Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Startup Takes Ages


  • This topic is locked This topic is locked
3 replies to this topic

#1 dadrivr

dadrivr

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:12:00 PM

Posted 21 January 2007 - 01:05 AM

As of recently, my computer has been taking a really long time to bootup completely (about an hour). After it is done, it runs at a fine pace, but I need to really decrease the startup speed. I have run spyware programs (SpyBot S&D, AdAware), antivirus programs (Symantec Antivirus), and Windows Optimizers (CCleaner, Ashampoo WinOptimizer, RegScrubXP, SpeedUpMyPC), and have even gone into msconfig and manually removed programs from the startup list. Regardless, my computer still takes ages to boot and still opens up tons of processes.

I opened up the Windows Task Manager while it was booting and noticed that CMD.exe spiked the CPU all the way up to 100%. Also, iexplore.exe had 4 different processes open. In addition, whenever I startup my computer, a windows explorer window opens with the path: C:\Program Files\Common. I am willing to remove (almost) any process from startup and from running. I have attached a hijackthis log and would like to know what processes I can prevent from starting up without hurting my system.

Below is a copy of my hijackthis log. Below that, I included a log from Security Task Manager, which lists all my running processes. I included that, so you could see how much longer that list is than the list that is supposed to startup. Just so you know, that list comes directly following startup (so no new processes are running).

I would greatly appreciate any input on what my problem is. What programs can i remove from startup (and how), what are the necessary programs, are there any specific reasons for why my computer takes longer than normal to bootup? Thanks so much and sorry for the long post, but I wanted to give every bit of information that may be beneficial!

-Isaac

Logfile of HijackThis v1.99.1
Scan saved at 11:33:41 PM, on 1/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\UT VPN Client\cvpnd.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Media Center Diagnostic Kit\Tests\Bin\ehMonitor.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\rpcexec.exe
C:\Program Files\Alcohol 120%\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Active Desktop Calendar\ADC.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\vpc32.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Isaac Petersen\My Documents\My Downloads\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F2 - REG:system.ini: UserInit=userinit,nddeagnt.exe,regsrv32.exe /s
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\Active Desktop Calendar\ADC.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Register.exe
O4 - Global Startup: University of Texas at Austin VPN Client.lnk = C:\Program Files\UT VPN Client\vpngui.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1124042998140
O16 - DPF: {AEF76437-F960-4EBC-97EA-7BBB4230CF38} (OcarptMain Class) - https://oca.microsoft.com/en/secure/ocarpt.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{0F035935-7205-4035-886E-00CEAC2520DA}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{486C7702-52DD-4C80-B556-8119C39CD927}: NameServer = 192.168.1.1
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\UT VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Remote Procedure Call (RPC) Exec (rpcexec) - Unknown owner - C:\WINDOWS\system32\rpcexec.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol 120%\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe


Picture of msconfig (showing the list of processes that SHOULD run doing startup):
Posted Image


RUNNING PROCESSES: (processes that ACTUALLY run doing startup):
Security Task Manager: Computer D9QFHH71, User Isaac Petersen, 1/20/2007 11:38:13 PM

Name Rating PID CPU Memory Active File Type Start Title, Description Manufacturer : product

QuickSet MFC Application 72% 5836 6.0 MB C:\Program Files\Dell\QuickSet\quickset.exe Taskicon 10:57:09 PM when Windows starts, Registry: Machine\Run Dell QuickSet : QuickSet Application
Dell Wireless WLAN Tray Service 70% 656 1.5 MB C:\WINDOWS\System32\wltrysvc.exe Program 10:53:15 PM during system start-up from Plug and Play Provides 802.11 network connection during system startup -
Remote Procedure Call (RPC) Exec 69% 3652 2.1 MB 0:02 C:\WINDOWS\system32\rpcexec.exe Program 10:53:30 PM during system start-up from Plug and Play -
Active Desktop Calendar 5.6 67% 6036 8.2 MB 0:21 C:\Program Files\Active Desktop Calendar\ADC.exe Taskicon 10:57:12 PM when Windows starts, Registry: User\Run & Def\Run Active Desktop Calendar Application - DesktopMapper, Active Desktop Calendar XemiComputers ltd. : Active Desktop Calendar Application
Windows Desktop Search Web Allow BHO 60% C:\Program Files\Windows Desktop Search\dsWebAllow.dll Internet when Internet Explorer starts dsWebAllow.dsWebAllowBHO.1 (Browser Extension) Microsoft Corporation : Microsoft® Windows® Operating System
Dell Wireless WLAN Card Wireless Network Tray Applet 59% 3404 5.1 MB 0:01 C:\WINDOWS\system32\WLTRAY.exe Program 10:56:45 PM when Windows starts, Registry: Machine\Run Hsm sink window Dell Inc : Dell Wireless WLAN Card Wireless Network Tray Applet
Sonic DLA 56% C:\WINDOWS\system32\dla\tfswshx.dll Internet when Internet Explorer starts Drive Letter Access Component - DriveLetterAccess (Browser Extension) Sonic Solutions :
Chat Client 56% 3992 6.7 MB 0:15 C:\Program Files\Trillian\trillian.exe Taskicon 11:10:05 PM when Windows starts, Registry: User\Startup Trillian - YAHOO - dadrivr, Trillian - Away - I am currently away from the computer. Cerulean Studios : Trillian
Symantec Settings Manager 55% 1128 4.4 MB 0:01 C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe Program 10:53:08 PM during system start-up from Plug and Play Settings storage and management service Symantec Corporation : Client and Host Security Platform
Cisco Systems, Inc. VPN Service 52% 2856 4.6 MB 0:01 C:\Program Files\UT VPN Client\cvpnd.exe Program 10:53:24 PM during system start-up from Plug and Play Cisco Systems VPN Client Cisco Systems, Inc. : Cisco Systems VPN Client
SnagIt 8 52% C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll Internet when Internet Explorer starts SnagIt Browser Helper Object for Internet Explorer - 1.0.1 release - BHO.HelperObject.1 (Browser Extension) TechSmith Corporation : SnagIt
Dell Wireless WLAN Card Wireless Network Controller 52% 716 6.5 MB C:\WINDOWS\System32\bcmwltry.exe Program 10:53:15 PM from Dell Wireless WLAN Tray Service DDE Server Window Dell Inc : Dell Wireless WLAN Card Wireless Network Controller
brss01a.exe 52% 1356 1.9 MB C:\WINDOWS\system32\brss01a.exe Program 10:53:16 PM from BrSplService BrSplSvc - Brsplproc XP wrapper brother Industries Ltd : brother Industries Ltd brss01a.exe
BrSplService 49% 1196 2.2 MB C:\WINDOWS\system32\brsvc01a.exe Program 10:53:16 PM during system start-up from Plug and Play brsvc01a brother Industries Ltd : brother Industries Ltd brsvc01a
Adobe Acrobat IE Helper Version 7.0 for ActiveX 48% C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll Internet when Internet Explorer starts AcroIEHelper.AcroIEHlprObj.1 (Browser Extension) Adobe Systems, Incorporated : AcroIEHelper Library
Java™ Platform SE binary 48% C:\Program Files\Java\jre1.6.0\bin\ssv.dll Internet when Internet Explorer starts SSVHelper Class (Browser Extension) Sun Microsystems, Inc. : Java™ Platform SE 6
Google IE Client Toolbar 48% c:\program files\google\googletoolbar5.dll Internet when Internet Explorer starts Google Toolbar Helper (Browser Extension) Google Inc : Google Toolbar for IE
Cyberlink RichVideo Service(CRVS) 44% 3516 2.8 MB C:\Program Files\CyberLink\Shared Files\RichVideo.exe Program 10:53:29 PM during system start-up from Plug and Play RichVideo Module : RichVideo Module
Canon Camera Access Library 8 44% 3932 2.7 MB C:\Program Files\Canon\CAL\CALMAIN.exe Program 10:53:52 PM during system start-up from Plug and Play Canon Inc. :
Diskeeper 42% 2888 16.4 MB 0:28 C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe Program 10:53:24 PM during system start-up from Plug and Play Controls the Windows Diskeeper Service Diskeeper Corporation : Diskeeper ™ Disk Defragmenter
Alcohol 120% (StarWind iSCSI Service) 42% 3820 2.0 MB C:\Program Files\Alcohol 120%\Alcohol 120\StarWind\StarWindService.exe Program 10:53:31 PM during system start-up from Plug and Play StarWind iSCSI Target (Alcohol Edition) - Enables network access to local devices via iSCSI protocol. Rocket Division Software : StarWind
Media Center Extender (Media Center Extender Service) 40% 2296 2.6 MB C:\WINDOWS\ehome\mcrdsvc.exe Program 10:53:55 PM during system start-up from Plug and Play MCRD Device Service Microsoft Corporation : Microsoft® Windows® Operating System
NICCONFIGSVC 40% 3032 4.6 MB C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe Program 10:53:25 PM during system start-up from Plug and Play Configure your Internal Network Card power management settings. Dell Inc. : NicConfigSvc
Register.exe 37% C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Register.exe Program when Windows starts, Registry: Machine\Common Startup Register.exe (not active) -
Windows Desktop Search 36% 3940 2% 11.7 MB 0:09 C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe Program 11:11:20 PM from Terminal Services Microsoft Corporation : Microsoft® Windows® Operating System
Java Update Scheduler 34% 4400 2.9 MB C:\Program Files\Java\jre1.6.0\bin\jusched.exe Program 10:57:00 PM when Windows starts, Registry: Machine\Run Java™ Platform SE binary Sun Microsystems, Inc. : Java™ Platform SE 6
Spybot - Search & Destroy 32% C:\Program Files\Spybot - Search & Destroy\SDHelper.dll Internet when Internet Explorer starts Bad download blocker - Blocks URLs that could install spyware, malware etc. (Browser Extension) Safer Networking Ltd. : Spybot - Search & Destroy
GoogleToolbarNotifier 30% 4964 0.4 MB C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe Program 10:57:04 PM when Windows starts, Registry: Def\Run from Terminal Services {A7E495BF-9589-4a6e-8479-DDA2D8D3C05F} Google Inc : GoogleToolbarNotifier
mZConfig 27% 1776 6.7 MB C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe Program 10:53:14 PM from Windows NT Logon Application ZeroCfgSvc MFC Application - Available Networks Intel Corporation : ZeroCfgSvc Application
< userinit,nddeagnt.exe,regsrv32.exe > 26% userinit,nddeagnt.exe,regsrv32.exe /s Program when Windows starts, Registry: Machine\Winlogon\Userinit (Microsoft program was replaced!) (not active) -
WLANKEEPER 25% 1956 5.3 MB C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe Program 10:53:06 PM during system start-up from Plug and Play Provides Profile Switching Service for SSO Feature Set Intel® Corporation : SSOFSet Service
EvtEng 24% 1824 7.4 MB C:\Program Files\Intel\Wireless\Bin\EvtEng.exe Program 10:53:05 PM during system start-up from Plug and Play Intel Event Trace Manager Intel Corporation : EvtEng Module
Spectrum24 Event Monitor 24% 1928 4.0 MB 0:01 C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe Program 10:53:06 PM during system start-up from Plug and Play Handles the Spectrum24 NDIS Traffic Intel Corporation : Mobile Unit Support Service
RegSrvc 24% 3264 2.4 MB C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe Program 10:53:28 PM during system start-up from Plug and Play Intel Registry Service Intel Corporation : RegSrvc Module
Media Center Extender (Media Center Extender Resource Monitor) 23% 3536 4.3 MB 0:04 C:\WINDOWS\ehome\RMSvc.exe Program 10:53:29 PM during system start-up from Plug and Play MCRD RM Service Microsoft Corporation : Microsoft® Windows® Operating System
Symantec Network Proxy 23% 684 7.6 MB 0:03 C:\Program Files\Common Files\Symantec Shared\ccProxy.exe Program 10:53:11 PM during system start-up from Plug and Play Symantec Proxy Service Symantec Corporation : Client and Host Security Platform
Automatic LiveUpdate Scheduler 20% 2816 2.0 MB C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe Program 10:53:23 PM during system start-up from Plug and Play Manages the scheduling of Automatic LiveUpdate sessions Symantec Corporation : LiveUpdate
User interface customization toy 20% C:\WINDOWS\system32\TWEAKUI.CPL Program when Windows starts, Registry: Machine\Run Tweak UI (not active) Microsoft Corporation : Microsoft® Windows™ 95 PowerToys
LEXPPS.EXE 19% 2100 3.3 MB C:\WINDOWS\system32\LEXPPS.EXE Program 10:53:17 PM from LexBce Server LexPPS BCE Comm Window - MarkVision for Windows '95 New P2P Server (32-bit) Lexmark International, Inc. : MarkVision for Windows (32 bit)
Media Center Monitor Service 18% 2920 2.7 MB C:\Program Files\Media Center Diagnostic Kit\Tests\Bin\ehMonitor.exe Program 10:53:24 PM during system start-up from Plug and Play Media Center Service for controlling trace events. Microsoft Corporation : Microsoft® Windows® Operating System
ATI External Event Utility EXE Module 17% 1992 3.3 MB C:\WINDOWS\system32\Ati2evxx.exe Program 10:53:14 PM from Windows NT Logon Application ATI video bios poller client ATI Technologies Inc. : ATI External Event Utility for WindowsNT and Windows9X
Alps Pointing-device Driver for Windows NT/2000/XP 17% 4408 C:\Program Files\Apoint\Apntex.exe Program 10:57:01 PM Elara Alps Electric Co., Ltd. : Alps Pointing-device Driver for Windows NT/2000/XP
Cisco Systems VPN Client 16% C:\Program Files\UT VPN Client\vpngui.exe Program when Windows starts, Registry: Machine\Common Startup University of Texas at Austin VPN Client (not active) Cisco Systems, Inc. : Cisco Systems VPN Client
iTunes 15% 2568 C:\Program Files\iTunes\iTunesHelper.exe Program 10:56:50 PM when Windows starts, Registry: Machine\Run iTunesHelper Module - HelperMsgListenerWnd Apple Computer, Inc. : iTunes
LexBce Server 14% 1280 3.5 MB C:\WINDOWS\system32\LEXBCES.EXE Program 10:53:16 PM during system start-up from Plug and Play LexBce Service Lexmark International, Inc. : MarkVision for Windows (32 bit)
Ati HotKey Poller 14% 1444 2.5 MB C:\WINDOWS\system32\Ati2evxx.exe Program 10:53:04 PM during system start-up from Plug and Play ATI External Event Utility EXE Module ATI Technologies Inc. : ATI External Event Utility for WindowsNT and Windows9X
Media Center Receiver Service 13% 2944 46.6 MB 0:12 C:\WINDOWS\eHome\ehRecvr.exe Program 10:53:24 PM during system start-up from Plug and Play Media Center Service for TV and FM broadcast reception Microsoft Corporation : Microsoft® Windows® Operating System
CTF Loader 10% 6132 C:\WINDOWS\system32\ctfmon.exe Program 10:57:14 PM when Windows starts, Registry: User\Run Microsoft Corporation : Microsoft® Windows® Operating System
Symantec SPBBCSvc 10% 876 3.7 MB 0:02 C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe Program 10:53:11 PM during system start-up from Plug and Play Symantec SPBBC Symantec Corporation : SPBBC
Windows Desktop Search Tool Tray Admin 10% 3396 1.3 MB 0:01 C:\Program Files\Windows Desktop Search\WindowsSearch.exe Taskicon 11:06:33 PM when Windows starts, Registry: Machine\Common Startup Windows Desktop Search Indexing Status, Windows Desktop Search - Indexing is paused while you use your computer. Microsoft Corporation : Microsoft® Windows® Operating System
WMI 8% 4012 C:\WINDOWS\system32\wbem\wmiprvse.exe Program 10:54:12 PM from Terminal Services Microsoft Corporation : Microsoft® Windows® Operating System
Symantec Client Security 8% 3452 12.6 MB 0:03 C:\Program Files\Symantec Client Security\Symantec AntiVirus\vpc32.exe Program 11:18:43 PM from Symantec Client Security Symantec AntiVirus Symantec Corporation : Symantec AntiVirus
Nero 7 Ultra Edition 6% C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe Program when Windows starts, Registry: Machine\Run NeroCheck - Changed for new NeroCd2k installer - NeroFilterCheck (not active) Nero AG : Nero AG NeroCheck
Adobe Photoshop Elements 4.0 6% C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe Program when Windows starts, Registry: User\Startup Adobe Gamma Loader - Utility to set the video card's Gamma table (if the video driver supports it) using data set by Adobe Gamma. (not active) Adobe Systems, Inc. : Adobe Systems, Inc. Adobe Gamma Loader
Adobe Reader 7.0.7 6% C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe Program when Windows starts, Registry: Machine\Common Startup Adobe Acrobat SpeedLauncher - Adobe Reader Speed Launch (not active) Adobe Systems Incorporated : Adobe Acrobat
Symantec Event Manager 5% 1308 6.2 MB 0:02 C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe Program 10:53:09 PM during system start-up from Plug and Play Event propagation and logging service Symantec Corporation : Client and Host Security Platform
IS Service 5% 780 6.0 MB C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe Program 10:53:11 PM during system start-up from Plug and Play Internet Security Service Symantec Corporation : Internet Security
Symantec AntiVirus Definition Watcher 5% 2876 4.8 MB 0:01 C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe Program 10:53:24 PM during system start-up from Plug and Play Monitors and maintains virus definitions. Symantec Corporation : Symantec AntiVirus
Symantec Network Drivers Service 5% 824 2.6 MB C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe Program 10:53:11 PM during system start-up from Plug and Play Symantec Network Drivers Service Symantec Corporation : Symantec Security Drivers
Symantec Client Security (Symantec SecurePort) 5% 3752 0:01 C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe Program 10:53:50 PM during system start-up from Plug and Play SymSPort.exe - Symantec SecurePort Service Symantec Corporation : Internet Security
iTunes (iPod Service) 5% 5040 C:\Program Files\iPod\bin\iPodService.exe Program 10:57:06 PM manual from Plug and Play iPodService Module - iPod hardware management services Apple Computer, Inc. : iTunes
Application Layer Gateway Service 4% 2260 C:\WINDOWS\System32\alg.exe Program 10:54:19 PM manual from Plug and Play Provides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Windows Firewall. Microsoft Corporation : Microsoft® Windows® Operating System
Client Server Runtime Process 4% 1144 4.2 MB 0:08 C:\WINDOWS\system32\csrss.exe Program 10:52:54 PM from Windows NT Session Manager Microsoft Corporation : Microsoft® Windows® Operating System
Wireless Zero Configuration 3% 1788 30.8 MB 0:24 C:\WINDOWS\System32\svchost.exe Program 10:53:05 PM during system start-up from Plug and Play Provides automatic configuration for the 802.11 adapters Microsoft Corporation : Microsoft® Windows® Operating System
WebClient 3% 480 6.8 MB C:\WINDOWS\system32\svchost.exe Program 10:53:06 PM during system start-up from Plug and Play Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation : Microsoft® Windows® Operating System
Terminal Services 3% 1460 5.6 MB 0:01 C:\WINDOWS\system32\svchost.exe Program 10:53:05 PM during system start-up from Plug and Play Allows multiple users to be connected interactively to a machine as well as the display of desktops and applications to remote computers. The underpinning of Remote Desktop (including RD for Administrators), Fast User Switching, Remote Assistance, and Terminal Server. Microsoft Corporation : Microsoft® Windows® Operating System
Remote Procedure Call (RPC) 3% 1524 4.6 MB 0:02 C:\WINDOWS\system32\svchost.exe Program 10:53:05 PM during system start-up from Plug and Play Provides the endpoint mapper and other miscellaneous RPC services. Microsoft Corporation : Microsoft® Windows® Operating System
DNS Client 3% 2044 3.3 MB C:\WINDOWS\system32\svchost.exe Program 10:53:06 PM during system start-up from Plug and Play Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation : Microsoft® Windows® Operating System
Windows NT Logon Application 3% 1176 2.8 MB 0:02 C:\WINDOWS\system32\winlogon.exe Program 10:53:01 PM from Windows NT Session Manager Microsoft Corporation : Microsoft® Windows® Operating System
Security Accounts Manager 3% 1232 2.5 MB 0:17 C:\WINDOWS\system32\lsass.exe Program 10:53:02 PM during system start-up from Windows NT Logon Application Stores security information for local user accounts. Microsoft Corporation : Microsoft® Windows® Operating System
Windows NT Session Manager 3% 1092 0.4 MB C:\WINDOWS\System32\smss.exe Program 10:52:51 PM from System Microsoft Corporation : Microsoft® Windows® Operating System
Generic Host Process for Win32 Services 3% 3792 C:\WINDOWS\system32\svchost.exe Program 10:53:30 PM during system start-up from Plug and Play Enables discovery of UPnP devices on your home network. Microsoft Corporation : Microsoft® Windows® Operating System
System 2% 4 2% 0.2 MB 0:35 System Program Windows system process Microsoft : Windows
mCore 2% 3132 0:01 C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe Taskicon 10:56:37 PM when Windows starts, Registry: Machine\Run Intel Framework MFC Application - Intel PROSet/Wireless - TF - Intel PROSet/Wireless, Windows is currently managing this wireless device Intel Corporation : Intel PROSet/Wireless
COM Surrogate 1% 3272 C:\WINDOWS\system32\dllhost.exe Program 10:54:04 PM manual from Plug and Play Manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation : Microsoft® Windows® Operating System
Print Spooler 0% 2092 6.7 MB C:\WINDOWS\system32\spoolsv.exe Program 10:53:16 PM during system start-up from Plug and Play Loads files to memory for later printing. Microsoft Corporation : Microsoft® Windows® Operating System
Plug and Play 0% 1220 1% 3.5 MB 0:19 C:\WINDOWS\system32\services.exe Program 10:53:02 PM during system start-up from Windows NT Logon Application Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability. Microsoft Corporation : Microsoft® Windows® Operating System
Media Center Scheduler Service 0% 2972 2.5 MB C:\WINDOWS\eHome\ehSched.exe Program 10:53:24 PM during system start-up from Plug and Play Media Center Scheduler Service Microsoft Corporation : Microsoft® Windows® Operating System
Generic Host Process for Win32 Services 0% 1896 C:\WINDOWS\system32\svchost.exe Program 10:53:33 PM during system start-up from Plug and Play Provides image acquisition services for scanners and cameras. Microsoft Corporation : Microsoft® Windows® Operating System
Generic Host Process for Win32 Services 0% 2524 C:\WINDOWS\System32\svchost.exe Program 10:54:58 PM manual from Plug and Play This service implements the secure hypertext transfer protocol (HTTPS) for the HTTP service, using the Secure Socket Layer (SSL). If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation : Microsoft® Windows® Operating System
IoLogMsg.dll 0% Driver started disabled -
ABP480N5.SYS 0% Driver started disabled -
ACPI.sys 0% Driver during boot -
ACPIEC.sys 0% Driver started disabled -
Adobelmsvc.exe 0% Service manual -
adpu160m.sys 0% Driver started disabled -
aec.sys 0% Driver manual -
afd.sys 0% Driver during system start -
agp440.sys 0% Driver started disabled -
agpCPQ.sys 0% Driver started disabled -
aha154x.sys 0% Driver started disabled -
aic78u2.sys 0% Driver started disabled -
aic78xx.sys 0% Driver started disabled -
aliide.sys 0% Driver started disabled -
alim1541.sys 0% Driver started disabled -
amdagp.sys 0% Driver started disabled -
amsint.sys 0% Driver started disabled -
Apfiltr.sys 0% Driver manual -
APPDRV.SYS 0% Driver during system start -
svchost.exe 0% Service manual -
arp1394.sys 0% Driver manual after Tcpip -
asc.sys 0% Driver started disabled -
asc3350p.sys 0% Driver started disabled -
asc3550.sys 0% Driver started disabled -
aspi32.sys 0% Driver during system start-up -
aspnet_state.exe 0% Service manual -
asyncmac.sys 0% Driver manual -
atapi.sys 0% Driver during boot -
IoLogMsg.dll 0% Driver started disabled -
ati2mtag.sys 0% Driver manual -
ATITool.sys 0% Driver during system start -
atmarpc.sys 0% Driver manual after Tcpip -
audstub.sys 0% Driver manual -
bcm4sbxp.sys 0% Driver manual -
Beep.sys 0% Driver during system start -
svchost.exe 0% Service manual after RpcSs -
Brfilt.sys 0% Driver manual -
BrSerWdm.sys 0% Driver manual -
BrUsbMdm.sys 0% Driver manual -
BrUsbScn.sys 0% Driver manual -
0% Driver manual -
cbidf2k.sys 0% Driver started disabled -
cbidf2k.sys 0% Driver started disabled -
CCDECODE.sys 0% Driver manual -
cd20xrnt.sys 0% Driver started disabled -
Cdaudio.sys 0% Driver during system start -
Cdfs.sys 0% Driver started disabled after +SCSI CDROM Class -
cdrom.sys 0% Driver during system start after +SCSI miniport -
IoLogMsg.dll 0% Driver during system start -
chdrvr01.sys 0% Driver manual -
chdrvr02.sys 0% Driver manual -
chdrvr03.sys 0% Driver manual -
cisvc.exe 0% Service manual after RPCSS -
clipsrv.exe 0% Service started disabled after NetDDE -
mscorsvw.exe 0% Service manual -
CmBatt.sys 0% Driver manual -
cmdide.sys 0% Driver started disabled -
compbatt.sys 0% Driver during boot -
cpqarray.sys 0% Driver started disabled -
cryptstd.sys 0% Driver during boot -
CVirtA.sys 0% Driver manual -
CVPNDRVA.sys 0% Driver during system start-up after DNE -
d347bus.sys 0% Driver during boot -
d347prt.sys 0% Driver during boot -
dac2w2k.sys 0% Driver started disabled -
dac960nt.sys 0% Driver started disabled -
disk.sys 0% Driver during boot after +SCSI miniport -
dmadmin.exe 0% Service manual after RpcSs,PlugPlay,DmServer -
dmboot.sys 0% Driver started disabled -
dmio.sys 0% Driver during boot -
dmload.sys 0% Driver started disabled -
svchost.exe 0% Service manual after RpcSs,PlugPlay -
DMusic.sys 0% Driver manual -
dne2000.sys 0% Driver manual -
dpti2o.sys 0% Driver started disabled -
drmkaud.sys 0% Driver manual -
drvmcdb.sys 0% Driver during boot -
drvnddm.sys 0% Driver during system start-up -
e100b325.sys 0% Driver manual -
xcrdisk.sys 0% Driver manual -
eeCtrl.sys 0% Driver during system start after FltMgr -
ENTECH.sys 0% Driver manual -
EraserUtilRebootDrv.sys 0% Driver manual -
Fastfat.sys 0% Driver started disabled -
fxssvc.exe 0% Service during system start-up after TapiSrv,RpcSs,PlugPlay,Spooler -
fdc.sys 0% Driver manual -
Fips.sys 0% Driver during system start -
flpydisk.sys 0% Driver manual -
fltMgr.sys 0% Driver during boot -
ftdisk.sys 0% Driver during boot -
GearAspiWDM.sys 0% Driver manual -
msgpc.sys 0% Driver manual -
hidir.sys 0% Driver manual -
hidusb.sys 0% Driver manual -
hpn.sys 0% Driver started disabled -
HSFHWICH.sys 0% Driver manual -
HSF_DP.sys 0% Driver manual -
HSF_DPV.SYS 0% Driver manual -
HTTP.sys 0% Driver manual -
i2omgmt.sys 0% Driver during system start -
i2omp.sys 0% Driver started disabled -
i8042prt.sys 0% Driver during system start -
HCWUSB2.sys 0% Driver manual -
IDriverT.exe 0% Service manual -
imapi.sys 0% Driver during system start -
imapi.exe 0% Service manual -
ini910u.sys 0% Driver started disabled -
intelide.sys 0% Driver during boot -
intelppm.sys 0% Driver during system start -
Ip6Fw.sys 0% Driver manual -
ipfltdrv.sys 0% Driver manual after Tcpip -
ipinip.sys 0% Driver manual after Tcpip -
ipnat.sys 0% Driver manual after Tcpip -
ipsec.sys 0% Driver during system start -
IrBus.sys 0% Driver manual -
irenum.sys 0% Driver manual -
isapnp.sys 0% Driver during boot -
iwca.sys 0% Driver manual -
ctpdusb.sys 0% Driver manual -
kbdclass.sys 0% Driver during system start -
kbdhid.sys 0% Driver during system start -
kmixer.sys 0% Driver manual -
KSecDD.sys 0% Driver during boot -
lbrtfdc.sys 0% Driver during system start -
0% Service manual after RPCSS -
mdmxsdk.sys 0% Driver during system start-up -
svchost.exe 0% Service started disabled after LanmanWorkstation,NetBIOS,PlugPlay,RpcSS -
mf.sys 0% Driver manual -
svchost.exe 0% Service manual after TcpIp,Afd,RpcSs,mhndrv -
mhndrv.sys 0% Driver manual -
mnmdd.sys 0% Driver during system start -
mnmsrvc.exe 0% Service manual -
Modem.sys 0% Driver manual -
mouclass.sys 0% Driver during system start -
mouhid.sys 0% Driver manual -
MountMgr.sys 0% Driver during boot -
mraid35x.sys 0% Driver started disabled -
mrxdav.sys 0% Driver manual -
mrxsmb.sys 0% Driver during system start -
msdtc.exe 0% Service manual after RPCSS,SamSS -
Msfs.sys 0% Driver during system start -
msiexec.exe 0% Service manual after RpcSs -
MSKSSRV.sys 0% Driver manual -
MSPCLOCK.sys 0% Driver manual -
MSPQM.sys 0% Driver manual -
mssmbios.sys 0% Driver manual -
MSTEE.sys 0% Driver manual -
Mup.sys 0% Driver during boot -
NABTSFEC.sys 0% Driver manual -
NAVENG.SYS 0% Driver manual -
NAVEX15.SYS 0% Driver manual -
NBService.exe 0% Service manual after RPCSS -
NDIS.sys 0% Driver during boot -
NdisIP.sys 0% Driver manual -
ndistapi.sys 0% Driver manual -
ndisuio.sys 0% Driver manual -
ndiswan.sys 0% Driver manual -
NDProxy.sys 0% Driver manual -
netbios.sys 0% Driver during system start -
netbt.sys 0% Driver during system start after Tcpip -
netdde.exe 0% Service started disabled after NetDDEDSDM -
netdde.exe 0% Service started disabled -
lsass.exe 0% Service manual after LanmanWorkstation -
nic1394.sys 0% Driver manual -
NMnt.sys 0% Driver manual -
npf.sys 0% Driver manual -
Npfs.sys 0% Driver during system start -
Ntfs.sys 0% Driver started disabled -
lsass.exe 0% Service manual -
svchost.exe 0% Service started disabled after RpcSs -
Null.sys 0% Driver during system start -
nv4_mini.sys 0% Driver manual -
nvport.sys 0% Driver during system start -
nwlnkflt.sys 0% Driver manual after NwlnkFwd -
nwlnkfwd.sys 0% Driver manual -
ohci1394.sys 0% Driver during boot -
omci.sys 0% Driver during system start -
OSE.EXE 0% Service manual -
parport.sys 0% Driver manual -
PartMgr.sys 0% Driver during boot -
ParVdm.sys 0% Driver started disabled after Parport,+Parallel arbitrator -
pci.sys 0% Driver during boot -
0% Driver during system start -
pciide.sys 0% Driver during boot -
pcmcia.sys 0% Driver during boot -
Pcouffin.sys 0% Driver manual -
0% Driver manual -
0% Driver manual -
0% Driver manual -
0% Driver manual -
perc2.sys 0% Driver started disabled -
perc2hib.sys 0% Driver started disabled -
pfc.sys 0% Driver manual -
PfModNT.sys 0% Driver during system start-up -
raspptp.sys 0% Driver manual -
psched.sys 0% Driver manual after Gpc -
HNPsSdk.drv 0% Driver manual -
PsSdk23.drv 0% Driver manual -
PsSdk30.drv 0% Driver manual -
ptilink.sys 0% Driver manual -
PxHelp20.sys 0% Driver during boot -
ql1080.sys 0% Driver started disabled -
ql10wnt.sys 0% Driver started disabled -
ql12160.sys 0% Driver started disabled -
ql1240.sys 0% Driver started disabled -
ql1280.sys 0% Driver started disabled -
svchost.exe 0% Service manual after TcpIp,Afd,RpcSs,QWAVEdrv -
qwavedrv.sys 0% Driver manual -
rasacd.sys 0% Driver during system start -
rasl2tp.sys 0% Driver manual -
raspppoe.sys 0% Driver manual -
raspti.sys 0% Driver manual -
rdbss.sys 0% Driver during system start -
RDPCDD.sys 0% Driver during system start -
rdpdr.sys 0% Driver manual -
RDPWD.sys 0% Driver manual -
sessmgr.exe 0% Service manual after RPCSS -
redbook.sys 0% Driver during system start -
svchost.exe 0% Service started disabled after RpcSS,+NetBIOSGroup -
rpcapd.exe 0% Service manual -
locator.exe 0% Service manual after LanmanWorkstation -
rsvp.exe 0% Service manual after TcpIp,Afd,RpcSs -
s24trans.sys 0% Driver during system start-up -
usbscan.sys 0% Driver manual -
SavRoam.exe 0% Service manual -
savrt.sys 0% Driver during system start after SAVRTPEL -
Savrtpel.sys 0% Driver during system start -
SbcpHid.sys 0% Driver during system start -
SCardSvr.exe 0% Service manual after PlugPlay -
0% Driver during system start -
sdbus.sys 0% Driver manual -
secdrv.sys 0% Driver during system start-up -
serenum.sys 0% Driver manual -
serial.sys 0% Driver during system start -
Sfloppy.sys 0% Driver during system start after +SCSI miniport -
IoLogMsg.dll 0% Driver started disabled -
sisagp.sys 0% Driver started disabled -
SLIP.sys 0% Driver manual -
sparrow.sys 0% Driver started disabled -
SPBBCDrv.sys 0% Driver during system start -
splitter.sys 0% Driver manual -
sr.sys 0% Driver during boot -
srv.sys 0% Driver manual -
sscdbhk5.sys 0% Driver during system start -
ssrtln.sys 0% Driver during system start -
STAC97.sys 0% Driver manual -
StreamIP.sys 0% Driver manual -
swenum.sys 0% Driver manual -
swmidi.sys 0% Driver manual -
dllhost.exe 0% Service manual after rpcss -
symc810.sys 0% Driver started disabled -
symc8xx.sys 0% Driver started disabled -
SYMDNS.SYS 0% Driver manual -
SYMEVENT.SYS 0% Driver manual -
SYMFW.SYS 0% Driver manual -
SYMIDS.SYS 0% Driver manual -
SymIDSCo.sys 0% Driver manual -
SYMNDIS.SYS 0% Driver manual after SymTDI,SYMFW,SYMIDS -
SYMREDRV.SYS 0% Driver manual -
SYMTDI.SYS 0% Driver during system start after Tcpip -
sym_hi.sys 0% Driver started disabled -
sym_u3.sys 0% Driver started disabled -
sysaudio.sys 0% Driver manual -
smlogsvc.exe 0% Service manual -
tcpip.sys 0% Driver during system start after IPSec -
TDPIPE.sys 0% Driver manual -
TDTCP.sys 0% Driver manual -
termdd.sys 0% Driver during system start -
tfsnboio.sys 0% Driver during system start-up -
tfsncofs.sys 0% Driver during system start-up -
tfsndrct.sys 0% Driver during system start-up -
tfsndres.sys 0% Driver during system start-up -
tfsnifs.sys 0% Driver during system start-up -
tfsnopio.sys 0% Driver during system start-up -
tfsnpool.sys 0% Driver during system start-up -
tfsnudf.sys 0% Driver during system start-up -
tfsnudfa.sys 0% Driver during system start-up -
tlntsvr.exe 0% Service started disabled after RPCSS,TCPIP,NTLMSSP -
Toshidpt.sys 0% Driver manual -
toside.sys 0% Driver started disabled -
tosporte.sys 0% Driver manual -
tosrfbd.sys 0% Driver manual -
tosrfbnp.sys 0% Driver manual -
tosrfcom.sys 0% Driver during system start -
Tosrfhid.sys 0% Driver manual -
tosrfnds.sys 0% Driver manual -
TosRfSnd.sys 0% Driver manual -
tosrfusb.sys 0% Driver manual -
Udfs.sys 0% Driver started disabled -
ultra.sys 0% Driver started disabled -
UnlockerDriver4.sys 0% Driver manual -
update.sys 0% Driver manual -
ups.exe 0% Service manual -
usbccgp.sys 0% Driver manual -
usbehci.sys 0% Driver manual -
usbhub.sys 0% Driver manual -
usbprint.sys 0% Driver manual -
USBSTOR.SYS 0% Driver manual -
usbuhci.sys 0% Driver manual -
Vax347b.sys 0% Driver during boot -
Vax347s.sys 0% Driver during boot -
vga.sys 0% Driver during system start -
viaagp.sys 0% Driver started disabled -
viaide.sys 0% Driver started disabled -
VolSnap.sys 0% Driver during boot -
vssvc.exe 0% Service manual after RPCSS -
w29n51.sys 0% Driver manual -
wanarp.sys 0% Driver manual -
0% Driver manual -
isapnp.sys 0% Driver started disabled -
wdmaud.sys 0% Driver manual -
HSF_CNXT.sys 0% Driver manual -
svchost.exe 0% Service manual -
svchost.exe 0% Service manual -
wmiapsrv.exe 0% Service manual after RPCSS -
wmpnetwk.exe 0% Service manual after upnphost,http,HTTPFilter -
ws2ifsl.sys 0% Driver started disabled -
WSTCODEC.SYS 0% Driver manual -
WudfPf.sys 0% Driver manual -
wudfrd.sys 0% Driver manual -
svchost.exe 0% Service manual after PlugPlay -
xbcd.sys 0% Driver manual -
xbreader.sys 0% Driver manual -
svchost.exe 0% Service manual after RpcSs -
Windows Portable Device Shell Service Object 0% C:\WINDOWS\system32\WPDShServiceObj.dll Program when Windows starts, Registry: Machine\ShellServiceObjectDelayLoad WPDShServiceObj WPDShServiceObj Class (not active) Microsoft Corporation : Microsoft® Windows® Operating System
Alps Pointing-device Driver 0% 4000 0:02 C:\Program Files\Apoint\Apoint.exe Taskicon 10:56:34 PM when Windows starts, Registry: Machine\Run Europa, Touch Pad Alps Electric Co., Ltd. : Alps Pointing-device Driver
Microsoft Office XP Professional with FrontPage 0% C:\Program Files\Microsoft Office\Office10\OSA.EXE Program when Windows starts, Registry: Machine\Common Startup Microsoft Office XP component (not active) Microsoft Corporation : Microsoft Office XP
Symantec Client Security 0% 5020 0:01 C:\Program Files\Symantec Client Security\Symantec AntiVirus\VPTray.exe Taskicon 10:57:05 PM when Windows starts, Registry: Machine\Run Symantec AntiVirus Symantec Corporation : Symantec AntiVirus
Symantec Client Security 0% 4472 0:02 C:\Program Files\Common Files\Symantec Shared\ccApp.exe Taskicon 10:57:01 PM when Windows starts, Registry: Machine\Run Symantec User Session - ccApp, Symantec Client Firewall - Enabled Symantec Corporation : Client and Host Security Platform
Symantec Client Security (Symantec AntiVirus) 0% 3224 4:20 C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe Program 10:53:43 PM during system start-up from Plug and Play Provides real-time virus scanning, reporting, and management functionality for Symantec AntiVirus. Symantec Corporation : Symantec AntiVirus
Security Task Manager 0% 5552 31% 10.5 MB 0:08 C:\Program Files\Security Task Manager\TaskMan.exe Program 11:37:20 PM from Windows Explorer Security Task Manager A. & M. Neuber Software : Security Task Manager
Windows Explorer 0% 324 10.6 MB 0:29 C:\WINDOWS\Explorer.EXE Program 10:53:14 PM Common, Bluetooth, A network cable is unplugged. Microsoft Corporation : Microsoft® Windows® Operating System
Windows Explorer 0% 1004 2.9 MB 0:16 C:\WINDOWS\Explorer.EXE Program 11:22:56 PM from Windows Explorer hijackthis Microsoft Corporation : Microsoft® Windows® Operating System
Windows TaskManager 0% 2748 2.8 MB 0:03 C:\WINDOWS\system32\taskmgr.exe Program 11:03:38 PM from Windows NT Logon Application Windows Task Manager, CPU Usage: 55% Microsoft Corporation : Microsoft® Windows® Operating System
Adobe SVG Viewer 3.0 0% 5880 3.0 MB 1:00 C:\Program Files\Internet Explorer\iexplore.exe Program 11:17:30 PM from Windows Explorer Internet Explorer - BleepingComputer.com -> Posting New Topic - Windows Internet Explorer Microsoft Corporation : Windows® Internet Explorer

BC AdBot (Login to Remove)

 


#2 DaveM59

DaveM59

    Bleepin' Grandpa


  • Members
  • 1,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:TN USA
  • Local time:10:00 AM

Posted 31 January 2007 - 07:49 PM

Hi dadrivr,

Sorry for the delay, things are very busy here right now.

To clarify one point, many of the programs that start up with Windows are not listed in the Startup section of MSConfig. On my computer, I have 13 programs listed under Startup, but Task Manager shows 34 processes running. So the discrepancy you have is not abnormal.

You do have an awful lot of programs running, but even a computer as loaded with software as yours is should not take an hour to boot.

Frankly, I am not sure whether malware is at the root of your problem or not. Your log has a couple of lines that may indicate an infection, but I am not even sure of that. We will need to find out whether your computer is infected and if so, remove the infection.

This may or may not cure your bootup problem. If it does not, then once your machine is clean, I will turn you over to the people on the Windows XP forum. Some of them have a lot more experience than I do in troubleshooting operating system difficulties.

You need to understand going in is that most malware fixes involve one or more reboots of the computer. I know that you are concerned about shutting down your machine, and I'll go as far as I can before I ask you to reboot, but it may be necessary at some point.

The first thing we have to do is look at the lines In your log. They are:

F2 - REG:system.ini: UserInit=userinit,nddeagnt.exe,regsrv32.exe /s
O4 - Global Startup: Register.exe


The questionable files are regsrv32.exe and Register.exe. Neither has a pathway. They are probably located in C:\Windows\system32 but they may be in another folder. We have to find them.

First, configure Windows to Show all files and folders:1. Close all programs so that you are at your desktop.
2. Double-click on the My Computer icon.
3. Select the Tools menu and click Folder Options.
4. After the new window appears select the View tab.
5. Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
6. Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
7. Remove the checkmark from the checkbox labeled Hide protected operating system files.
8. Press the Apply button and then the OK button and close out My Computer.
9. Now your computer is configured to show all hidden files.
Please click Start, Search, All Files and Folders and then under Look in: select your C:\ drive. Then type or copy and paste the name of the first file, regsrv32.exe in the upper search box ("All or part of the file name"). Once the file is found, make a note of its location so you can find it again. Then click Back and put the filename Register.exe in the upper search box, and repeat the search.

If you find one or both of the files, please submit them for analysis.

To submit, go to this webpage:

Virustotal

Near the top of the webpage there is a white text box with a Browse button, just click it and navigate to one of the files, select it, click Open, then back on the web page, click Send.

Virustotal puts the file in a queue and will estimate how long it should take before your file is analyzed. During the analysis you will see the report grow as the file is scanned by each of the programs.

To save the report, highlight the relevant block of text on the web page, then press <Ctrl> - C. Open Notepad and press <Ctrl> - V. Give the file a catchy name like Virustotal.txt and save it to your desktop. I need to see it.

Repeat the submission process for the other file and save the results to a text file in the same way.

Please post the Virustotal results to a reply here. If you cannot find either or both files, let me know that.

One last question: what programs you have disabled using MSConfig? I won't ask you to reset it for a normal startup, (that would require a reboot) but please tell me.

Good luck,

Dave

#3 DaveM59

DaveM59

    Bleepin' Grandpa


  • Members
  • 1,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:TN USA
  • Local time:10:00 AM

Posted 11 February 2007 - 10:41 AM

Hi dadrivr, anything to report?

#4 DaveM59

DaveM59

    Bleepin' Grandpa


  • Members
  • 1,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:TN USA
  • Local time:10:00 AM

Posted 18 February 2007 - 08:52 PM

Due to lack of feedback, this topic is now closed. If you want it re-opened, please PM me and put the url in your request.

This applies to the original poster only. Everyone else please start a new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users