System Config

G

Guest

I have two new items that appear to be running under my start-up tab.

Under startup item and command the name's appear on as 5 squares ????

The location for one is:

hkcu\software\microsoft\windows nt\current version\windows:run

and

hkcu\software\microsoft\windows nt\current version\windows:load

Does anyone know what this is or how to get rid of it ?????

Thanks in advance,
Bob
 
W

Wesley Vogel

Using load and run sounds like malware to me.

Update your antivirus software and run a full system scan.

Update whatever anti-spyware applications that you have and run a full
system scan with each one.

You might want to start in Safe Mode to run your antivirus and anti-spyware
software.

Running a full system antivirus scan or anti-spyware scan in Safe Mode can
be a good idea. Some viruses and other malware like to conceal themselves
in areas Windows protects while using them. Safe mode will prevent those
applications access and therefore unprotect the viruses or other malware
allowing for easier removal.

How to start Windows in Safe Mode Windows XP
http://www.bleepingcomputer.com/forums/index.php?showtutorial=61#winxo

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In
 
G

Guest

I do not suspect a virus but it is a strange thing. I ran my norton
antivirus and AVG and neither detected a virus. I also ran CCleaner (reg
cleaner) , ad-aware SE, Spybot, and SpySubtract. Nothing was found out of
the ordinary. I am not even sure what Windows NT is. I am using Windows XP.
I am not very smart when it comes to this. I did run msconfig and disabled
the two items. I then created a restore point. I then ran a regedt32 but
did not know what I was looking at. So that is where I am at at this point.
Some additional info. When I re-boot my computer, an error message says it
can not find theses files and I must hit OK to continue. The error shows the
file name as four squares (I can not find a key to match on my keyboard).
Thanks in advance.
 
W

Wesley Vogel

Bob,

Windows XP is really Windows NT 5.1. NT stands for New Technology and XP
stands for eXPerience. The name Windows XP was some kind of a marketing
deal.

This is the location in the registry:

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows
Value Name: Load
Data Type: REG_SZ
Value Data: Path to the executable

Value Name: Run
Data Type: REG_SZ
Value Data: Path to the executable

Normally the Value Data for both Load and Run should be blank. Path to the
executable just means the path and the name of the .exe or .dll file or
whatever that you probably have.

This MSKB article explains a little about Load & Run...
Programs Automatically Start When User Logs on to Windows
http://support.microsoft.com/kb/147369

Legitimate programs do not normally use Load and Run, it's a way for malware
to hide.

Post back with whatever you happen to find in Load and/or Run.

Or just delete whatever is in the Value Data for Load and Run.

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads


Top