Registry problem, something is deleting stuff from HKCU\...\Windows\Run

[Bludd]

So, I decided to update my X-Fi drivers to the latest version 2.18.0013 released on June 26th.

During the install, my personal firewall asked me to allow the setup program to run regsvr32, fine, doing stuff in the registry is normal for a driver install.

After the compulsory reboot, I notice that three items are gone from my systray: NetMeter (a program to monitor network traffic), HDDThermometer (a SMART temperature monitor) and D-Tools lite (virtual drive). Weird ... I opened up each program and enabled them to start with Windows. I wanted to restart my system again just to see if the problem was gone. Now when I clicked Start and then Restart, the system started shutting down, or so I thought. This is normally quite speedy on my system, but for some reason it lingered. The mouse pointer flashed the little hourglass animation many, many times before Windows finally displayed the saving settings screen, but it had taken like 2-3 minutes for this to happen.

And then when the machine started again, I couldn't change the soundcard's mode and I couldn't launch the console launcher.

Oh, Creative.

Anyway, removed everything Creative related, rebooted, reinstalled the drivers and checked with the Microsoft Sysinternals utility Autoruns if the startup entries for the above-mentioned programs were there still. They weren't.

So, the conclusion is that the installer for the X-Fi drivers version 2.18.0013 fucks with legitimately installed software at least on my system, Windows XP32 SP3, and removes their entries from HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Oh, Creative, you jerks.

Edit: Apologies to Creative. It is not their installer that does it. It looks like it's nvidia's fault.

 

[Bludd]

I have done some experimenting. The driver installer runs a utility called ctzapxx.exe. When you run it as a standalone application, it allows you to either install drivers and overwrite the old ones or uninstall the drivers and delete everything Creative-related. If you choose the latter, it does what it says, but it also removes NetMeter and HDDThermometer from HKCU\Software\Microsoft\Windows\CurrentVersion\Run (for some reason, it has stopped removing D-Tools). In Autoruns, both these utilities' exe files show up as unsigned. I am speculating here, but if that is the reason ctzapxx.exe removes them, Creative should just stop releasing stuff right now, because many of their binaries are unsigned too.

If the unsignedness of the files is not the reason for their removal, maybe ctzapxx.exe is just being thorough? Well, if this is true, Creative can suck my dick because that utility has no business removing something which is not related to the X-Fi drivers or Creative in any way.

Having stuff in HKCU\Software\Microsoft\Windows\CurrentVersion\Run is legitimate.

 

[suryad]

Wow thats messed up. I was thinking of grabbing the latest drivers from Creative actually on my windows 7 setup but now that you went through all that I think I am going to refrain.

 

[Bludd]

I unpacked the previous driver 2.18.0008 and ran the ctzapxx.exe inside that one and it too deletes NetMeter and HDDThermometer from HKCU\Software\Microsoft\Windows\CurrentVersion\Run

What the hell ...

I will try and capture ctzapxx.exe with ProcessMonitor if I have to run it again for some reason. I'll post a screenshot or something if I catch it messing with HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Edit: Apparently, the driver package contains two different ctzapxx.exe files ... I ran the other one and it didn't touch the registry key (I had ProcessExplorer filter out anything not involving the key).

Weird.

 

[Davros]

have you informed creative about this

 

[Bouncing Zabaglione Bros.]

They've been doing crap like this for years, and it's why I don't use Creative for anything.

 

[Bludd]

have you informed creative about this

I can't be bothered dealing with a level 1 support stooge reading from a script and telling me to update my DirectX, polish my HSF and reformat my noodle.

 

[willardjuice]

It sounds like a bug to me; I don't think Creative meant to disable other programs (what's their motive?). Just uninstall your audio drivers first, then run the updater (instead of letting the updater uninstall the drivers).

 

[Bludd]

For whatever reason, the problem persists. Now every time I reboot (even if I don't install/uninstall drivers etc), the HKCU\Software\Microsoft\Windows\CurrentVersion\Run is deleted. I don't know if it happens when Windows shuts down or when Windows starts up.

This is weird.

Edit: or for some reason, the registry is never saved when the computer shuts down. Hmhmhmhmhm.

Edit2: okay, it is deleted on start up because if I quickly load regedit after logging in, the key is still there. If I wait a while for everything else to load, it disappears. ProcMon to the rescue? Or shutdown? This is a dumb problem. Why is it happening now? Aaaaaaaaaaaaaa. Maybe the registry is hosed ...

 

[ShaidarHaran]

Move your startup registry enties from HKCU to the same location in HKLM and you won't have to worry about this anymore.

 

[Bludd]

Move your startup registry enties from HKCU to the same location in HKLM and you won't have to worry about this anymore.

I am not creating these, the programs are doing it themselves in that specific location.

 

[karlotta]

the two apps ( are old and unsupported...) are going where no other apps go. They are in the wrong place and are very old and dont have a clue where to be. BUT thats still not cool for a cleaner from Creative to clean out the user/tempish run directory. ShaidarHaran is correct.
"Move your startup registry enties from HKCU to the same location in HKLM and you won't have to worry about this anymore."

 

[Bludd]

I may have solved the problem. I did a system file scan (sfc /scannow) and I did a chkdsk /f and I uninstalled all the beta drivers I had for any hardware and installed WHQL drivers.

I may also have jumped the gun on accusing Creative for this problem, because it may have been the new Nvidia beta drivers that caused this.

I never found a trace of anything deleting that key in my Process Monitor logging (I even did a boot logging session where I actually managed to capture the system starting up and shutting down). Hm.

At least, now when I reboot the machine, the key is not deleted from the registry. I am suspecting the nview wizard for being the culprit, but I have no proof. I am tired of this problem now and I don't think I will investigate further.

 

[suryad]

Well I guess I will try to go ahead and install the Creative drivers and report if I find something similar on my Win7 Rc setup. Just a question thought but it is wise to remove the current drivers first and then install the new one ya?

 

[Bludd]

I don't know, suryad. Please tell me how it goes but be sure that you actually have something in that registry key.

 

[suryad]

I don't know, suryad. Please tell me how it goes but be sure that you actually have something in that registry key.

Right ok I will try and remember that. I dont think I should have anything of that sort currently in my run but that can be changed because I can have RivaTuner fire up automatically on windows startup.

 

[suryad]

Ok so I attempted the experiment and I must say it was an utterly painless experience other than having to reboot the machine twice (once after uninstalling the existing Creative stuff and the other after installing the Creative drivers). I made sure I had a registry key available for some softwares on startup and Creative did not muck around with anything. I even ran the Creative Software Update tool and there was no problem at all.

I must say the drivers may have actually sped up my bootup time by a teeny bit because I usually hear a click from my soundcard as it gets initialized on bootup but this time it happens a bit earlier and my machine is ready to use (login screen appears) that bit quicker. I am happy overall.

Cheers

 

[Bludd]

I have to confirm that the Creative installer is not the source of the problem. I just installed the latest drivers and it didn't mess with the aforementioned registry key.

I will install the new nvidia 190.38 WHQL drivers later and do a boot logging in ProcMon because the beta 190.38 was the only other thing I had installed when the problem occurred.

Fingers crossed!

 

[Bludd]

It is nwiz.exe! Darn tootin!

Here's the proof, from the ProcMon boot logger.



I just sent this in via driver feedback over at nvidia.

 

[Bludd]

Annoyingly, one can't input an email address in the feedback form. I just hope they can reproduce it.

Hopefully it is a bug, but if isn't, nwiz is evil.