strange start up program?

Hi

Was just over in malware forum and \tim thought it best if I post here.
I have had problems with computer being slow so i did all the scans and found nothing.

TimW told me to check my start up items in msconfig and I found 2 strange entries. They go something like this: under start up item it goes: "symbols" l(ike japanese writing). then under command more "symbols" Then under location: HKCU\software\microsoft\windows nt\currentversion... (cant see the rest of the location tried moving header over but wouldnt let me.)
and same for the second one.

I tried disabling them but upon restart I got 2 error messages they were: " Symbols" in top lefthand corner then: Windows cannot find "symbols" Make sure you typed the name correctly, and then try again.

The second error message was: "Desktop" in lefthand corner Then: could not load or run "symbols" specified in the registry. Make sure the file exists on your computer or remove the reference in the registry.

So I went back into msconfig and found 2 new Symbol start up items enabled different symbols though, and the other 2 were still there as well but they are disabled and no longer have the HKCU in front of the location. Could someone please shed some lite on this for me its starting to drive me nuts:cry

Thanks for the help
P.S. Is there a way to upload a screenshot of my msconfig?
Mneenee

 

Go to start, run.

type regedit

Locate

HKCU\software\microsoft\windows nt\currentversion\run

HKCU\software\microsoft\windows nt\currentversion\runonce

HKCU\software\microsoft\windows nt\currentversion\runservices

Highlight each folder, then file export. Save the file, zip it up, and attach it to a post.

 

There are no "run" folders to find here just: Program manager then task manager no R's at all?

Thanks
Mneenee

 

did a new HJT scan and found some new things the F3 entries werent there before. Let me know what you think thanks

Mneenee

 

Ok, you didn't listen to me.

I said run regedit.

Its a tree like format. Expand out each section in question.

HKEY_CURRENT_USER and follow the path.

 

That is what i did and there is no reference to a run path or as it is alphabetical no R's.

Although have been poking around in there and found a path with the symbols in it will export and upload it. The Path is HKCU\software\microsoft\windows nt\current version\windows

Thanks mneenee

 

Alright. Not sure why Tim sent it this way, because this is not the work of a legit program. Give me a bit.

 

ok thanks

Mneenee

 

Fix these lines with HJT:

F3 - REG:win.ini: load=????
F3 - REG:win.ini: run=????
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe

As for regedit, I am unable to read the characters for the line load. Does it show those funky characters there too?

If so, remove them, but be very careful, and backup whatever you edit.

Then reboot.

 

Ok deleted the entries in HJT, went back into regedit and the symbols were gone. Didnt load in msconfig start up when I rebooted but the other 2 are still there but didabled. Should i reenable them and try to find them in the registry? I ask because I have to eventually be able to start up in normal mode anyways and I just dont like the looks of them lol. Thank you very much for your help I really appreciate it. Still starting up pretty slow what could be causing this???

As for your question about the characters in regedit yes they were symbols to now the load and run lines aren't there at all.

Mneenee

 

Yes, re-enable them.

You might have to run through our steps again.

 

:cry Ok well it wont let me reenable them just keeps going back to selective start up???? Pulling my hair out now lol. Any sugestions? Also looking in Advanced Windows Care in start up programs I found this do you know what it is? "C:\Program Files\Common Files\{3871D914-087B-1033-0318-040805030002}\Update.exe" te-110-12-0000073
Thanks

Mneenee