Blank notepad runs on startup

October 28, 2010 at 01:44:20
Specs: Windows Vista
I downloaded and ran a program yesterday (wasn't detected as a virus by McAfee) and it gave me some error about not having NET Framework 4.****** (can't remember what numbers it said after "4.") and opened a blank notepad window. Now, every time I log on, this blank notepad opens again (without any error messages) and the program isn't listed in the startup programs
Why has this happened and how can I stop this?

See More: Blank notepad runs on startup

Report •

October 28, 2010 at 03:02:07
Check your startup items from

and the shell
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
make sure has the value explorer.exe nothing else. the user init points only to the user init.

Also research on other load points in the registry if the above are clean

Report •

October 28, 2010 at 05:44:49

Report •

October 28, 2010 at 17:39:40
I fixed it by changing the "user init" value
Many thanks to both of you for your quick replies


Changing the user init values didn't work for long as I restarted my pc this morning and it was back
Upon closer inspection I see that this is not an ordinary notepad, it's set out differently with different colours:
If I go to its process in task manager, it comes up as "svchost.exe" and its description is "Notepad"
If I then click "open file location" on the "svchost.exe" it takes me to "C:\Users\(current username)\AppData\Roaming\WinDir" which has a single file in it, "svchost.exe" with a notepad icon for the application and its set as a protected system file.
I tried to upload it to virus total (it had already been uploaded) and it took me here:
In the comments box, 1 person says its malware whereas two people say its legitimate notepad.
So if it's not a virus, what is it, why is it in my temporary folder, why does it run on startup (with no registry entries for it anywhere), and how can I remove it?

Report •

Related Solutions

October 30, 2010 at 16:14:17
Upon further research, I've found that this is malware :(
I followed the instructions here:
By killing the process in task manager, deleting it with file assassin and removing the startup entry with ccleaner; I seem to have gotten rid of it
On a side note, I did see the file in the registry when I followed bobmomon's instructions but seeing as it was called "svchost.exe" I thought it was a system process.
It also surprised me that a program can create a startup entry in the registry when run inside a standard account without any administrator/UAC permission...
Anyway, hopefully this will help anyone who experiences the same problem

Report •

October 30, 2010 at 18:06:08
nimby14, Glad to see that you were able to correct that problem and Thanks for posting back with the solution as it may help others who may run into the same problem


Report •

Ask Question