FAQFAQ   SearchSearch      ProfileProfile    Private MessagesPrivate Messages   Log in/Register/PasswordLog in/Register/Password

a better Chkdsk?

  
Goto page Previous  1, 2
   Windows (Home) -> Help & Support RSS
Related Topics:
Chkdsk problem - When I go into the of my primary drive and click on and check off both boxes fix file system errors and Scan for and attempt recovery of bad sectors), then select Start, I have to re-boot for the scan to take..

Chkdsk question - I want to run chkdsk to help clean up the hard drive. Will i have any or corrupt files for example} doing this? Thanks

chkdsk is unable to recover (guess) MFT entries - Hello! Everytime Windows boots it runs chkdsk fist, before finishing the booting process. It always says it did not found any errors, so i tried a chkdsk d: /X / F / R (the disk in this case is D:.. always.. C: is the system's disk and its fine) ..

System restore problem - Every time I have used 'system restore' on my desktop PC it has caused me great problems which require a 'C' drive format and rebuild of my data. I'm running XP Home on a 3.2gh Intel. Each time the result has been the same - ie I've had a..

Using another key to escape from Remote Assistance? - I need to use RA with an (Korn Shell) that uses the ESC key (and this CANNOT be How do I tell RA that I do not want it to use ESC to escape from the session (or to use another key)?
Next:  Help & Support: How to open a picture with a .tis file type?  
Author Message
John John

External


Since: Mar 03, 2006
Posts: 115



(Msg. 16) Posted: Tue Mar 11, 2008 10:06 pm
Post subject: Re: a better Chkdsk? [Login to view extended thread Info.]
Archived from groups: microsoft>public>windowsxp>help_and_support (more info?)
Hmmm. That sprestrt value data looks pretty fishy to me, that should
not be there after the Windows installation is properly completed. Are
you absolutely 100% sure that your installation is completely free of
virus or other pests?

John

Frank wrote:

> BootExecute value is autocheck autochk* sprestrt
>
>
>
> John John wrote:
>
>> Frank wrote:
>>
>>
>>> The HKLM...... Registry Key does not exist
>>
>>
>> The BootExecute value at:
>>
>> HKLM\SYSTEM\CurrentControlSet\Control\Session Manager
>>
>> *must* exist else you could not schedule chkdsk to run on reboot nor
>> could you have autoconv run on startup! BootExecute is a REG_MULTI_SZ
>> value in that key.
>>
>> I'm thinking that maybe something Norton or something to do with AV
>> activity on reboot prevents the convert from happening?
>>
>> John
>>
Back to top
Login to vote
VanguardLH

External


Since: Feb 20, 2008
Posts: 21



(Msg. 17) Posted: Tue Mar 11, 2008 10:06 pm
Post subject: Re: a better Chkdsk? [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
"John John" wrote in message
news:Oz$qN19gIHA.4744@TK2MSFTNGP06.phx.gbl...
> Hmmm. That sprestrt value data looks pretty fishy to me, that
> should not be there after the Windows installation is properly
> completed. Are you absolutely 100% sure that your installation is
> completely free of virus or other pests?


The sprestrt value in that registry key will kick off the following
program when Windows starts up:

C:\Windows\system32\sprestrt.exe

According to "How Setup Works"
(http://technet2.microsoft.com/windowsserver/en/library/7b28284e-d1d2-4dc7-88d3-4e75bbf63a971033.mspx),
this program seems involved in the install of Windows (in getting a
usable desktop GUI to continue the install). If you right-click on
the file in WIndows Explorer and look at Properties under the Version
tab, the program's description is "Restores registry to restart
GUI-mode part of setup."

It is also possible that malware figured out to replace this file and
add the value to the registry key to get this malware to run on every
startup of Windows (and because the vast majority of security software
would load). Many utilities to show startup items do not include the
BootExecute key. Even some HIPS (host intrusion protection systems)
don't look for it. AutoRuns from SysInternals (now owned by
Microsoft) does list this key as a startup item. Mine has:

autocheck autochk *
Isdelete

(when you look at its value in its own window rather than the view
pane in regedit, there are 2 values for that key). The autocheck
entry will run:

C:\Windows\system32\autochk.exe

and the Isdelete entry will run:

C:\WIndows\system32\Isdelete.exe

So if any of those 3 files are infected or corrupted, the malware or
bad file runs early in Windows startup. For example, the VirtuMundo
pest alters the BootExecute key (but adds a different entry than
sprestrt.exe); see
http://wiki.castlecops.com/Malware_Removal:_Virtumundo. BootExecute
is right up there with the WinLogon events for programs that run far
before any security software gets loaded.

Frank shows sprestrt on the same line as autocheck but that might be
because he was looking at the view pane on the right in regedit.
Double-click the data item to show its value list in its own window.
sprestrt should be on its own line as another program to run on
Windows startup, not as a parameter to autochk. Some programs add
their own line to this data item. For example, and only from what
I've read, selecting to perform a boot-time scan in Avast anti-virus
will add an "aswBoot.exe ..." entry to this data item. It's a way to
get a program to run early during the startup of Windows.

See:

http://technet2.microsoft.com/windowsserver/en/library/7b28284e-d1d2-4...-88d3-4
Back to top
Login to vote
John John

External


Since: Mar 03, 2006
Posts: 115



(Msg. 18) Posted: Tue Mar 11, 2008 11:11 pm
Post subject: Re: a better Chkdsk? [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
VanguardLH wrote:

> "John John" wrote in message news:Oz$qN19gIHA.4744@TK2MSFTNGP06.phx.gbl...
>
>> Hmmm. That sprestrt value data looks pretty fishy to me, that should
>> not be there after the Windows installation is properly completed.
>> Are you absolutely 100% sure that your installation is completely free
>> of virus or other pests?
>
>
>
> The sprestrt value in that registry key will kick off the following
> program when Windows starts up:
>
> C:\Windows\system32\sprestrt.exe

Yes, and that file may have been replaced or spoofed by a virus or other
pest. That sprestrt value is not normally there after the Windows
installation is properly completed. That of course doesn't mean that
the value is necessarily virus related but it does raise some suspicion.

Also, autoconv failure or success are normally recorded in the Event Log
but Frank reports no such events in the log. It could be that there
isn't enough free space as you suggest in another post, but that would
be recorded in the Event Log. There is definitely something awry with
his installation, but it's difficult to figure out what is going on!

Also, he formated his FAT32 drive, or with the use of third party tools
he changed the cluster size from the probable 32K standard size to a
non-standard 4K size, maybe that is causing the problem, it could be
that the third party tool that he used did something that Windows
doesn't like too much.

John
Back to top
Login to vote
Display posts from previous:   
       Windows (Home) -> Help & Support All times are: Eastern Time (US & Canada) (change)
Goto page Previous  1, 2
Page 2 of 2

 
 You can post new topics in this forum
You can reply to topics in this forum
You can edit your posts in this forum
You can delete your posts in this forum
You can vote in polls in this forum
Categories:
  Windows Forums
 Game Forums
 Linux Forums
 Mac Forums
 PDA Forums
 Mobile Forums
  Top  |  Store  |  RSS Feeds RSS  |  Data Feeds  |  Advertise  |  Submit  |  Bookmark  |  Newsletter  |  Contact