reg watcher keep changing

Hello. I have it on defalt.I see much of this example:

Now, for some reason, many of my startups in msconfig are gone!

What is this - please. Thanks.

 

Thanks for the help, I appreciate it.

 

something is just not right about regwatcher when I see the repeatedly. I picked up regwatcher because of some comments from this board - https://www.wilderssecurity.com/showthread.php?t=54666.

 

Again, thanks for your help. That's what makes this a great forum - such knowledgeable members always willing to extend a helping hand.

Here's another great thread I must thank you for: https://www.wilderssecurity.com/showthread.php?p=380155#post380155

 

Just spotted this thread. If this *is* MJ Regwatcher 1.2.4.1 you are running, then the messages seem to suggest that MJ Regwatcher is trying to restore a key to its former state, and is not being allowed to (happens every sweep). Have you got MJRW in Auto-Reject mode (the trayicon is blue) ? If so, then it is trying to restore the key without prompting you. Put it into Auto-Accept mode, and see the log for changes that are being made - probably a service auto-updating or something, so it may well be legit.

On a different issue, I have just received a very clever e-mail which poses as an Amazon gift certificate, but comes with an attachment called
Evan_Rutledge@Amazon.com
I inspected it and it is definitely an executable of some type (begins with MZ). Does anyone know the url of that site you can submit these to to see what it is?

MJ

 

Try here: http://virusscan.jotti.org/

Regards,
Jade.

 

It prompts, I allow, and it repeats. I disabled the app and noticed many of my startups were missing - for instance, winpatrol - I did not uncheck "start with windows" but it was unchecked. I manually put them back in.

 

It sounds as if something changed in the startup folder, and it cannot restore it to its former state. It will restore bfore prompting and the restore is failing, so it keeps going.
MJ

 

Loss of startup keys means that something changed the "hk...run" key and MJRW is trying to restore it. MJRW wipes out all values from the key it trying to restore, and then puts back what it has stored, This "putting back" is being refused, and that is why you lost your "hk...run" values. If the "hk...run" key was protected, then it couldn't have "cleared" it in the first place. It managed this so it is able to delete values, but can it write new values to that key? What are you logged in as? If you are at administrator level, then this is a mystery, otherwise it could be a user policy in force. Anyway, those are just some ideas. HTH (a bit),