Unknown command in System Config Utili/startup

[ATCSMike]

I have this unknown command listed in the startup section of System
Configuration Utility. All that is listed is it's registry location:
HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Run.

I looked in that location and see nothing strange. There are 12 programs
starting at that location, but I only find 11 plus the Default listed.

I haven't installed anything lately, other than Windows updates. Is
there a way I can find out what the command is?

Thanks.
--
AOL AIM: ATCSMike
Yahoo Messenger: frostbitemike
United States Navy 1979-1982
Aviation Machinists Mate 2nd Class
VT-23, HS-1, USS Carl Vinson CVN70 (Plank Owner)

email treesqueak (at) gci (dot) net


---
avast! Antivirus: Outbound message clean.
Virus Database (VPS): 0617-1, 04/25/2006
Tested on: 4/25/2006 4:05:10 PM
avast! - copyright (c) 1988-2006 ALWIL Software.
http://www.avast.com

 

[Wesley Vogel]

Could be a startup orphan.

A startup orphan is a startup item that has a non-existent target file.

If there is no path in Value Data, the item shows up blank in
msconfig | Startup. Also if Default under Data is blank (nothing
there at all) instead of (value not set).

Start | Run | Type: regedit | Click OK |
Navigate to >>
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

What do you see in the right hand pane?
Do you see an entry with blank (nothing there at all) in the Data
column?

From StartMan HELP:
[[An orphan is a startup item that has a non-existent target file.

How do they occur?

They primarily occur because you've disabled a startup and then, at a
later date, uninstalled the program that uses it. The uninstaller won't
know about the disabled startup so it gets left behind. And if the
uninstaller deletes the target file then the startup becomes an orphan.
Orphans can also occur if you rename or move the target file elsewhere.
Where an orphan is also enabled you may see missing file reports at
startup. In the case of menu startups (shortcuts), the shell will
attempt to resolve the target by a brute-force search for the file based
upon the information stored in the shortcut.

How do I avoid creating orphans when uninstalling software?

Firstly, before uninstalling any software, ensure all its startups are
enabled with StartMan. This ensures all its startups can be located.
Next, use the program's own options to disable or remove the startups -
if that is an option. Finally, uninstall the software. All things being
equal, the startups should be gone, along with the software that used
them. If not...]]

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In

 

[Larry LaMere]

I have this unknown command listed in the startup section of System
Configuration Utility. All that is listed is it's registry location:
HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Run.

I looked in that location and see nothing strange. There are 12 programs
starting at that location, but I only find 11 plus the Default listed.

I haven't installed anything lately, other than Windows updates. Is
there a way I can find out what the command is?

Thanks.

Don't have an answer but I have the same thing except I have 2. They are:

HKLM/SOFTWARE/Microsoft/WindowsNT/CurrentVersion/Run and
HKLM/SOFTWARE/Microsoft/WindowsNT/CurrentVersion/Load

I had just updated AdAware SE and Spyware Blaster. I have Windows Updates set to download and
install automatically and didn't even think of that. I've disabled them in startup and everything
seems fine but can't get rid of them since there's no reference as to what program is causing them.

So if you find out please let me know.

 

[Larry LaMere]

Could be a startup orphan.

A startup orphan is a startup item that has a non-existent target file.

If there is no path in Value Data, the item shows up blank in
msconfig | Startup. Also if Default under Data is blank (nothing
there at all) instead of (value not set).

Start | Run | Type: regedit | Click OK |
Navigate to >>
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

What do you see in the right hand pane?
Do you see an entry with blank (nothing there at all) in the Data
column?

From StartMan HELP:
[[An orphan is a startup item that has a non-existent target file.

How do they occur?

They primarily occur because you've disabled a startup and then, at a
later date, uninstalled the program that uses it. The uninstaller won't
know about the disabled startup so it gets left behind. And if the
uninstaller deletes the target file then the startup becomes an orphan.
Orphans can also occur if you rename or move the target file elsewhere.
Where an orphan is also enabled you may see missing file reports at
startup. In the case of menu startups (shortcuts), the shell will
attempt to resolve the target by a brute-force search for the file based
upon the information stored in the shortcut.

How do I avoid creating orphans when uninstalling software?

Firstly, before uninstalling any software, ensure all its startups are
enabled with StartMan. This ensures all its startups can be located.
Next, use the program's own options to disable or remove the startups -
if that is an option. Finally, uninstall the software. All things being
equal, the startups should be gone, along with the software that used
them. If not...]]

Don't know about the original poster but the two programs that I deleted, AdAware SE and Spyware
Blaster, were active in startup and weren't deleted untill after the problem surfaced.

Any other suggestions. I'm going to reinstall them then delete them again just on the off chance.

 

[ATCSMike]

Could be a startup orphan.

A startup orphan is a startup item that has a non-existent target file.

If there is no path in Value Data, the item shows up blank in
msconfig | Startup. Also if Default under Data is blank (nothing
there at all) instead of (value not set).

Start | Run | Type: regedit | Click OK |
Navigate to >>
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

What do you see in the right hand pane?
Do you see an entry with blank (nothing there at all) in the Data
column?

Yes I do. It's the Default entry.

As for the rest of it, I don't recall uninstalling anything that I had
disabled in Startup. I have no idea what it could be.


--
AOL AIM: ATCSMike
Yahoo Messenger: frostbitemike
United States Navy 1979-1982
Aviation Machinists Mate 2nd Class
VT-23, HS-1, USS Carl Vinson CVN70 (Plank Owner)

email treesqueak (at) gci (dot) net


---
avast! Antivirus: Outbound message clean.
Virus Database (VPS): 0617-3, 04/28/2006
Tested on: 4/29/2006 7:24:18 PM
avast! - copyright (c) 1988-2006 ALWIL Software.
http://www.avast.com

 

[Wesley Vogel]

ATCSMike,

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
(Default) should be listed as (value not set) and should be REG_SZ.

Open a command prompt...
Start | Run | Type: cmd | Click OK |
When the command prompt opens, type this command...

reg query HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Hit your Enter key.

Compare what's listed from that command to what you see in
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
using regedit.

There is a flaw in the Registry Editor that hides entries longer than 254
characters.

[[Extra-long key entries (those greater than 254 characters) are mishandled
by the Windows registry editor, and essentially "disappear" from view, as do
others added to the key after that because the editor stops at that too-long
key, thinking it is the last in the section.

Worse, many malicious code scanners have a similar blind spot, and also stop
processing the registry for anomalous entries when they come to a too-long
key.

The technique would let attackers add their malicious software to the "Run"
registry key (at
"HKey_Local_Machine\Software\Microsoft\Windows\CurrentVersion\Run") which
lists the programs or components that automatically launch at Windows' boot.
Typically, worms post changes to the registry there so that they run at
Windows startup; anti-virus and anti-spyware scanners often look for these
unanticipated changes to the registry to detect fishy activity. ]]
from...
Windows Flaw May Let Hackers Hide Code From AV Scanners
http://www.techweb.com/wire/security/170100835

reg query can find entries longer than 255 characters.

HiJackThis v1.99.0.1 will search the registry for values greater than 255
characters.

Update your antivirus software and run a full system scan.

Update whatever anti-spyware applications that you have and run a full
system scan with each one.

You might need to start in Safe Mode to run your antivirus and anti-spyware
software.

Running a full system antivirus scan or anti-spyware scan in Safe Mode can
be a good idea. Some viruses and other malware like to conceal themselves
in areas Windows protects while using them. Safe mode will prevent those
applications access and therefore unprotect the viruses or other malware
allowing for easier removal.

How to start Windows in Safe Mode Windows XP
http://www.bleepingcomputer.com/forums/index.php?showtutorial=61#winxo

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In