Invisible process wants to run

Hi gang,.

I noticed an invisivble process running shortly after I set up my Win XP home on my system.
I have current service packs and upgrades installed (up until about a week ago I guess).
The invisible process is listed in the system configuration utility (run msconfig) under the startup tab.
A line and check box apears in the middle of the list with no startup item name or command listed what so ever.
The Location is listed as SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Most of the other entries in the list are at (HLM or HKCU)\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Only one other entry shares the exact same location, this is apparently for a gigabyte VGA utility called G-VGA.

I have unchecked the box so it will not run when I start up.
How do I determine what it is and why it is on my system???
Unmamed processes are suspicious.

Thanks,

Waz

 

alpwazungy--It seems not to be something to worry about
http://www.bleepingcomputer.com/startups/G_VGA.exe-6068.html
http://www.pcreview.co.uk/startup/G-VGA.exe.php
But it also is not something you need to have run at boot.

 

lost something in the explanation

Thanks for your reply.
I do not know how it sat in my inbox for 4 weeks without notice or if somehow I just got it today (email notification).

Anyway, yes, I know G-VGA is a gigabyte process and is safe.
The suspect file is not named anything. If you re-read my origional message you'll note that I only mention the location or what I think of as the location for this invisible process is the same as the g-vga.exe process. I listed what looks like a registry entry to me but I don't know any better.

I don't trust processes that have a null entry for a name. Seems sneaky.

What say you?

 

Hello alpwazungy,

A similiar example http://www.windowsbbs.com/showthread.php?t=50611&highlight=blank I've seen this a number times. In this case, the sysem32 folder was displayed.

An excellent tool for finding and stopping startup processes is autoruns
http://www.windowsbbs.com/showthread.php?t=53427

If you unchecked this line in msconfig, under the Logon tab in autoruns, that line will also be unchecked with more info. You can "jump" to the registry location for it as well.

Regards - Charles

 

alpwazungy--Following up on what charlesvar said, you may be able to clean up the cosmetics of msconfig by deleting that entry from the Registry location(s) given. (As always, back up the Registry before making changes, in case you want to restore.)
I suspect the process was not at fault, but rather some corruption that occurred for an obscure reason.

 

Hi Jim,

In autoruns, a right click > delete a startup line also deletes the reg entry and removes the line in msconfig.

Regards - Charles

 

OK, good news.
I downloaded and am using autoruns.
It is a nice utility. I managed to find and delete a little bit of trash that my other reg-cleaner missed.

Bad news...
Autoruns does not show the "invisible" entry. I looked under the logon tab and under Everything. All entries have a name.
Nor was I able to find a null entry in the registry.

It definately exists when I run msconfig. The listing under STARTUP ITEM and COMMAND have absolutely nothing there, probably not even proper ascii space.
I can even turn this invisible entry it on and off (with a tick mark) but I have no idea what is being enabled and disabled when I do so.
I notice the location descriptor changes whether the entry is enabled or not. Is that normal?? When un-enabled the location is missing the "HKCU" part.

I took two screenshots of the msconfig just in case someone wanted to see what an invisible entry looks like. I'd upload them but don't know if that is possible here.

Thanks for your advice.

Waz

 

Hi Waz,

I'd love to see it, never ran into something like this - but only contributing members can upload images.

Regards - Charles