This is something that Spybot reports to me which I think is something of it's own doing but I just wanted to be sure. Here is the information it gives:

Categori: Session manager
Change: Value deleted

Entry: BootExecute

Old data: autocheck autochk *\lsdelete

Can anyone confirm that this is something Spybot itself does or alternatively tell if it might be something I should stop from happening?

Best regards, Lasse

Ok, I managed to find some information about this via google and even in a previous subject here (oddly enough that nifty 'check for similar messages' thingy didn't catch it when I wrote mine) and it seems the lsdelete part refers to Ad-Aware which I did uninstall at some point so I allowed the change.

After that I checked the registry just to see what is was all about in situ. It turns out there is something called a ControlSet of which this session managers data is a part. On this particular computer I have 8 numbered ControlSet plus one called CurrentControlSet. Are these 8 which are probably previous versions there in order to do system restores?

Best regards, Lasse

Viking-X:

I don't understand why you have 8 ControlSets (ControlSetxxx).

The following registry key discribes what the various ControlSetxxx are being used for:

HKEY_LOCAL_MACHINE\SYSTEM\Select

From the following:
Chapter 5 Keeping Connected
http://technet.microsoft.com/en-us/library/cc767116.aspx

The Select sub-key tells you which of the Control Sets is in use. Examining this list, you'll see entries for Current, Default, Failed, and LastKnownGood, which (by default on a system operating normally) will have a Current value of one, Default value of one, LastKnownGood value of two, and a Failed value of zero. If a configuration corruption is detected during startup, the Failed value will rise, and the system will attempt to use the last known good entry as the current entry instead of using the default entry.

I have quite different values there:

current 6
default 6
failed 3
lastknowgood 8

So I guess it might be because I used the 'boot with last known good configuration' option at the F8 startup screen a couple of times while I was struggling with the trojan I had.

So not directly linked to the number of system restore points it seems. Although I do have 7 of those active at present so possibly a little connection still! :alien:

Interesting in any case! :)

Best regards, Lasse

Viking-X::

The number of Control Sets has nothing to do with the number if Restore Points. My System Restore currently has 92 Restore Points. I have the following Control Sets:


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005]
Used as follows:


[HKEY_LOCAL_MACHINE\SYSTEM\Select]
"Current"=dword:00000001
"Default"=dword:00000001
"Failed"=dword:00000000
"LastKnownGood"=dword:00000005
ControlSet002 and ControlSet003 appear to be empty:


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Session Manager]


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Session Manager]