Random entries in BootExecute

[BadHead]

Hi,

Has any one got any ideas whatsoever as to why random entries keep appearing
in BootExecute. These random entries look something like

??? autochk *
TED autochk *

or frankly any string of characters followed by "autochk *"

This leads to a blue screen before booting up informing me that

? cannot be found. Skipping program.

This message appears for each entry in the BootExecute, and instead of ?
there is the name of the entry, i.e. ??? or TED.

Sometimes, when these random entries are present, Windows does not complete
the bootup process and halts with just the desktop picture showing.

Any ideas?

My system spec is below:

Thanks.

--
BadHead
---

OS: Windows XP Professional SP2 (32-bit)
Office Suite: Microsoft Office 2003 Professional SP3
----------------------------------------------------

Motherboard: Asus Crosshair (BIOS Revision: 1103)
CPU: AMD Phenom X4 Quad Core 9850 Black Edition
RAM: 4Gb (2x2GB) Corsair Twin2x 4096-6400C5DHX
GPU: Asus ENGTX280 nVidia 280
HDD: 2.50TB (Over 5 SATAII Western Digital HDD's)
===

 

[Unknown]

What is BootExecute?

 

[Maurice N ~ MVP]

State all occurences where you have seen these entries.
But, generally speaking, autochk is a normal reference to a startup entry for AUTOCHK (a unique version of CHKDSK that runs at each XP startup).
BTW, cannot guess as to the significance or origin of "TED"

Also, reply if you are utterly unable (or even if you have tried) to bootup in Safe mode to do further research.
Also, have you been in Regedit making changes ??

Try F8 selective startup of XP ---- choose the option with "boot logging".
Restart the system. Right away and before Windows loads, tap & keep re-tapping F8 Function key on the keyboard.
At the Windows Advanced Options Menu, select "Enable boot logging".

Hopefully you would then (at some later time) be able to see the contents of "Ntbtlog.txt", see which drivers and services may be the problem.

The following is a snippet from XP's Help and Support: on Enable Boot Logging
Starts while logging all the drivers and services that were loaded (or not loaded) by the system to a file.

This file is called ntbtlog.txt and it is located in the %windir% directory.

Safe Mode, Safe Mode with Networking, and Safe Mode with Command Prompt add to the boot log a list of all the drivers and services that are loaded.
The boot log is useful in determining the exact cause of system startup
problems.

 

[BadHead]

Hi,

Here is a "Copy and Paste" of a few the latest random entries in
BootExecute:

autocheck autochk *
autocheck ???
autocheck N??sStarted
autocheck ted

Any ideas? I can fix them easily enough by entering the registry and
deleting the questionable entries, but I shouldn't have to...


State all occurences where you have seen these entries.
But, generally speaking, autochk is a normal reference to a startup entry
for AUTOCHK (a unique version of CHKDSK that runs at each XP startup).
BTW, cannot guess as to the significance or origin of "TED"

Also, reply if you are utterly unable (or even if you have tried) to bootup
in Safe mode to do further research.
Also, have you been in Regedit making changes ??

Try F8 selective startup of XP ---- choose the option with "boot logging".
Restart the system. Right away and before Windows loads, tap & keep
re-tapping F8 Function key on the keyboard.
At the Windows Advanced Options Menu, select "Enable boot logging".

Hopefully you would then (at some later time) be able to see the contents of
"Ntbtlog.txt", see which drivers and services may be the problem.

The following is a snippet from XP's Help and Support: on Enable Boot
Logging
Starts while logging all the drivers and services that were loaded (or not
loaded) by the system to a file.

This file is called ntbtlog.txt and it is located in the %windir% directory.

Safe Mode, Safe Mode with Networking, and Safe Mode with Command Prompt add
to the boot log a list of all the drivers and services that are loaded.
The boot log is useful in determining the exact cause of system startup
problems.

 

[Maurice N ~ MVP]

Hello Badhead,

I would very strongly urge you to not edit or change entries in the system
registry. You may very well inadvertently make a change that will render the
system unbootable.

Instead I would recommend that you insure your antivirus and ant-malware
apps are up-to-date, and then do a full scan with each on your system.
I would also suggest you do a "global" search {using XP Search} for any file
that has "ted" as part of it's name.
Search for *ted*.* in the filename block

I would also suggest you run MBAM:
Download & save Malwarebytes Anti-Malware from
http://www.besttechie.net/tools/mbam-setup.exe or
http://malwarebytes.gt500.org/mbam.jsp
Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware
and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform FULL Scan, then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be
prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the
Logs tab in MBAM.
Copy & Paste the entire report in a new reply as soon as it has finished.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented
with 1 of 2 prompts.
click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

MBAM is an excellent first-line program to use and keep.

Do not post any logs on the MS newgroups, please. If you need greater help,
I can recommend a few forums for you to visit.

Download Silent Runners.vbs http://www.silentrunners.org/

(use IE to download it) save it to a new folder on your drive and run it. It
generates a log. It takes a minute or two and it will notify you with a
popup when your log is ready (it will be in the new folder you created). If
your AV queries the script, allow it to run. It's not malicious.

Once you have the log, look it over for any references with "ted"