|
-
September 12th, 2005, 01:44 PM
#1
Start-up programs
Does any-one know how to define the order to which Start-up programs install, or how to find problematic programs.
9 times out of 10, I have to reboot as one or more of my start-up programs are slow to / won't install, but am unable to find where the problem lies.
Windows XP Home Edition SP1a
Norton Antivirus 2005
Creative Soundcard 24 bit
BT Yahoo Broadband 2Mb
ATI Radeon Graphics card
Last edited by howie7; September 13th, 2005 at 02:47 AM.
-
September 12th, 2005, 02:46 PM
#2
Troubleshoot by selective startup using msconfig. Goto start > Run > Type msconfig and <enter>
-
September 13th, 2005, 02:47 AM
#3
Thanks Ross V. Using msconfig, how do I troubleshoot, meaning how do I find the problematic programs. I remember seeing quite a listing, & not all programs are recognisable.
-
September 13th, 2005, 03:24 AM
#4
Driver Terrier
howie, if you don't recognise the program in question, type in the name of the file into google and mostly you will get an explanation as to what it is...
Or run hijack this and post the log - all your start ups will be listed and hijack can help identify them.
Never, ever approach a computer saying or even thinking "I will just do this quickly."
-
September 13th, 2005, 03:56 AM
#5
Geezer
 Originally Posted by howie7
Thanks Ross V. Using msconfig, how do I troubleshoot, meaning how do I find the problematic programs..
You untick 'em all & then add 'em back one at a time(or those you know are ok for sure) restarting each time, until you hit trouble & then you know .. its a long job .. 
& you really ought to know what all the entries are about, but msconfig is only 1/2 the story for startups, there can be other stuff firing at boot, I use the startuplist utility & hijackthis (which is for malware removal, but also looks at startup processes) available here (then I cheat & paste the hijackthis log {which also has all the startup entries in it} into this site which then tells me what it all means).
Btw any reason for not going to sp2 for xp ? That can affect matters too, as some programs are expecting certain versions of system files etc ..
-
September 13th, 2005, 04:26 PM
#6
Hijack this log file part 1
Logfile of HijackThis v1.99.1
Scan saved at 22:17:56, on 13/09/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
f:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\GEARSec.exe
C:\WINDOWS\system32\lvhidsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
F:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
F:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
F:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
F:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\snmp.exe
F:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\documents and settings\rita.gravett.000\local settings\temp\hmI10HZyg.exe
C:\documents and settings\rita.gravett.000\local settings\temp\hmI10HZyg.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
F:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
F:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\WINDOWS\system32\cisvc.exe
F:\PROGRA~1\BTYAHO~1\SMARTB~1\BTHelpNotifier.exe
C:\Program Files\Uyeasbm\Lmaedhv.exe
C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe
C:\Program Files\Symantec\Web Tools\CKA.exe
C:\Program Files\Silicon Image\SiISATARaid\SATARaid.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\PROGRA~1\YAHOO!\MESSEN~1\ymsgr_tray.exe
f:\Program Files\BT Yahoo! Help\bin\mpbtn.exe
C:\WINDOWS\System32\KhwX.exe
C:\WINDOWS\System32\RumB3.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\PROGRA~1\YAHOO!\browser\ycommon.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Howard.GRAVETT.000\Local Settings\Temp\HijackThis.exe
-
September 13th, 2005, 04:26 PM
#7
Hijack this log file part 2
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bt.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
O1 - Hosts: n
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\ycomp5_6_2_0. dll
O2 - BHO: (no name) - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - (no file)
O2 - BHO: (no name) - {302A3240-4805-4a34-97D7-1645A0B08410} - (no file)
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\common\YIeTagBm.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - F:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {CC90CDA0-74A0-45b4-80EF-D89CA8C249B8} - (no file)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\ycomp5_6_2_0. dll
O3 - Toolbar: (no name) - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - (no file)
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [hmI10HZyg] C:\documents and settings\rita.gravett.000\local settings\temp\hmI10HZyg.exe
O4 - HKLM\..\Run: [hmI10HZyg.exe] C:\documents and settings\rita.gravett.000\local settings\temp\hmI10HZyg.exe
O4 - HKLM\..\Run: [PSDrvCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [InCD] f:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [3ALL35N5LRPTS8] C:\WINDOWS\System32\RyoS9v1Z.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BEKZJa] C:\WINDOWS\kmadsyo.exe
O4 - HKLM\..\Run: [mmtask] "f:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] F:\PROGRA~1\BTYAHO~1\SMARTB~1\BTHelpNotifier.exe
O4 - HKLM\..\Run: [Lmcvobio] C:\Program Files\Uyeasbm\Lmaedhv.exe
O4 - HKLM\..\Run: [StartupDelayer] "f:\Program Files\r2 studios\Startup Delayer\Startup Launcher GUI.exe"
O4 - HKLM\..\Run: [4SWC4N93WN76PJ] C:\WINDOWS\System32\Zlot4R.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\YAHOO!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [Creative MediaSource Go] C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe /SCB
O4 - HKCU\..\Run: [SymKeepAlive] C:\Program Files\Symantec\Web Tools\CKA.exe
O4 - Global Startup: SATARaid.lnk = C:\Program Files\Silicon Image\SiISATARaid\SATARaid.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: BT Yahoo! Help.lnk = F:\Program Files\BT Yahoo! Help\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - http://downloadcenter.samsung.com/co...rolLite_EN.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...67&clcid=0x409
O16 - DPF: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} (RegUserCfgUI Class) - http://us.dl1.yimg.com/download.yaho...1/yregucfg.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st_current.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://www.ysbweb.com/ist/softwares/...sb_regular.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://sib1.od2.com/common/Member/Cl.../OCI/setup.exe
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://downloads.broadbandassist.com/BTYahoo!Help/PreQual/files/MotivePreQual.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...a/SymAData.dll
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/tech...ActiveData.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?322
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} - http://download.overpro.com/WildAppNonUS.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - f:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Remote HID Service (LvHidSvc) - Philips - C:\WINDOWS\system32\lvhidsvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - F:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - F:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - F:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - F:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - F:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - F:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
-
September 14th, 2005, 01:41 AM
#8
Geezer
Originally Posted by howie7
..9 times out of 10, I have to reboot as one or more of my start-up programs are slow to / won't install, but am unable to find where the problem lies..
Hey who moved the goal posts ? This was 'in theory' & now I/we have a big fat hijackthis log that takes two posts to get it here!!!
So following my own advice & sticking it into www.hijackthis.de I come to the conclusion that even though its tremendously long, there doesn't seem to be significant infection (there's a couple of "could be's" though, so check 'em out !), the main problem is just all the programs loaded at startup & the best answer to that is uninstalling some, no doubt your user though will 'bleat' that they need 'em all, but there are definately un-necessary items there, for instance updreg.exe (which sounds quite dangerous/nasty) is just a reminder to register your soundblaster product .. well what the hell do we want that running on every boot for ? Creative might like it, but it just slows down every startup, lots of entries a bit like this ..
If this is gonna turn into a spyware quest can somebody move it ?
-
September 14th, 2005, 03:33 AM
#9
Driver Terrier
C:\documents and settings\rita.gravett.000\local settings\temp\hmI10HZyg.exe
C:\documents and settings\rita.gravett.000\local settings\temp\hmI10HZyg.exe
O4 - HKLM\..\Run: [hmI10HZyg.exe] C:\documents and settings\rita.gravett.000\local settings\temp\hmI10HZyg.exe
Well howie... there are three you want shot of right away... and this
O4 - HKLM\..\Run: [BEKZJa] C:\WINDOWS\kmadsyo.exe is probably the result of the ones above..
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe ooooh naughty this one
O4 - HKLM\..\Run: [4SWC4N93WN76PJ] C:\WINDOWS\System32\Zlot4R.exe no information but I bet its not nice
But Confus-ed's right... get thee to hijackthis.de with that log...
And www.emsisoft.com get a-squared free to kill the trojans
BTW norton and incd... both huge, both take an age to load - if they are not using the drive as a giant floppy disk then why is this even loaded?
Never, ever approach a computer saying or even thinking "I will just do this quickly."
-
September 16th, 2005, 12:08 PM
#10
After you've cleaned up your system, I would recommend you thee STARTUPFASTER
program which prevents the jams in the booting process caused by so many startup program loads.
Simply program reorganizes the startup program list sperating all programs with a significant time of brakes. Then at the boot process it loads all the programs one by one allowing each to be loaded safely.
Use it. You wont regret it.
Similar Threads
-
By Mayet in forum Spyware & Antivirus - Security
Replies: 36
Last Post: October 21st, 2005, 04:03 PM
-
By Woody01 in forum Spyware & Antivirus - Security
Replies: 13
Last Post: March 17th, 2005, 08:48 PM
-
By Angorn in forum Windows XP
Replies: 10
Last Post: February 24th, 2003, 08:34 AM
-
By hds82 in forum Windows XP
Replies: 5
Last Post: November 29th, 2002, 12:17 PM
-
By gpint in forum Tech-To-Tech
Replies: 2
Last Post: October 24th, 2000, 08:41 AM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
Bookmarks