My Recent Document always emptied

  • Thread starter Thread starter Stefano G
  • Start date Start date
S

Stefano G

Hi,

Strange things happen... since about a week everytime I reboot I get
the "My recent Documents" contents deleted.

I checked everything I had following the newsgroup advises: checked
the registry, the group policy, TweakUI, etc and all seems to be OK.

It also happens rebooting from Safe Mode to Safe Mode.

My system is WinXP SP2.

The registry key contains only the following key
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"=dword:00000091

The group policy, Administrative Templates, Startup has all items "not
configured"

Then also the following happens (maybe is a clue for someone)

I reboot clean
I open and close a winword document
I open the shortcut to My recent Documents and see the link to the
just opnened doc
I leave the folder opened on the screen
I hit Start->Logout, and then CANCEL the logout
.... and immediately I see the folder on the desktop EMPTY !!!

And more:
I saw with wininternals filemon that the process EXPLORER.EXE really
DELETES the content of the folder when I do log out and cancel the
logout...


Anyone came across this?

Thanks in advance,

/Stefano
 
Do you have MRU-Blaster, MRUClean, Empty Temp Folders or Disk Cleaner? Or
some other MRU cleaning utility?

If you do that may be what's cleaning out the Recent folder.

Try creating this registry key...

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Value Name: ClearRecentDocsOnExit
Value Type: REG_DWORD
Value Data: 0

Values for Value Data are:
0 = No don't clear
1 = Yes clear them

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In
 
Do you have MRU-Blaster, MRUClean, Empty Temp Folders or Disk Cleaner? Or
some other MRU cleaning utility?
Click to expand...

No, I used some cleaner but never told them to automatic startup or to
install anything in the start menu. Moreover as I said I made the test
booting from Safe Mode to Safe Mode: this should exclude any 3rd party
startup programs.

If you do that may be what's cleaning out the Recent folder.

Try creating this registry key...

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Value Name: ClearRecentDocsOnExit
Value Type: REG_DWORD
Value Data: 0

Values for Value Data are:
0 = No don't clear
1 = Yes clear them
Click to expand...

Nothing changes, even with this key.

One more clue: also the Start->Run history gets cleaned in the same
way !
I suspect that there's some incongruency in some registry keys that
confuse explorer.exe

Are there other registry keys that get involved in letting
explorer.exe decide to clear Recent Docs and Run hystory?

/Cet
 
Microsoft (R) Windows (R) XP Operating System Group Policy Result tool
v2.0
Copyright (C) Microsoft Corp. 1981-2001

Created On 07/07/2005 at 14.45.15


RSOP results for A202409W1\myname on A202409W1 : Logging Mode
------------------------------------------------------------------

OS Type: Microsoft Windows XP Professional
OS Configuration: Standalone Workstation
OS Version: 5.1.2600
Domain Name: A202409W1
Domain Type: N/A<Local Computer>
Site Name: N/A
Roaming Profile:
Local Profile: C:\Documents and Settings\myname
Connected over a slow link?: Yes


COMPUTER SETTINGS
------------------

Last time Group Policy was applied: 07/07/2005 at 13.02.19
Group Policy was applied from: N/A
Group Policy slow link threshold: 500 kbps

Applied Group Policy Objects
-----------------------------
N/A

The following GPOs were not applied because they were filtered out
-------------------------------------------------------------------
Local Group Policy
Filtering: Not Applied (Empty)

The computer is a part of the following security groups:
--------------------------------------------------------
BUILTIN\Administrators
Everyone
NT AUTHORITY\Authenticated Users

Resultant Set Of Policies for Computer:
----------------------------------------

Software Installations
----------------------
N/A

Startup Scripts
---------------
N/A

Shutdown Scripts
----------------
N/A

Account Policies
----------------
N/A

Audit Policy
------------
N/A

User Rights
-----------
N/A

Security Options
----------------
N/A

Event Log Settings
------------------
N/A

Restricted Groups
-----------------
N/A

System Services
---------------
N/A

Registry Settings
-----------------
N/A

File System Settings
--------------------
N/A

Public Key Policies
-------------------
N/A

Administrative Templates
------------------------
N/A


USER SETTINGS
--------------

Last time Group Policy was applied: 07/07/2005 at 13.02.19
Group Policy was applied from: N/A
Group Policy slow link threshold: 500 kbps

Applied Group Policy Objects
-----------------------------
Local Group Policy

The user is a part of the following security groups:
----------------------------------------------------
None
Everyone
Debugger Users
BUILTIN\Administrators
BUILTIN\Users
NT AUTHORITY\INTERACTIVE
NT AUTHORITY\Authenticated Users
LOCAL

Resultant Set Of Policies for User:
------------------------------------

Software Installations
----------------------
N/A

Public Key Policies
-------------------
N/A

Administrative Templates
------------------------
N/A

Folder Redirection
------------------
N/A

Internet Explorer Browser User Interface
----------------------------------------
N/A

Internet Explorer Connection
----------------------------
N/A

Internet Explorer URLs
 
Well we now know it's not a policy.

Tweakui does it at logon not logoff.

Type in Start Run

msinfo32 /categories +SWStartupPrograms /report "%userprofile%\desktop\msinfoSP.txt"

A text file will appear on your desktop.
 
Here you are (there should be tabs between fields, I imported into
excel to read it better)

============ CUT HERE ===============


From: "" <[email protected]>
Newsgroups: microsoft.public.windowsxp.basics
Subject: Re: My Recent Document always emptied
Date: Thu, 07 Jul 2005 07:08:12 -0700

System Information report written at: 07/07/05 16:06:33
System Name: A202409W1
[System Summary]

Item Value
OS Name Microsoft Windows XP Professional
Version 5.1.2600 Service Pack 2 Build 2600
OS Manufacturer Microsoft Corporation
System Name A202409W1
System Manufacturer Hewlett-Packard
System Model hp Compaq nc8000 (DE543AV)
System Type X86-based PC
Processor x86 Family 6 Model 13 Stepping 6 GenuineIntel ~1594 Mhz
BIOS Version/Date Hewlett-Packard 68BAR Ver. F.13, 03/11/2004
SMBIOS Version 2.3
Windows Directory C:\WINDOWS
System Directory C:\WINDOWS\system32
Boot Device \Device\HarddiskVolume1
Locale Italy
Hardware Abstraction Layer Version = "5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)"
User Name A202409W1\myname
Time Zone W. Europe Daylight Time
Total Physical Memory 1.025,00 MB
Available Physical Memory 585,74 MB
Total Virtual Memory 2,00 GB
Available Virtual Memory 1,96 GB
Page File Space 925,65 MB

[Software Environment]



[Startup Programs]

Program Command User Name Location
desktop desktop.ini NT AUTHORITY\SYSTEM Startup
CTFMON.EXE c:\windows\system32\ctfmon.exe NT
AUTHORITY\SYSTEM HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
CTFMON.EXE c:\windows\system32\ctfmon.exe NT AUTHORITY\LOCAL
SERVICE HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
CTFMON.EXE c:\windows\system32\ctfmon.exe NT AUTHORITY\NETWORK
SERVICE HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
PTReplicator ptreplicator.lnk A202409W1\myname Startup
Rainlendar rainlendar.lnk A202409W1\myname Startup
Shortcut to ed2klinker shortcut to
ed2klinker.lnk A202409W1\myname Startup
X1 System Tray x1 system tray.lnk A202409W1\myname Startup
SpeedswitchXP c:\program
files\speedswitchxp\speedswitchxp.exe A202409W1\myname HKU\S-1-5-21-2025429265-1383384898-1957994488-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
RoboForm "c:\program files\siber systems\ai
roboform\robotaskbaricon.exe" A202409W1\myname HKU\S-1-5-21-2025429265-1383384898-1957994488-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
PSwitch c:\program files\proxy switcher
standard\proxyswitcher.exe A202409W1\myname HKU\S-1-5-21-2025429265-1383384898-1957994488-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Iconoid "c:\program files\iconoid\iconoid.exe" -wait
0 A202409W1\myname HKU\S-1-5-21-2025429265-1383384898-1957994488-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
desktop desktop.ini .DEFAULT Startup
CTFMON.EXE c:\windows\system32\ctfmon.exe .DEFAULT HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
hpoddt01.exe c:\progra~1\hewlet~1\digita~1\bin\hpotdd01.exe All
Users Common Startup
jetToolBar c:\progra~1\jettoo~1\jettb.exe All Users Common Startup
Phone Connection Monitor c:\progra~1\sonyer~1\mobile\audevi~1.exe All
Users Common Startup
U.S. Robotics 802.11g Wireless Network
Utility c:\progra~1\usrobo~1.11g\usrwlang.exe All Users Common Startup
SynTPLpr c:\program files\synaptics\syntp\syntplpr.exe All
Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SynTPEnh c:\program files\synaptics\syntp\syntpenh.exe All
Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SunJavaUpdateSched c:\program
files\java\jre1.5.0_02\bin\jusched.exe All
Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SoundMAXPnP c:\program files\analog devices\soundmax\smax4pnp.exe All
Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SoundMAX c:\program files\analog devices\soundmax\smax4.exe /tray All
Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
PRONoMgr.exe c:\program files\intel\ncs\proset\pronomgr.exe All
Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
nod32kui "c:\program files\eset\nod32kui.exe" /waitservice All
Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
NeroFilterCheck c:\windows\system32\nerocheck.exe All
Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
MessengerPlus3 "c:\program files\messengerplus! 3\msgplus.exe" All
Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
eabconfg.cpl c:\program files\hpq\quick launch buttons\eabservr.exe
/start All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Cpqset c:\program files\hpq\default settings\cpqset.exe All
Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ChkAdmin c:\progra~1\compaq\compaq~1\chkadmin.exe All
Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
bpk c:\program files\bpk\bpk.exe All
Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ATIPTA c:\program files\ati technologies\ati control
panel\atiptaxx.exe All
Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
AGRSMMSG agrsmmsg.exe All
Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run


============ CUT HERE ===============
 
No such thing as tabs on the web (IE makes them 1 space). Can you attach the file as it's pretty unreadable.

Can you also identify some of the files. Find them, right click them, and chhose Properties and look at the version tab.

CTFMON is fine. Wierd names starting with H are HP files. Files starting with ATI are ATI videocard files. Soundmax is your sound card.

Perhaps easier, type msconfig in start run, and Choose Selective Startup and untick everything. Reboot - do you still have the behaviour? If so then type msconfig ..., then have all checked except startup, do you still have the behaviour? If so go and get the version and try to explain [to me] what the program does or just untick them 1 by 1 on msconfig's startup tab.
--
--------------------------------------------------------------------------------------------------
http://webdiary.smh.com.au/archives/_comment/001075.html
=================================================
Here you are (there should be tabs between fields, I imported into
excel to read it better)

============ CUT HERE ===============


From: "" <[email protected]>
Newsgroups: microsoft.public.windowsxp.basics
Subject: Re: My Recent Document always emptied
Date: Thu, 07 Jul 2005 07:08:12 -0700

System Information report written at: 07/07/05 16:06:33
System Name: A202409W1
[System Summary]

Item Value
OS Name Microsoft Windows XP Professional
Version 5.1.2600 Service Pack 2 Build 2600
OS Manufacturer Microsoft Corporation
System Name A202409W1
System Manufacturer Hewlett-Packard
System Model hp Compaq nc8000 (DE543AV)
System Type X86-based PC
Processor x86 Family 6 Model 13 Stepping 6 GenuineIntel ~1594 Mhz
BIOS Version/Date Hewlett-Packard 68BAR Ver. F.13, 03/11/2004
SMBIOS Version 2.3
Windows Directory C:\WINDOWS
System Directory C:\WINDOWS\system32
Boot Device \Device\HarddiskVolume1
Locale Italy
Hardware Abstraction Layer Version = "5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)"
User Name A202409W1\myname
Time Zone W. Europe Daylight Time
Total Physical Memory 1.025,00 MB
Available Physical Memory 585,74 MB
Total Virtual Memory 2,00 GB
Available Virtual Memory 1,96 GB
Page File Space 925,65 MB

[Software Environment]



[Startup Programs]

Program Command User Name Location
desktop desktop.ini NT AUTHORITY\SYSTEM Startup
CTFMON.EXE c:\windows\system32\ctfmon.exe NT
AUTHORITY\SYSTEM HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
CTFMON.EXE c:\windows\system32\ctfmon.exe NT AUTHORITY\LOCAL
SERVICE HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
CTFMON.EXE c:\windows\system32\ctfmon.exe NT AUTHORITY\NETWORK
SERVICE HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
PTReplicator ptreplicator.lnk A202409W1\myname Startup
Rainlendar rainlendar.lnk A202409W1\myname Startup
Shortcut to ed2klinker shortcut to
ed2klinker.lnk A202409W1\myname Startup
X1 System Tray x1 system tray.lnk A202409W1\myname Startup
SpeedswitchXP c:\program
files\speedswitchxp\speedswitchxp.exe A202409W1\myname HKU\S-1-5-21-2025429265-1383384898-1957994488-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
RoboForm "c:\program files\siber systems\ai
roboform\robotaskbaricon.exe" A202409W1\myname HKU\S-1-5-21-2025429265-1383384898-1957994488-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
PSwitch c:\program files\proxy switcher
standard\proxyswitcher.exe A202409W1\myname HKU\S-1-5-21-2025429265-1383384898-1957994488-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Iconoid "c:\program files\iconoid\iconoid.exe" -wait
0 A202409W1\myname HKU\S-1-5-21-2025429265-1383384898-1957994488-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
desktop desktop.ini .DEFAULT Startup
CTFMON.EXE c:\windows\system32\ctfmon.exe .DEFAULT HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
hpoddt01.exe c:\progra~1\hewlet~1\digita~1\bin\hpotdd01.exe All
Users Common Startup
jetToolBar c:\progra~1\jettoo~1\jettb.exe All Users Common Startup
Phone Connection Monitor c:\progra~1\sonyer~1\mobile\audevi~1.exe All
Users Common Startup
U.S. Robotics 802.11g Wireless Network
Utility c:\progra~1\usrobo~1.11g\usrwlang.exe All Users Common Startup
SynTPLpr c:\program files\synaptics\syntp\syntplpr.exe All
Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SynTPEnh c:\program files\synaptics\syntp\syntpenh.exe All
Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SunJavaUpdateSched c:\program
files\java\jre1.5.0_02\bin\jusched.exe All
Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SoundMAXPnP c:\program files\analog devices\soundmax\smax4pnp.exe All
Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SoundMAX c:\program files\analog devices\soundmax\smax4.exe /tray All
Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
PRONoMgr.exe c:\program files\intel\ncs\proset\pronomgr.exe All
Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
nod32kui "c:\program files\eset\nod32kui.exe" /waitservice All
Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
NeroFilterCheck c:\windows\system32\nerocheck.exe All
Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
MessengerPlus3 "c:\program files\messengerplus! 3\msgplus.exe" All
Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
eabconfg.cpl c:\program files\hpq\quick launch buttons\eabservr.exe
/start All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Cpqset c:\program files\hpq\default settings\cpqset.exe All
Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ChkAdmin c:\progra~1\compaq\compaq~1\chkadmin.exe All
Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
bpk c:\program files\bpk\bpk.exe All
Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ATIPTA c:\program files\ati technologies\ati control
panel\atiptaxx.exe All
Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
AGRSMMSG agrsmmsg.exe All
Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run


============ CUT HERE ===============
Click to expand...
 
Well,

I can say I know everything about the files that start up with my PC, I
use very often programs like hijackthis and startup cop, so I tend to
exclude that it's something related to them.

Infact, to be sure of this, I made the "Safe Mode" trial, with no
success. Since "Safe Mode Windows" does not load any startup programs,
I excluded the problem was StartUp software.

I also made all the test you suggested with msconfig... I NEVER had a
working situation.

Following you find a piece of the registry monitoring during the weird
behaviour (start->Log out windows, followed by cancel):

===============================================

38 5.25072125 explorer.exe:352 CloseKey HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder SUCCESS Key:
0xE1F2BA08
39 5.25074025 explorer.exe:352 OpenKey HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder SUCCESS Key:
0xE1F2BA08
40 5.25088580 explorer.exe:352 DeleteKey HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder SUCCESS Key:
0xE1F2BA08
41 5.25090256 explorer.exe:352 CloseKey HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder SUCCESS Key:
0xE1F2BA08
42 5.25091345 explorer.exe:352 EnumerateKey HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs SUCCESS Name:
..doc
43 5.25093636 explorer.exe:352 OpenKey HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.doc SUCCESS Key:
0xE1F2BA08
44 5.25094586 explorer.exe:352 QueryKey HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.doc SUCCESS Unknown
Info Class
45 5.25095424 explorer.exe:352 EnumerateKey HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.doc NOMORE
46 5.25096849 explorer.exe:352 CloseKey HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.doc SUCCESS Key:
0xE1F2BA08
47 5.25098693 explorer.exe:352 OpenKey HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.doc SUCCESS Key:
0xE1F2BA08
48 5.25121712 explorer.exe:352 DeleteKey HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.doc SUCCESS Key:
0xE1F2BA08
49 5.25122802 explorer.exe:352 CloseKey HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.doc SUCCESS Key:
0xE1F2BA08
50 5.25123780 explorer.exe:352 EnumerateKey HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs NOMORE
51 5.25125177 explorer.exe:352 CloseKey HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs SUCCESS Key:
0xE13AF928
52 5.25127467 explorer.exe:352 OpenKey HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs SUCCESS Key:
0xE13AF928


===============================================

Tell me if you want to take a look at the entire log, tell me and I'll
upload it somewhere.

And thanks to be interested in this :-)

/Stefano
 
What I notice from the regmon is that something is enumerating doc files after it deletes the key (and after it's parent is deleted at that). Yet it seems uninterested in any other file type - is that correct? If so what ver office do you have?

Quick thing to try.

Export then delete this key (note the word EXPORT)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

Leave Regedit open, Start - Shutdown - Ctrl + Alt + Shift + Cancel (or Close depending on if the welcome screen is on or not). This does a clean shutdown of explorer without a logoff. Confirm that key is still not there in regedit (press F5)..

Ctrl + Shift + Escape, File - New Task - type explorer. Does this work normally. If not type in a command prompt (Ctrl + File - New Task in Task Manager gives you a clean cmd window)

tasklist /m /fi "imagename eq explorer.exe"

Go through and find what each dll is. Most are system files so ignore them.
 
Man, you have a lot of crap running at startup.

The only thing that looked suspicious to me is bpk.exe.
bpk.exe if you intentionally installed it may be OK, if you didn't...

[[bpk.exe is aprt of the Perfect Keylogger application and works in stealth
mode to records all keystrokes made on your system. This program is a
registered security risk and should be removed immediately]]
http://www.liutilities.com/products/wintaskspro/processlibrary/bpk/

Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
bpk c:\program files\bpk\bpk.exe All

bpk.exe probably has nothing to do with your Recent folder getting emptied.

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In
Here you are (there should be tabs between fields, I imported into
excel to read it better)

============ CUT HERE ===============


From: "" <[email protected]>
Newsgroups: microsoft.public.windowsxp.basics
Subject: Re: My Recent Document always emptied
Date: Thu, 07 Jul 2005 07:08:12 -0700

System Information report written at: 07/07/05 16:06:33
System Name: A202409W1
[System Summary]

Item Value
OS Name Microsoft Windows XP Professional
Version 5.1.2600 Service Pack 2 Build 2600
OS Manufacturer Microsoft Corporation
System Name A202409W1
System Manufacturer Hewlett-Packard
System Model hp Compaq nc8000 (DE543AV)
System Type X86-based PC
Processor x86 Family 6 Model 13 Stepping 6 GenuineIntel ~1594 Mhz
BIOS Version/Date Hewlett-Packard 68BAR Ver. F.13, 03/11/2004
SMBIOS Version 2.3
Windows Directory C:\WINDOWS
System Directory C:\WINDOWS\system32
Boot Device \Device\HarddiskVolume1
Locale Italy
Hardware Abstraction Layer Version = "5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)"
User Name A202409W1\myname
Time Zone W. Europe Daylight Time
Total Physical Memory 1.025,00 MB
Available Physical Memory 585,74 MB
Total Virtual Memory 2,00 GB
Available Virtual Memory 1,96 GB
Page File Space 925,65 MB

[Software Environment]



[Startup Programs]

Program Command User Name Location
desktop desktop.ini NT AUTHORITY\SYSTEM Startup
CTFMON.EXE c:\windows\system32\ctfmon.exe NT
AUTHORITY\SYSTEM
HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
CTFMON.EXE c:\windows\system32\ctfmon.exe NT AUTHORITY\LOCAL
SERVICE HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
CTFMON.EXE c:\windows\system32\ctfmon.exe NT AUTHORITY\NETWORK
SERVICE HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
PTReplicator ptreplicator.lnk A202409W1\myname Startup
Rainlendar rainlendar.lnk A202409W1\myname Startup
Shortcut to ed2klinker shortcut to
ed2klinker.lnk A202409W1\myname Startup
X1 System Tray x1 system tray.lnk A202409W1\myname Startup
SpeedswitchXP c:\program
files\speedswitchxp\speedswitchxp.exe A202409W1\myname
HKU\S-1-5-21-2025429265-1383384898-1957994488-1004\SOFTWARE\Microsoft\Window
s\CurrentVersion\Run
RoboForm "c:\program files\siber systems\ai
roboform\robotaskbaricon.exe" A202409W1\myname
HKU\S-1-5-21-2025429265-1383384898-1957994488-1004\SOFTWARE\Microsoft\Window
s\CurrentVersion\Run
PSwitch c:\program files\proxy switcher
standard\proxyswitcher.exe A202409W1\myname
HKU\S-1-5-21-2025429265-1383384898-1957994488-1004\SOFTWARE\Microsoft\Window
s\CurrentVersion\Run
Iconoid "c:\program files\iconoid\iconoid.exe" -wait
0 A202409W1\myname
HKU\S-1-5-21-2025429265-1383384898-1957994488-1004\SOFTWARE\Microsoft\Window
s\CurrentVersion\Run
desktop desktop.ini .DEFAULT Startup
CTFMON.EXE c:\windows\system32\ctfmon.exe .DEFAULT
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
hpoddt01.exe c:\progra~1\hewlet~1\digita~1\bin\hpotdd01.exe All
Users Common Startup
jetToolBar c:\progra~1\jettoo~1\jettb.exe All Users Common Startup
Phone Connection Monitor c:\progra~1\sonyer~1\mobile\audevi~1.exe All
Users Common Startup
U.S. Robotics 802.11g Wireless Network
Utility c:\progra~1\usrobo~1.11g\usrwlang.exe All Users Common Startup
SynTPLpr c:\program files\synaptics\syntp\syntplpr.exe All
Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SynTPEnh c:\program files\synaptics\syntp\syntpenh.exe All
Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SunJavaUpdateSched c:\program
files\java\jre1.5.0_02\bin\jusched.exe All
Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SoundMAXPnP c:\program files\analog devices\soundmax\smax4pnp.exe All
Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SoundMAX c:\program files\analog devices\soundmax\smax4.exe /tray All
Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
PRONoMgr.exe c:\program files\intel\ncs\proset\pronomgr.exe All
Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
nod32kui "c:\program files\eset\nod32kui.exe" /waitservice All
Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
NeroFilterCheck c:\windows\system32\nerocheck.exe All
Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
MessengerPlus3 "c:\program files\messengerplus! 3\msgplus.exe" All
Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
eabconfg.cpl c:\program files\hpq\quick launch buttons\eabservr.exe
/start All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Cpqset c:\program files\hpq\default settings\cpqset.exe All
Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ChkAdmin c:\progra~1\compaq\compaq~1\chkadmin.exe All
Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
bpk c:\program files\bpk\bpk.exe All
Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ATIPTA c:\program files\ati technologies\ati control
panel\atiptaxx.exe All
Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
AGRSMMSG agrsmmsg.exe All
Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run


============ CUT HERE ===============
Click to expand...
 
These are the modules: now I'll check them one by one.

ntdll.dll, kernel32.dll, msvcrt.dll,
ADVAPI32.dll, RPCRT4.dll, GDI32.dll,
USER32.dll, SHLWAPI.dll, SHELL32.dll,
ole32.dll, OLEAUT32.dll, BROWSEUI.dll,
SHDOCVW.dll, CRYPT32.dll, MSASN1.dll,
CRYPTUI.dll, WINTRUST.dll, IMAGEHLP.dll,
NETAPI32.dll, WININET.dll, WLDAP32.dll,
VERSION.dll, UxTheme.dll, ShimEng.dll,
AcGenral.DLL, WINMM.dll, MSACM32.dll,
USERENV.dll, IMM32.DLL, LPK.DLL, USP10.dll,
comctl32.dll, comctl32.dll,
MsgPlusLoader1.dll, SynTPFcs.dll,
msctfime.ime, appHelp.dll, CLBCATQ.DLL,
COMRes.dll, cscui.dll, CSCDLL.dll,
themeui.dll, Secur32.dll, MSIMG32.dll,
xpsp2res.dll, bpkhk.dll, actxprxy.dll,
LINKINFO.dll, ntshrui.dll, ATL.DLL,
SETUPAPI.dll, msi.dll, NETSHELL.dll,
rtutils.dll, credui.dll, WS2_32.dll,
WS2HELP.dll, iphlpapi.dll, WINSTA.dll,
webcheck.dll, WSOCK32.dll, stobject.dll,
BatMeter.dll, POWRPROF.dll, WTSAPI32.dll,
wdmaud.drv, msacm32.drv, midimap.dll,
WZCSAPI.DLL, SXS.DLL, urlmon.dll, MLANG.dll
 
All startups are under control, also the keylogger: I use it to recover
work in case of freezing.

Thanks,

/Cet
 
What is explained in the article is what should be the cause of what's
happening to my pc. The frustrating thing is that none of the 2 answers
is the cause of the deletion.

My next step is to record accesses to the registry on my machine and on
a working one, so that we can check line by line where is the different
behaviour.

/Cet
 
I checked everyone of them... no luck, they all are under control.

At http://tinyurl.com/98a4d there are 2 xls with the regmon traces of a
working pc and mine... Maybe there's something interesting...

It's like at a certain point explorer take the decision to run through
mru and recent docs, enumerate, and to erase the corresponding keys.

Ah, one more thing... looking at what happens with filemon, I see that
when I make start->logoff and then hit cancel, the folder "c:\documents
and settings\myname\Recent" gets DELETED by explorer and then
immediately after recreated...

/Cet
 
I have a similar problem with no solution. ;-(

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In
 
I hate reinstalling windows, I'll do whatevere I can to avoid it...

Wesley Vogel ha scritto:
 
Back
Top