Confusing System Startup Tool Entry!

[japandroid]

Hello! As the title of the thread indicates, I have a very confusing System Startup tool entry. It's the first one listed and it isn't colored (green, yellow or red). Under the Key column it says HK_LM:Run (Current system). There is nothing under the Value or Command Line columns. When I click on the information bar on the right side of the screen it seems to give me conflicting information. Here is what it says:
Current filename:

Database status: Not required - virus, spyware, malware or other resource hog
Value:
Filename: system32.exe

Description
Added by the _AGOBOT-KU_ WORM! Note - has a blank entry under the Startup Item/Name field

Source: Paul Collins Startup list
____________________

Current filename:

Database status: Not required - virus, spyware, malware or other resource hog
Value:
Filename: pathex.exe

Description
Added by the _MKMOOSE-A_ WORM! Note - has a blank entry under the Startup Item/Name field

Source: Paul Collins Startup list
____________________

Current filename:

Database status: Not required - virus, spyware, malware or other resource hog
Value:
Filename: svchost.exe

Description
Added by the _DELF-UX_ TROJAN! Note - this is not the legitimate _svchost.exe_ process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder. Note - has a blank entry under the Startup Item/Name field

Source: Paul Collins Startup list
____________________

Current filename:

Database status: Not required - virus, spyware, malware or other resource hog
Value:
Filename: MSPF.EXE

Description
Added by a variant of the _SDBOT_ WORM! This file is located in the Winnt or Windows folder. Note - has a blank entry under the Startup Item/Name field

Source: Paul Collins Startup list
____________________

Current filename:

Database status: Not required - virus, spyware, malware or other resource hog
Value:
Filename: dllvirtual.exe

Description
Added by the _DADOBRA-IW_ TROJAN! Note - has a blank entry under the Startup Item/Name field

Source: Paul Collins Startup list
____________________

Current filename:

Database status: Not required - virus, spyware, malware or other resource hog
Value:
Filename: dllvirtual.dll

Description
Added by the _DADOBRA-IW_ TROJAN! Note - has a blank entry under the Startup Item/Name field

Source: Paul Collins Startup list
____________________

Current filename:

Database status: Not required - virus, spyware, malware or other resource hog
Value:
Filename: dllvirtual.js

Description
Added by the _DADOBRA-IW_ TROJAN! Note - has a blank entry under the Startup Item/Name field

Source: Paul Collins Startup list
____________________


Is this entry ALL of these things or could it just be any one in particular? How do I know if this is malicious or just a resource hog? Or is it just a false positive? If I knew the path(s) of the culprit(s) it would be easier to decide if I should get rid of it or not.
I scanned my computer using Norton Antivirus 2005, Ad-Aware 2007, Spybot Search and Destroy 1.5.2.20 and ZoneAlarm Pro's spyware scanner. All came up clean. Except for ZoneAlarm Pro's built-in spyware scanner which detected something called Mozy Filter which I believe is a false positive for my MozyHome backup software. I also use SpywareBlaster 4.0.
I have Windows XP SP2 which is current with all the security updates.
If anyone can help me I will truly appreciate it! If more information is needed, please let me know!
Thanks!
Oh, one more thing. I noticed that my ZoneAlarm Pro firewall seems to be blocking svchost.exe. But based on the source and destination IP addresses it seems like this is the legit svchost.exe.

[md usa spybot fan]

japandroid:

The startup entry that you you are looking at has a blank valuename. In addition the "Current filename" is blank:

Current filename:

The current filename does not match any of these:

...
Filename: system32.exe
...
Filename: pathex.exe
...
Filename: svchost.exe
...
Filename: MSPF.EXE
...
Filename: dllvirtual.exe
...
Filename: dllvirtual.dll
...
Filename: dllvirtual.js
...

Therefore none of the descriptions fit your case.

You have a blank startup entry. Just delete.

[japandroid]

So it's not possible that a trojan or any other malicious threat would have a blank startup entry? All of the descriptions has:

Note - has a blank entry under the Startup Item/Name field

Or, in effect, is Spybot S&D just confused by a blank startup entry and just "spits out" these possible culprits?

[drragostea]

I don't (in my personal perspective) find Collin's list useful. I say this because it does not provide adequate information about the entry. I don't believe you are infected in any way by something malicious. One way to check what start-up programs run is to run "msconfig" without the quotes. This can be a good way to remove unncessary items... QuickTime for example... unless the user decides to keep it.

However, if you do not know what it is, it is better to leave it as it is.

'If it ain't broke, don't fix it'.

Safe surfing .

[HyJaxLTD]

'If it ain't broke, don't fix it'.

Safe surfing .

This would be nice if it worked for the computing world. Although I am not making any claims that contradict anything else posted here, many malicious programs may not give any sign that something is broke (depending on your daily PC usage and power up) until it is far to late. I too have the blank startup entry and have it disabled for now, although I plan to take every action to delete it permantly. If it's not pointing to anything, then deleting it should not affect my system in any way, correct?

[drragostea]

HyJax, the question about the "blank entry" seems foggy to me, but I'll give it my best shot to answer your question.

If you run msconfig you might come across a "blank" entry. You'll notice that there's a checkmark on the entry indicating the item is "enabled", however there's nothing in the Startup Item text, nor is there anything in Command.

My inference is that this entry is benign. Since there is no Command, there is nothing happening at startup (in other words it does not "point" to anywhere). You can safely leave it alone.

If you should disable it then it would literally be disabled, however, if you should remove the entry itself, then you'll not be able to recover that specific entry.

[md usa spybot fan]

jaapandroid:

So it's not possible that a trojan or any other malicious threat would have a blank startup entry? All of the descriptions has:

Note - has a blank entry under the Startup Item/Name field

Or, in effect, is Spybot S&D just confused by a blank startup entry and just "spits out" these possible culprits?

Note - has a blank entry under the Startup Item/Name field

Where the devil did that quote come from???

So it's not possible that a trojan or any other malicious threat would have a blank startup entry?

For the startup entry you are questioning all of the descriptions that you listed have a blank valuename entries and they can be threats. However a startup entry can not start anything or be a threat if is not pointing to something to start, "Current filename". The "Current filename" is blank in each of the listings you provided and does not match the "Filename" in the descriptions so the descriptions are not pertinent to the startup entry you have.

[japandroid]

Well, I ran "msconfig" and there too it shows a startup entry that is blank. I ran Windows Live OneCare's online safety scanner and it didn't find anything malicious. It did find a ton of obsolete and missing registry and startup entries, though. After I fixed everything (only one item couldn't be fixed for some reason) I checked Spybot S&D's System Startup tool again. It still lists the blank entry.

So, I'm just going to leave it as it is. After all the scanning I did and it didn't show anything bad than it should be A-OK! As drragostea said:

'If it ain't broke, don't fix it'.