Click here for important information about

Weird msconfig startup entry

Custom / P5K-VM
December 15, 2010 at 04:57:03
Specs: Windows XP 32bit pro, 2.793 GHz / 2 GB
First of all, my bank ran me to check on a purchase i made overseas. Which we found out wasn't made by me, so they told me to check for a keylogger on my PC and they will issue a new card.

So i ran all these scans: Bit Defender Deep System, ComboFix, Malwarebytes Antimalware, SuperAntispyware, Spybot S&D, Eset Online Scanner, Panda Online Scanner, SmitFraudFix, CC Cleaner, CWShredder.

Not signs of a keylogger, mostly tracking cookies and some shopper malware.

Then i looked in msconfig, and found this weird entry:

The full location is HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:Load

I browsed the registry to this point and found the key, But it is empty. Can i just delete it???

See More: Weird msconfig startup entry

December 15, 2010 at 07:56:52
this entry is kinda goofy. ussually the syntax is under a data value. I would export this key just in case and then delete it(in case you need it.)

I would also look under this same key string in local machine to see if there is something there as well.


Report •

December 18, 2010 at 21:13:20
I have this exact same problem. Although I have an additional line in the msconfig with it being: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:Run

I tried disabling the lines in msconfig and rebooting. I got 4 Windows error messages that "weird characters" could not be found and that "weird characters" in msconfig could not be run.

I checked msconfig, and the two lines had been re-enabled AND I still had the original problem that my web browser keeps redirecting to different pages ( and others).

Did you find a way to get rid of that line in your msconfig?

On a different site, someone was able to run a regedit batch file to clear the Load and Run and then disable items in msconfig until they found out that their version of malwarebytes was loading up those two items.

If anyone has any further info on this or a way to get rid of this infection, please let me know.


Report •

December 19, 2010 at 00:04:58
Finally found it. A rootkit called tld3. Had to use tdsskiller from to get rid of it.

Found the necessary info on it here:


Report •

Related Solutions

December 19, 2010 at 03:59:48
I went into the registry and exported the entry to a file, saved in my documents, then i deleted the entry.

Report •

Ask Question