potentially questionable startup processes

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by intellecton, Aug 24, 2005.

Page 2 of 2
  1. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    There are a bunch of places that may have windows\\load

    HKEY_USERS\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\Windows\\load
    HKEY_USERS\S-1-5-18\Software\Microsoft\Windows NT\CurrentVersion\Windows\\load
    HKEY_USERS\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\Windows\\load
    HKEY_USERS\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Windows\\load
    HKEY_USERS\S-1-5-21-3804909484-125725482-3536007706-1005\Software\Microsoft\Windows NT\CurrentVersion\Windows\\load

    You could have other similar S-1-xxxxx (whatever) locations.
     
    chaslang, Aug 25, 2005
    #51
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You know regedit has problems that many of us geeks know about. It does not always show things that are in the registry. Much like Windows Task Manager does not show all running processes.

    I use the below. It is a million time better and faster than regedit:

    Registrar Lite

    You could also look with it to see if anything is found.
     
    chaslang, Aug 25, 2005
    #52
  3. intellecton

    intellecton Private E-2

    No, I mean the location ends in windows:load. The full location gives all the information. That was the hkcu\software\microsoft\windows nt\currentversion\windows:load I typed out. But there isn't anything there. I'm not sure why it is titled with strange characters in msconfig.
     
    intellecton, Aug 25, 2005
    #53
  4. intellecton

    intellecton Private E-2

    Okay, I'll check out that Registrar Lite. We'll see.
     
    intellecton, Aug 25, 2005
    #54
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    That's the same as what I gave you. Registry keys just use \\ instead of : to indicate the subkeys.
     
    chaslang, Aug 26, 2005
    #55
  6. intellecton

    intellecton Private E-2

    Oh. I didn't realize. All of the other locations used \ instead of :, so I figured it meant something different. But again, I don't think it is causing problems, just confusion.
     
    intellecton, Aug 26, 2005
    #56
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    chaslang, Aug 26, 2005
    #57
  8. intellecton

    intellecton Private E-2

    Alright. Thanks!
     
    intellecton, Aug 26, 2005
    #58
  9. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome. Surf safely!
     
    chaslang, Aug 26, 2005
    #59
Page 2 of 2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds