as the system is SHUTTING DOWN.

The old autoexec.bat file would be perfect, except that it does not
function like it used to in Win9x and DOS.

Again: Are there any Registry keys that are executed at SHUTDOWN ONLY?

 

[Tegger®]

"Tegger®" <[email protected]> sprach im

Again: Are there any Registry keys that are executed at SHUTDOWN ONLY?

Nobody knows? Not even the Microsoft MVPs?

 

[Wesley Vogel]

An MVP already replied.

Wesley Vogel
Microsoft MVP - Windows Shell/User


In

 

[Tegger®]

An MVP already replied.

Yes you did, sorry. I was hoping for something other than a script, as I
need to apply this solution to a WinMe box as well. I tried posting to
microsoft.public.windowsme.general, but got no responses.

 

[Wesley Vogel]

Tegger®,

The common way to delete files that might be in use when Windows is running
is to delete them on reboot or start. Hence, using a startup key.

I have an entry right now in >>>

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
Value Name: MRUBlaster
Value Type: REG_SZ
Value Data: C:\Program Files\MRU-Blaster\indexcleaner.exe -CC

From MRU-Blaster | IE Temporary Internet File Cleaner Plug-in
[[provides IE Temporary Internet File (cache) cleaning. Whenever this
plug-in is run, a supplementary file will be executed upon reboot to delete
the index.dat file (which is normally locked and in use) ...]]

indexcleaner.exe = MRU-Blaster index dat cleaning support
===

What file are you trying to get rid of?

 

[Tegger®]

Tegger®,

The common way to delete files that might be in use when Windows is
running is to delete them on reboot or start. Hence, using a startup
key.

I have an entry right now in >>>

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
Value Name: MRUBlaster
Value Type: REG_SZ
Value Data: C:\Program Files\MRU-Blaster\indexcleaner.exe -CC

From MRU-Blaster | IE Temporary Internet File Cleaner Plug-in
[[provides IE Temporary Internet File (cache) cleaning. Whenever this
plug-in is run, a supplementary file will be executed upon reboot to
delete the index.dat file (which is normally locked and in use) ...]]

indexcleaner.exe = MRU-Blaster index dat cleaning support
===

What file are you trying to get rid of?

Wininit.ini.

If that file gets created, the wininit.exe "not found/failed to load" error
appears, along with another related error later on. Neither error is fatal,
but is annoying for the end user.

If I delete the file wininit.ini before the next reboot, the errors do not
appear.

I have not been able to find out how to prevent that error from appearing
in the presence of the wininit.ini file, so I figured the next best thing
to do was to have the ini file deleted on shutdown.

 

[Wesley Vogel]

Tegger®,

You should've said so in the first place. You have a virus or a trojan!!!!

wininit.exe is *NOT* XP file.....

wininit - wininit.exe - Process Information
Process File: wininit or wininit.exe
Process Name: WOLLF.16 virus

Description:
wininit.exe is added to the system as a result of the WOLLF.16 virus. It is
a backdoor Trojan horse allows unauthorized remote access to an infected
computer.

What is Bymer Trojan Program?
http://www.pchell.com/virus/wininit.shtml

Error Message: Wininit.exe Cannot Be Run from Within Windows
http://support.microsoft.com/?scid=kb;en-us;299332

Automatic Cleaner for Bymer Trojan
http://www.antivirus.com/vinfo/security/fix_troj_bymer.zip

Update your anti virus software and run a complete system scan!

--
Hope this helps. Let us know.
Wes

In

Tegger®,

The common way to delete files that might be in use when Windows is
running is to delete them on reboot or start. Hence, using a startup
key.

I have an entry right now in >>>

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
Value Name: MRUBlaster
Value Type: REG_SZ
Value Data: C:\Program Files\MRU-Blaster\indexcleaner.exe -CC

From MRU-Blaster | IE Temporary Internet File Cleaner Plug-in
[[provides IE Temporary Internet File (cache) cleaning. Whenever
this plug-in is run, a supplementary file will be executed upon
reboot to delete the index.dat file (which is normally locked and in
use) ...]]

indexcleaner.exe = MRU-Blaster index dat cleaning support
===

What file are you trying to get rid of?

Wininit.ini.

If that file gets created, the wininit.exe "not found/failed to load"
error appears, along with another related error later on. Neither
error is fatal, but is annoying for the end user.

If I delete the file wininit.ini before the next reboot, the errors
do not appear.

I have not been able to find out how to prevent that error from
appearing in the presence of the wininit.ini file, so I figured the
next best thing to do was to have the ini file deleted on shutdown.

 

[Tegger®]

Tegger®,

You should've said so in the first place. You have a virus or a
trojan!!!!

wininit.exe is *NOT* XP file.....

wininit - wininit.exe - Process Information
Process File: wininit or wininit.exe
Process Name: WOLLF.16 virus

Hmm. I suspected a virus at the beginning but dismissed that idea after
some investigation. Looks like I made a mistake.

Description:
wininit.exe is added to the system as a result of the WOLLF.16 virus.
It is a backdoor Trojan horse allows unauthorized remote access to an
infected computer.

This appears to be it.

What is Bymer Trojan Program?
http://www.pchell.com/virus/wininit.shtml

Error Message: Wininit.exe Cannot Be Run from Within Windows
http://support.microsoft.com/?scid=kb;en-us;299332

This error does not occur.

Automatic Cleaner for Bymer Trojan
http://www.antivirus.com/vinfo/security/fix_troj_bymer.zip

Update your anti virus software and run a complete system scan!

It's not my computer, but that of an artist that does work for the company
I do work for.

This also explains the trouble she ran into attempting to install Norton AV
2005 just before she called me up.

Thanks for the tip. I'll report back here once I get a chance to look at
the machine again. It's 20 miles away right now.