Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Two Unidentified Items In Start-up


  • Please log in to reply
7 replies to this topic

#1 KKRoadie

KKRoadie

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:06:32 AM

Posted 25 February 2007 - 12:24 PM

I am using the bleeping computer database to clean up my start up files and I found two that I can't find anywhere in the database.

Startup Item is not text but rather three square boxes
Command is also just three square boxes

The locations are

HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVerison\Windows:Run

and

HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVerison\Windows:Load

Should I disable these items or leave them alone?

Thx in advance
KK

BC AdBot (Login to Remove)

 


m

#2 nigglesnush85

nigglesnush85

  • Members
  • 4,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:11:32 AM

Posted 25 February 2007 - 12:28 PM

Have you downloade and installed the advanced text packs in the control panel and regional and language settings.

the squares appear because the language can't be read. so it appears as squares. installing the text packs should help you id what they are.
Regards,

Alan.

#3 KKRoadie

KKRoadie
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:06:32 AM

Posted 25 February 2007 - 12:44 PM

Have you downloade and installed the advanced text packs in the control panel and regional and language settings.

the squares appear because the language can't be read. so it appears as squares. installing the text packs should help you id what they are.


So what additional languages should I install? There appear to be more than 50 unchecked.

KK

#4 nigglesnush85

nigglesnush85

  • Members
  • 4,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:11:32 AM

Posted 25 February 2007 - 01:50 PM

in the regional and languages setup under the languages tab, tick the two boxes under the suplemental language support part. click ok or apply. once it has done, you might have to reboot for the changes to work.
Regards,

Alan.

#5 KKRoadie

KKRoadie
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:06:32 AM

Posted 25 February 2007 - 02:01 PM

OK

That worked but now the name looks like something that the artist formerlly known as Prince would use as his name.

I removed it from the start-up and it recreated itself (but different symbols)

Windows warns me that it can't find the file but everything appears to run normally.

How do I rid myself of this vermin?

I've run Webroot Spy Sweeper and Trend Micro Antivirus and they can't find it.

I don't know if it's related but I also can't rid myself of the NvCpl.EXE file in startup (a known virus)

Any suggestions?????

#6 nigglesnush85

nigglesnush85

  • Members
  • 4,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:11:32 AM

Posted 25 February 2007 - 02:29 PM

Download hijackthis tell it to do a scan and post the results on the Bleeping computer hijack this forum, http://www.majorgeeks.com/download3155.html
Regards,

Alan.

#7 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,074 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:06:32 AM

Posted 26 February 2007 - 08:59 AM

Please stop messing around with the registry - you can cause your system to crash and it may not be able to recover from it.

Also, backup your data immediately - as you are in danger of losing it.

NvCpl.EXE is likely to be a virus - but not being able to delete it should tell you something more. That is, that the attack on your system is multi-faceted and the virus writer has anticipated your attempts to remove it.

So, I'd first suggest a free, online scan here: http://safety.live.com/
Then, I'd post a HJT log here for help in removing all traces of the infection: http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/

Finally, after all traces of the infection are gone, you may still experience problems. This is likely due to damage caused by the virus and the removal attempts. We can usually fix this, but it can't be done until the system has been cleaned by the HJT Team.
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#8 KKRoadie

KKRoadie
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:06:32 AM

Posted 26 February 2007 - 09:11 PM

I back-up my hard drive every night to a duplicate drive. Problem is I'm pretty sure the problem has been copied to the back-up drive as well.

I posted the Hijackthis log to the proper forum yesterday.

Thx
KK

Please stop messing around with the registry - you can cause your system to crash and it may not be able to recover from it.

Also, backup your data immediately - as you are in danger of losing it.

NvCpl.EXE is likely to be a virus - but not being able to delete it should tell you something more. That is, that the attack on your system is multi-faceted and the virus writer has anticipated your attempts to remove it.

So, I'd first suggest a free, online scan here: http://safety.live.com/
Then, I'd post a HJT log here for help in removing all traces of the infection: http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/

Finally, after all traces of the infection are gone, you may still experience problems. This is likely due to damage caused by the virus and the removal attempts. We can usually fix this, but it can't be done until the system has been cleaned by the HJT Team.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users