Help
I am running Windows XP media edition I found a strange start up entry, and am not allowing it to run. I'm not having problems running anything so I'm not sure what to make of it. Maybe someone here does.
{Startup Item}= no name {Command}= no name {location}= software\microsoft\windows\currentVersion\run
i also have 1 more that looks just like it that is running the only difference being HKCU\ in front of software
Page 1 of 1
Start up item question?
Back to top
#2
- Learning To Bleep
-
- Group: BC Advisor
- Posts: 2,834
- Joined: 06-July 08
- Gender:Not Telling
- Location:127.0.0.1
Posted 31 October 2009 - 12:48 PM
Welcome to BC Popper 
How did you find it? Manually checking registry using registry editor or using some software tool?
How did you find it? Manually checking registry using registry editor or using some software tool?
#3
- New Member
-
- Group: Members
- Posts: 4
- Joined: 31-October 09
Posted 31 October 2009 - 12:55 PM
Originally it was found by spy bot with the system start up tool of witch said it was a worm.. I deleted it from there, did a reboot , then checked with spy bot again and it said it was gone. But when i did a manual check from msconfig - startup it is still there.
malewarebytes, spybot, and i have macafee. everything is coming back clean.
malewarebytes, spybot, and i have macafee. everything is coming back clean.
#4
- Distinguished Member
-
- Group: Members
- Posts: 807
- Joined: 28-May 09
- Gender:Male
- Location:Downstairs
Posted 31 October 2009 - 04:20 PM
Heard of it, never seen it!
See if this help you:
http://ask-leo.com/why_is_there_a_blank_en...up_entries.html
Please report what you find so we can understand it more or pursue it.
See if this help you:
http://ask-leo.com/why_is_there_a_blank_en...up_entries.html
Please report what you find so we can understand it more or pursue it.
This post has been edited by joseibarra: 31 October 2009 - 04:57 PM
Jose
#5
- Learning To Bleep
-
- Group: BC Advisor
- Posts: 2,834
- Joined: 06-July 08
- Gender:Not Telling
- Location:127.0.0.1
Posted 31 October 2009 - 10:48 PM
Download Startup Control Panel from http://www.mlin.net/StartupCPL.shtml
See if you find something like that under HKCU/Run or HKLM/Run category. If you find, take a snapshot and attach it here.
You can also download Autoruns from http://technet.microsoft.com/en-us/sysinte...s/bb963902.aspx
In Autoruns look under Logon tab, see if you find anything. Please report back if you find it.
See if you find something like that under HKCU/Run or HKLM/Run category. If you find, take a snapshot and attach it here.
You can also download Autoruns from http://technet.microsoft.com/en-us/sysinte...s/bb963902.aspx
In Autoruns look under Logon tab, see if you find anything. Please report back if you find it.
#6
- New Member
-
- Group: Members
- Posts: 4
- Joined: 31-October 09
Posted 01 November 2009 - 05:51 PM
Well, after playing some more I have still found nothing other then one entry in hijack this.
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
[OptionalComponents]
=
--------------------------------------------------
I even re enabled it to see if i could get spybot to find it again, and nothing. Nothing else is flagging it either.
So at this point my best guess is that the link joseibarra posted is correct and it's nothing. Al tho I am still bothered by the fact that spybot once found it as a worm. Maybe spybot was wrong??
I don't know, for now i guess I'll stop worrying about it. If anyone else finds anything different on it please feel free to post. I'll be keeping an eye out in here for a while.
Thanks everyone for the input.
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
[OptionalComponents]
=
--------------------------------------------------
I even re enabled it to see if i could get spybot to find it again, and nothing. Nothing else is flagging it either.
So at this point my best guess is that the link joseibarra posted is correct and it's nothing. Al tho I am still bothered by the fact that spybot once found it as a worm. Maybe spybot was wrong??
I don't know, for now i guess I'll stop worrying about it. If anyone else finds anything different on it please feel free to post. I'll be keeping an eye out in here for a while.
Thanks everyone for the input.
#7
- Distinguished Member
-
- Group: Members
- Posts: 807
- Joined: 28-May 09
- Gender:Male
- Location:Downstairs
Posted 01 November 2009 - 08:50 PM
The link joseibarra posted is supposed to help you fix the probably harmless but annoying pest.
Click Start, Run and in the box enter:
msconfig
Click OK and then the Startup tab.
Do you see an item that has a blank Startup Item, Command or Location value like the example in this link?
http://ask-leo.com/why_is_there_a_blank_en...up_entries.html
Each entry in yours should have three columns of information. The check box may be checked or unchecked, we are looking for empty values in the columns.
If you see one with missing information, what is the value for the other columns of the afflicted entry?
Report what you see and while waiting, please download Autoruns from here:
http://technet.microsoft.com/en-us/sysinte...s/bb963902.aspx
Click Start, Run and in the box enter:
msconfig
Click OK and then the Startup tab.
Do you see an item that has a blank Startup Item, Command or Location value like the example in this link?
http://ask-leo.com/why_is_there_a_blank_en...up_entries.html
Each entry in yours should have three columns of information. The check box may be checked or unchecked, we are looking for empty values in the columns.
If you see one with missing information, what is the value for the other columns of the afflicted entry?
Report what you see and while waiting, please download Autoruns from here:
http://technet.microsoft.com/en-us/sysinte...s/bb963902.aspx
Jose
#8
- New Member
-
- Group: Members
- Posts: 4
- Joined: 31-October 09
Posted 02 November 2009 - 03:54 AM
O.K. Well as of my last post I have done nothing but reboot. I have done no deleting or changing of anything. The first entry in start up that i posted about has disappeared! Now I'm more disturbed. Maybe a delayed reaction from deletion in spybot to actual deletion in system?
I am still left with the second one thou.
I have attached screen shots so you can see exactly what I'm seeing..
My best guess is AIM6.
I have already addressed everything in previous posts.
I am still left with the second one thou.
I have attached screen shots so you can see exactly what I'm seeing..
My best guess is AIM6.
Quote
joseibarra Posted Yesterday, 07:50 PM
The link joseibarra posted is supposed to help you fix the probably harmless but annoying pest.
Click Start, Run and in the box enter:
msconfig
Click OK and then the Startup tab.
Do you see an item that has a blank Startup Item, Command or Location value like the example in this link?
http://ask-leo.com/why_is_there_a_blank_en...up_entries.html
Each entry in yours should have three columns of information. The check box may be checked or unchecked, we are looking for empty values in the columns.
If you see one with missing information, what is the value for the other columns of the afflicted entry?
Report what you see and while waiting, please download Autoruns from here:
http://technet.microsoft.com/en-us/sysinte...s/bb963902.aspx
The link joseibarra posted is supposed to help you fix the probably harmless but annoying pest.
Click Start, Run and in the box enter:
msconfig
Click OK and then the Startup tab.
Do you see an item that has a blank Startup Item, Command or Location value like the example in this link?
http://ask-leo.com/why_is_there_a_blank_en...up_entries.html
Each entry in yours should have three columns of information. The check box may be checked or unchecked, we are looking for empty values in the columns.
If you see one with missing information, what is the value for the other columns of the afflicted entry?
Report what you see and while waiting, please download Autoruns from here:
http://technet.microsoft.com/en-us/sysinte...s/bb963902.aspx
I have already addressed everything in previous posts.
Quote
Popper Posted Oct 31 2009, 11:35 AM
I am running Windows XP media edition I found a strange start up entry, and am not allowing it to run. I'm not having problems running anything so I'm not sure what to make of it. Maybe someone here does.
{Startup Item}= no name {Command}= no name {location}= software\microsoft\windows\currentVersion\run
i also have 1 more that looks just like it that is running the only difference being HKCU\ in front of software
I am running Windows XP media edition I found a strange start up entry, and am not allowing it to run. I'm not having problems running anything so I'm not sure what to make of it. Maybe someone here does.
{Startup Item}= no name {Command}= no name {location}= software\microsoft\windows\currentVersion\run
i also have 1 more that looks just like it that is running the only difference being HKCU\ in front of software
Quote
Popper Posted Oct 31 2009, 11:55 AM
Originally it was found by spy bot with the system start up tool of witch said it was a worm.. I deleted it from there, did a reboot , then checked with spy bot again and it said it was gone. But when i did a manual check from msconfig - startup it is still there.
malewarebytes, spybot, and i have macafee. everything is coming back clean.
Originally it was found by spy bot with the system start up tool of witch said it was a worm.. I deleted it from there, did a reboot , then checked with spy bot again and it said it was gone. But when i did a manual check from msconfig - startup it is still there.
malewarebytes, spybot, and i have macafee. everything is coming back clean.
Attached File(s)
-
screen_shot_11_2.jpg (110.1K)
Number of downloads: 29 -
screen2_11_2.jpg (115.36K)
Number of downloads: 30 -
screen3_11_2.jpg (247.04K)
Number of downloads: 32
#9
- Distinguished Member
-
- Group: Members
- Posts: 807
- Joined: 28-May 09
- Gender:Male
- Location:Downstairs
Posted 02 November 2009 - 07:15 AM
Very good.
From msconfig, you can see the annoying empty Startup Item.
There are two popular registry "Run" places for things to start:
HKCU = Current User and HKLM = Local Machine.
The last column in your msconfig says your afflicted entry is in the HKCU (Current User) section. It is missing information.
Your Startup Control Panel program is showing the HKCU / Run entries tab with a curious Aim6 entry - missing info. I don't know if that program will let you delete bogus entries or not, but I know Autoruns will.
Your Autoruns and regedit are showing that you are looking in the HKLM section but the problem is not there. It is in the HKCU section.
The ask-leo page example is in HKLM, but that is not where yours is. It could be in either place.
I would use Autoruns, locate the HKCU section, find the bogus entry and delete it from HKCU, reboot, and then check msconfig again.
If you Aim6 is not working, just reinstall it.
From msconfig, you can see the annoying empty Startup Item.
There are two popular registry "Run" places for things to start:
HKCU = Current User and HKLM = Local Machine.
The last column in your msconfig says your afflicted entry is in the HKCU (Current User) section. It is missing information.
Your Startup Control Panel program is showing the HKCU / Run entries tab with a curious Aim6 entry - missing info. I don't know if that program will let you delete bogus entries or not, but I know Autoruns will.
Your Autoruns and regedit are showing that you are looking in the HKLM section but the problem is not there. It is in the HKCU section.
The ask-leo page example is in HKLM, but that is not where yours is. It could be in either place.
I would use Autoruns, locate the HKCU section, find the bogus entry and delete it from HKCU, reboot, and then check msconfig again.
If you Aim6 is not working, just reinstall it.
This post has been edited by joseibarra: 02 November 2009 - 07:26 AM
Jose
Share this topic:
Page 1 of 1