Results 1 to 7 of 7

Thread: Autoruns Help

  1. #1
    Uranium Lounger
    Join Date
    Mar 2001
    Location
    New Jersey
    Posts
    6,684
    Thanks
    1
    Thanked 11 Times in 11 Posts
    I was testing Systernals Autoruns on my system and thinking that I did not need the Logitec software because I now us MS keyboard & mouse, I disabled the keyboard & mouse functions. Now I cannot use the mouse or keyboard at the Welcome screen to log on.

    Anyone know of a wayto get into the system to change the autoruns function ??? If I delete the .exe file will that remove the settings changes I made ?? I slave the drive to another system and see everything but the registry. Is it possible to access the registry on the slaved drive using a command to run regedit on that drive from the primary drive ??? something like regedit/D: ??

    I'm at my PC guys shop using his internet connection and may have trouble getting online unless I can get to someone's place who has internet access.

    Any and all help will be most appreciated. My backup is 6 months old and I really don't want to go there.
    <IMG SRC=http://www.wopr.com/w3tuserpics/DocWatson_sig.gif>

  2. #2
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts
    [quote name='DocWatson' post='794065' date='19-Sep-2009 10:27']I was testing Systernals Autoruns on my system and thinking that I did not need the Logitec software because I now us MS keyboard & mouse, I disabled the keyboard & mouse functions. Now I cannot use the mouse or keyboard at the Welcome screen to log on.[/quote]
    Can you boot to the screen that lets you choose startup options and use a System Restore??

    When I've used Autoruns in the past, I think it edited the registry, so simply deleting the EXE may not help.

    === Edit ===

    It's possible that remote desktop (RDP) is enabled on your computer. In that case, if you get it and another PC on the same LAN, you may be able to log into it from the second PC. This assumes your software firewall doesn't block the connection, so it might not work. (If you have LogMeIn or GotoMyPC, etc., then of course you would use that instead of RDP.)

    If the drivers are configured in an .ini file rather than in the registry, you might be able to edit the file using a Linux boot disk. Assuming your hard drive is not encrypted. This is a little out of my depth.

  3. #3
    Plutonium Lounger
    Join Date
    Mar 2002
    Posts
    84,353
    Thanks
    0
    Thanked 29 Times in 29 Posts
    Do you have an old keyboard with a PS/2 connector lying around? That should work without any drivers.

    And Jefferson is correct, deleting AutoRuns.exe won't help - the settings you changed have been stored in the Windows registry.

  4. #4
    Uranium Lounger
    Join Date
    Mar 2001
    Location
    New Jersey
    Posts
    6,684
    Thanks
    1
    Thanked 11 Times in 11 Posts
    I've tried both PS2 & USB mice with no joy. I think I've really screwed the pooch on this one and may have to restore my backup.

    I'll try Jefferson's suggestion about getting to System Restore on boot up and cross my fingers.

    I've also posted to the autoruns forum for help, but have no PC connected to the internet at home to monitor answers.

    I think I'm just going to bite the bullet and restore my backup after I slave the drive and copy off my important data.
    <IMG SRC=http://www.wopr.com/w3tuserpics/DocWatson_sig.gif>

  5. #5
    Uranium Lounger
    Join Date
    Mar 2001
    Location
    New Jersey
    Posts
    6,684
    Thanks
    1
    Thanked 11 Times in 11 Posts
    OK... I'm back up on the image and will be putting things back together for a day or so. Lesson learned... keep your backups current !!!

    Also, don't disable anything in Autoruns unless you KNOW what it is and what it does. I unchecked som Logitech registry setting because I don't have the Logitec hardware any longer and it seems they were the setting for ANY and ALL keyboards and mice. I couldn't get past the Welcome screen because I couldn't move the cursor or use the Tab key to toggle through the user profiles to select one. I don't even think that a registry backup before I made the changes would have mattered, because the only way I could have gotten to it would have been with the drive slaved and I'm pretty sure the registry isn't available in that interface.

    Live and learn.
    <IMG SRC=http://www.wopr.com/w3tuserpics/DocWatson_sig.gif>

  6. #6
    Plutonium Lounger
    Join Date
    Nov 2001
    Posts
    10,550
    Thanks
    0
    Thanked 7 Times in 7 Posts
    [quote name='DocWatson' post='794103' date='20-Sep-2009 01:54']I don't even think that a registry backup before I made the changes would have mattered, because the only way I could have gotten to it would have been with the drive slaved and I'm pretty sure the registry isn't available in that interface.[/quote]

    In regedit there is a "Load Hive" option which allows you to open a registry file from a a slaved drive.

  7. #7
    Uranium Lounger
    Join Date
    Mar 2001
    Location
    New Jersey
    Posts
    6,684
    Thanks
    1
    Thanked 11 Times in 11 Posts
    [quote name='StuartR' post='794114' date='19-Sep-2009 22:35']In regedit there is a "Load Hive" option which allows you to open a registry file from a a slaved drive.[/quote]
    Thanks for that Stuart. I received a reply on the Autoruns forum and got the following information about resetting disabled Autoruns items from a slaved drive. Here's what I was told......

    "Try slaving the HD to another system. If you can, I'd suggest doing so and then making a copy of the contents of %systemroot%\system32\config (on the slave drive). Then load the SOFTWARE and SYSTEM hives, and search for AutorunsDisabled; make the settings there, appear in the parent key in the registry.

    Another option may be to use system restore, if that's an option.

    How I can load the SOFTWARE and SYSTEM hives on a slaved drive ??

    After making a backup... Run Regedit, navigate to HKLM, File->Load hive, browse to the registry file (e.g. x:\windows\system32\config\software, where 'x' is the drive letter of the slaved drive from the troubled system) - HKLM\Software will be in the SOFTWARE file, and HKLM\System will be in the SYSTEM file. Search the loaded hive for AutorunsDisabled, to find the items which Autoruns was told to disable (in the registry; filesystem locations will contain an AutorunsDisabled folder). If you told Autoruns to delete an entry, then you would be out of luck, unless you happened to recall it or could otherwise recover it to transfer it to the appropriate location."
    <IMG SRC=http://www.wopr.com/w3tuserpics/DocWatson_sig.gif>

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •