Hi,

I am running XP with Spybot S&D as one of my security programs. I'm very satisfied with the program. Especially with the system startup list and the toggle features.

Recently I got a new pc and installed XP and all the protection first. But after reviewing the startup list I found this entry.

Located: HK_LM:Run, (DISABLED)
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

I can't figure out what this is and there is no info text next to the entry as with any of the other entries. I somewhere read about that this is the "hash of nothing" but why is it there at all if so??? And what is it if it's malware or bad?

Anybody here that can shed a light on this one?

Thanks in advance for any help. :yes::popcorn:

Hi,

From what I know (heh, not much!) - there is no need to worry! It is not bad

From Wikipedia: http://en.wikipedia.org/wiki/MD5


MD5 hashes

The hash of the zero-length string is:
MD5("")
= d41d8cd98f00b204e9800998ecf8427e

This explains the 0 byte size and confirms this 'hash of nothing', but I have no idea why it would appear though :scratch:

Sorry, to push in. honda12... this "MD5" or hash thing is confusing me! Can you explain it in detail? I've read the Wikipedia articles and heck I no idea what it is talking about. Thanks :cowboy:.

Sorry, to push in. honda12... this "MD5" or hash thing is confusing me! Can you explain it in detail? I've read the Wikipedia articles and heck I no idea what it is talking about. Thanks :cowboy:.

Yeah sorry, it is a little hard to explain but I think it is a software algorithm used to “fingerprint” a file or contents of a disk. It used to verify the integrity of data - so you can use it to check if a program installer is the legitimate .exe not some fake malware lol :euro:

safesite

From the startup entry you posted, it looks like just a blank entry or a glitch in the format of the contents of the following registry key that causes Spybot to show that entry:


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-
Since the item is listed as "DISABLED" in Spybot's Startup list, it is in the "…\Run-" registry key. Items in the "…\Run-" registry key are disabled and do not get loaded at system startup. Therefore the entry should not affect the running of any actual processes in your system. You can safely just ignore the entry. In other word that entry should not be affecting your system.

If you wish to pursue the matter further and clean up that registry key so that Spybot's Startup no longer shows that entry, that will take additional time for me to instruct you how to do that. Please let me know what you like to do. If you what to pursue the matter and clean up that registry entry, please answer the following:
What Windows operating system you are running.
Are you familiar with Registry Editor and a confident in using it.

@honda12. Thanks, so these "hash" things are more like "fingerprints"? Where can I find them? Is it just like hovering it over the item or something? Thanks so much. :cowboy:

Heh, just look at under the download Spybot S&D link: http://www.spybot.info/en/download/index.html
http://i270.photobucket.com/albums/jj115/ilovehobnobs/md5.jpg

drragostea:

This thread was started by safesite (http://forums.spybot.info/member.php?u=40910) about a startup entry problem.

I would sincerely appreciate it (and I'm sure safesite (http://forums.spybot.info/member.php?u=40910) would too), if did not continue to hijack threads with your curiosity about MD5 hash values.

I attempted to explain MD5 hash values in this thread that you also hijacked on the subject:
Cannot install Spybot 1.5.2
http://forums.spybot.info/showthread.php?t=28052
If you would like to know about MD5 hash values and the above thread does not explain them to your satisfaction, please feel free to start your own thread in the Tavern (http://forums.spybot.info/forumdisplay.php?f=19) forum and maybe someone else can explain it to you.

@honda12. Thank you.
@md. I sincerely, apologize. I didn't realize that. This won't happen in the future. I won't continue posting irrelevant posts.

Regards.

safesite

From the startup entry you posted, it looks like just a blank entry or a glitch in the format of the contents of the following registry key that causes Spybot to show that entry:


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-
Since the item is listed as "DISABLED" in Spybot's Startup list, it is in the "…\Run-" registry key. Items in the "…\Run-" registry key are disabled and do not get loaded at system startup. Therefore the entry should not affect the running of any actual processes in your system. You can safely just ignore the entry. In other word that entry should not be affecting your system.

If you wish to pursue the matter further and clean up that registry key so that Spybot's Startup no longer shows that entry, that will take additional time for me to instruct you how to do that. Please let me know what you like to do. If you what to pursue the matter and clean up that registry entry, please answer the following:
What Windows operating system you are running.
Are you familiar with Registry Editor and a confident in using it.

Hi MD,

and thanks for your reply.

I am currently not having any trouble with my Windows or other programs due to this entry (except one tiny problem which is my logging out of Hotmail - escpecially in Firefox and sometimes in Explorer - but I don't know if that could be related to this problem. Don't think so though).

If it's not a problem it may stay as it doesn't matter so much to me in that case. I got it disabled anyhow. The only thing I was really curious about is why it's there and what it's use is.

You stated that you think it's a corruption in the "Run key" that you were mentioning in your last post. But what is this "Run key" used for? What does it do? Where does it belong to?

If you could enlighten me on this one I'd really appreciate it.

Thanks in advance.

To your questions:

1. XP SP3
2. Familiar with: yes. Running it: yes but might need some help.

Ah and by the way..., yes I appreciate it as well... :D::bow:

safesite:


But what is this "Run key" used for? What does it do? Where does it belong to?
There are many places in the system were entries can be placed that start processes and applications. There is a summary of them here:
A Collection Of Autostart Locations, by Tony Kleinkramer
http://forums.subratam.org/index.php?act=Print&client=printer&f=29&t=1063
The following registry key is the normal location of startup entries for processes and applications that are started for any user that logs on to the system:


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
There is a corresponding registry key for each user that contains startup entries specific to that user. For the user currently logged on you can find the entries in the following registry key:


[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
There are corresponding "…\Run-" registry keys that contain disabled startup entries:


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run-]
There are additional registry keys that can contain startup entries:


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce-]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce]
The "...\RunService" and "...\RunServicesOnce" keys are for background services such as remote registry service and are run only once per boot.

The entries in the "...\RunOnce" and "...\RunServicesOnce" keys are deleted after the entry is used to start a process.

There is additional information on the order that the startup entries in the various registry key are loaded in this article:
INFO: Run, RunOnce, RunServices, RunServicesOnce and Startup
http://support.microsoft.com/kb/q179365/

safesite:

To get rid of the blank entry:
Using regedit (Registry Editor), navigate to the following Registry Key (specific instructions are below if you need them):

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-]
Create a backup of the registry key. Right click on the "…\Run-" registry key and select Export. Save the registry backup to a known location.
Suggestion: Make sure the you good backup copy of the registry key by navigating to the backup, right clicking on the file and selecting edit. The file should open in Notepad.
After you have saved a backup copy of the registry key, look for the blank entry.
In RegEdit (Registry Editor) the information shows up as Name, Type and Data.
The entry you are looking for will show up as "(Default)" in the Name column and "REG_SZ" in the Type column. The Data column will be blank.
If you see an entry fitting the description, right on that entry and select Delete.
When you delete that entry a new entry will appear in its place. The new entry will have "(Default)" in the Name column, "REG_SZ" in the Type column and "(value not set)" in the Data column.
You should now be able to go into Spybot » Mode » Advanced Mode » Tools » System Startup and the entry original entry should be gone.
Back out of regedit (Registry Editor).
When you feel confident that there was no problem with the registry change, delete the exported .reg file that you stored as backup.

__________

Specific instructions for using Registry Editor, navigate to:


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-]
Click Start » Run… » in the "Open: " entry area type "regedit" (no quotes) » then click "OK".
When Registry Editor opens.
Expand HKEY_LOCAL_MACHINE by clicking the + (plus sign) in front of it.
Expand HKEY_LOCAL_MACHINE\Software by clicking the + (plus sign) in front Software.
Expand HKEY_LOCAL_MACHINE\Software\Microsoft by clicking the + (plus sign) in front Microsoft.
Expand HKEY_LOCAL_MACHINE\Software\Microsoft\Windows by clicking the + (plus sign) in front of Windows.
Expand HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion by clicking the + (plus sign) in front of CurrentVersion.
Expand HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion by clicking the + (plus sign) in front of CurrentVersion.
Select HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run- by clicking on Run-.

safesite:

To get rid of the blank entry:
Using regedit (Registry Editor), navigate to the following Registry Key (specific instructions are below if you need them):

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-]
Create a backup of the registry key. Right click on the "…\Run-" registry key and select Export. Save the registry backup to a known location.
Suggestion: Make sure the you good backup copy of the registry key by navigating to the backup, right clicking on the file and selecting edit. The file should open in Notepad.
After you have saved a backup copy of the registry key, look for the blank entry.
In RegEdit (Registry Editor) the information shows up as Name, Type and Data.
The entry you are looking for will show up as "(Default)" in the Name column and "REG_SZ" in the Type column. The Data column will be blank.
If you see an entry fitting the description, right on that entry and select Delete.
When you delete that entry a new entry will appear in its place. The new entry will have "(Default)" in the Name column, "REG_SZ" in the Type column and "(value not set)" in the Data column.
You should now be able to go into Spybot » Mode » Advanced Mode » Tools » System Startup and the entry original entry should be gone.
Back out of regedit (Registry Editor).
When you feel confident that there was no problem with the registry change, delete the exported .reg file that you stored as backup.

__________

Specific instructions for using Registry Editor, navigate to:


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-]
Click Start » Run… » in the "Open: " entry area type "regedit" (no quotes) » then click "OK".
When Registry Editor opens.
Expand HKEY_LOCAL_MACHINE by clicking the + (plus sign) in front of it.
Expand HKEY_LOCAL_MACHINE\Software by clicking the + (plus sign) in front Software.
Expand HKEY_LOCAL_MACHINE\Software\Microsoft by clicking the + (plus sign) in front Microsoft.
Expand HKEY_LOCAL_MACHINE\Software\Microsoft\Windows by clicking the + (plus sign) in front of Windows.
Expand HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion by clicking the + (plus sign) in front of CurrentVersion.
Expand HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion by clicking the + (plus sign) in front of CurrentVersion.
Select HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run- by clicking on Run-.

Hi MD,

and sorry for the delay. Busy, busy, busy... :D:

I read your two posts and want to thank you for the detailed explanation. However, in my last post I was forming a couple of questions that were mostly of concern to me.

The why, the how, the what etc...

We don't need to remove this entry if it's the "hash of nothing" although it might be corrupt or whatever. The only concern I got is...

Is it harmful to leave it? Is it necessary to remove it? And all the other questions that I posted in my previous post before this one.

If you could enlighten me on that I'd be really grateful to you. :bigthumb:

Thanks in advance. ;)

safesite:


... However, in my last post I was forming a couple of questions that were mostly of concern to me.

The why, the how, the what etc...

... And all the other questions that I posted in my previous post before this one. ...
Were these you questions?


... But what is this "Run key" used for? What does it do? Where does it belong to? ...
I tried to answer them with this:


safesite:


There are many places in the system were entries can be placed that start processes and applications. There is a summary of them here:
A Collection Of Autostart Locations, by Tony Kleinkramer
http://forums.subratam.org/index.php?act=Print&client=printer&f=29&t=1063
The following registry key is the normal location of startup entries for processes and applications that are started for any user that logs on to the system:


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
There is a corresponding registry key for each user that contains startup entries specific to that user. For the user currently logged on you can find the entries in the following registry key:


[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
There are corresponding "…\Run-" registry keys that contain disabled startup entries:


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run-]
There are additional registry keys that can contain startup entries:


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce-]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce]
The "...\RunService" and "...\RunServicesOnce" keys are for background services such as remote registry service and are run only once per boot.

The entries in the "...\RunOnce" and "...\RunServicesOnce" keys are deleted after the entry is used to start a process.

There is additional information on the order that the startup entries in the various registry key are loaded in this article:
INFO: Run, RunOnce, RunServices, RunServicesOnce and Startup
http://support.microsoft.com/kb/q179365/
__________


... Is it harmful to leave it? Is it necessary to remove it? ...
It is probably not harmful. I tried to explain how to safely remove it. I you want to leave it there then just ignore it.