Tech Support Guy banner
Status
Not open for further replies.
1 - 20 of 45 Posts

·
Registered
Joined
·
1,505 Posts
Discussion Starter · #1 ·
I have a new problem I can't seem to figure out, how to do with XP. I know how to get to my startup, but my problem is with this new computer with XP.

There are all these programs that load on startup, what my problem is,
the fact, I have no clue as what these programs are, most all of them are
abreviations of different programs, and I have no clue what these programs are.

It was different with Win 98.

There are a lot of programs that Compac added on startup, and there again, there abreviations in the start up. *sigh* anyone have any ideas on this?

All help is welcome in this matter. Thanks in advance. ;)
 

·
Registered
Joined
·
677 Posts
You can still, with xp, run msconfig and uncheck things. You can also google file names - there's one that is associated with logitech keyboards that is something like "backweb" that always gives me whiplash. It looks like a trojan. lol (Start, run, msconfig). Even though it comes up with a message warning me about using this, it's a relatively painless way to check and uncheck the things that are starting up with your machine.
 

·
Registered
Joined
·
51,987 Posts

·
Registered
Joined
·
1,505 Posts
Discussion Starter · #5 ·
Darn, the pictures didn't load.
Wow looks like I have my work cut out for me, looking up each one, :(
 

·
Registered
Joined
·
1,505 Posts
Discussion Starter · #6 ·
Thanks for your replys, it will be time consuming, but I am looking through these, from one of the links, and figuring it out, Thanks again.
 

·
Registered
Joined
·
1,505 Posts
Discussion Starter · #7 ·
I found some of them through the links , I guess I will go to Google now and see what the others are, all though the links, gave me information I did not know,lol so that's a good thing. Thanks again to all
 

·
Retired Moderator
Joined
·
84,301 Posts
I think with XP, there is a command you can put in that will list all the programs running.
It would be easier to read that.

Go to Start, Run and type MSINFO32
On the left choose Software Enviroment, then Startup Programs. Copy/paste the list here.
 

·
Registered
Joined
·
1,505 Posts
Discussion Starter · #9 ·
I was able to get rid of a few of them, but now I am getting this error on start up.
 

Attachments

·
Registered
Joined
·
1,505 Posts
Discussion Starter · #11 ·
the fourth one from the bottom, I think I messed up, when I first got my computer, is there anyway to change that?

I am really confused now.
 

·
Retired Moderator
Joined
·
84,301 Posts
Usually when you disable things on Startup, it goes into something called "Selective Startup" which was probably the first Window that popped up. When you hit OK, it shouldn't come up anymore.

Lemme take a look at what's running...
 

·
Retired Moderator
Joined
·
84,301 Posts
Two things stand out to me right now.

The AlcxMonitor entry (typically considered spyware)

And the file running from the Temp folder, the RecoverFromReboot
That makes me suspect spyware as well.

I think it would be best to download Hijack This:
http://www.majorgeeks.com/download3155.html

Close out any open web browsers
Launch the program
Hit Scan, then Save Log
Open the log in Notepad
Then copy & paste the log into this thread
 

·
Registered
Joined
·
1,505 Posts
Discussion Starter · #14 ·
yes I think thats, what popped up, and I clicked on it, and sent me to my startup menu. and still continues to do this, on every startup or restart. hummm??
 

·
Banned
Joined
·
2,024 Posts
A less complicated way is to: Click on start, click on run. on the open box type: MSCONFIG. Then click the Services tab and check Hide All Microsoft Services. Now there is NO Windows services are shown in your list.

Next go through and turn off anything that doesn’t seem critical. (your anti-virus U want to keep it check) If you make a mistake U can go back and turn it on again.

Note: Each time you uncheck a box and restart your PC, you'll get a warning that you've used the System Configuration Utility to disable a program from starting automatically. If you don't want to see that warning, disable it by checking the box in the dialog itself.
 

·
Registered
Joined
·
1,505 Posts
Discussion Starter · #17 ·
Ok Thank you, Kenny
No Cheeseball, but I will restart, and uncheck it, and will be back.
 

Attachments

·
Retired Moderator
Joined
·
84,301 Posts
Just posting this for easier viewing:

Logfile of HijackThis v1.99.0
Scan saved at 10:57:35 PM, on 1/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Norton AntiVirus\SAVScan.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [RecoverFromReboo] C:\WINDOWS\Temp\RECOVE~1.EXE
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin\core.hp.main\SendTo.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O23 - Service: Symantec Event Manager - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
 

·
Registered
Joined
·
1,505 Posts
Discussion Starter · #19 ·
Ok I did like you said to do Kenny, thanks
 

·
Retired Moderator
Joined
·
84,301 Posts
Some that you can disable from Startup (msconfig) would be:

[Reminder] "C:\Windows\Creator\Remind_XP.exe
Name Reminder
Command Remind_XP.exe
Status N
Description Subscription reminder to unlock unkimited use for SoftThinks CD Creator CD/DVD rewriting software, usually supplied with HP PC's as a pre-installed package

STATUS KEY:
"N" - Not required - typically infrequently used tasks that can be started manually if necessary

[AlcxMonitor] ALCXMNTR.EXE
Name AlcxMonitor
Command Alcxmntr.exe
Status X
Description Realtek AC97 Audio - Event Monitor. "Sypware" file used surreptitiously monitor one's actions. It is not a sinister one, like remote control programs, but it is being used by Realtek to gather data about customers

STATUS KEY:
"X" - Definitely not required - typically viruses, spyware, adware and "resource hogs"

[YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
Name YBrowser
Command ybrwicon.exe
Status N
Description SBC Yahoo! Browser system tray icon

STATUS KEY:
"N" - Not required - typically infrequently used tasks that can be started manually if necessary

[IPInSightMonitor 01]
Name IPInSightMonitor 01
Command ipmon32.exe
Status N
Description Installed with Verizon DSL accounts. IP Insight is a Quality of Service monitor and diagnostic tool that isn't required - see here for more information: http://www.dslreports.com/faq/1247

STATUS KEY:
"N" - Not required - typically infrequently used tasks that can be started manually if necessary

---------------------------------------------------------

I am leery of this entry: O4 - HKLM\..\Run: [RecoverFromReboo] C:\WINDOWS\Temp\RECOVE~1.EXE

What you can do is disable those others for now.

Then move Hijack This into a permanent folder of your creation on the hard drive. Just make a folder there and call it something like "HJT" and have it there.

Then post a new log :up:
 
1 - 20 of 45 Posts
Status
Not open for further replies.
Top