# Help weed out all the non essential processes that are running at start up please



## RADLEY (May 30, 2004)

Can someone please look at this file from Hijackthis and tell me what start-up processes I can stop in my system config using msconfig or in my registry please. The PC seems to be taking longer and longer to boot since all these items run/boot at start up.

StartupList report, 2/2/05, 10:35:13 PM
StartupList version: 1.52.2
Started from : C:\PROGRAM FILES\HIJACK_THIS.EXE\HIJACKTHIS.EXE
Detected: Windows 98 SE (Win9x 4.10.2222A)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\ADVTOOLS\NPROTECT.EXE
C:\PROGRAM FILES\EXECUTIVE SOFTWARE\DISKEEPER\DKSERVICE.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\AOTRAY.EXE
C:\WINDOWS\SYSTEM\LXAMSP32.EXE
C:\WINDOWS\SYSTEM\PRINTRAY.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\MSN APPS\UPDATER\01.02.3000.1001\EN-US\MSNAPPAU.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\KODAKCCS.EXE
C:\PROGRAM FILES\LOGITECH\ITOUCH\ITOUCH.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\ALUNOTIFY.EXE
C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BACKWEB-8876480.EXE
C:\PROGRAM FILES\LEXMARKX63\ACBTNMGR_X63.EXE
C:\PROGRAM FILES\LEXMARKX63\ACMONITOR_X63.EXE
C:\PROGRAM FILES\DIAMOND\INCONTROL TOOLS 99\DMHKEY.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\KODAK\KODAK EASYSHARE SOFTWARE\BIN\EASYSHARE.EXE
C:\PROGRAM FILES\KODAK\KODAK SOFTWARE UPDATER\7288971\PROGRAM\KODAK SOFTWARE UPDATER.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\HIJACK_THIS.EXE\HIJACKTHIS.EXE
C:\WINDOWS\NOTEPAD.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\WINDOWS\Start Menu\Programs\StartUp]
AcBtnMgr_X63.exe.lnk = C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe
ACMonitor_X63.exe.lnk = C:\Program Files\LexmarkX63\ACMonitor_X63.exe
InControl Desktop Manager.lnk = C:\Program Files\Diamond\InControl Tools 99\DMHKEY.EXE
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
Kodak software updater.lnk = C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

ScanRegistry = C:\WINDOWS\scanregw.exe /autorun
TaskMonitor = C:\WINDOWS\taskmon.exe
SystemTray = SysTray.Exe
LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
AOTray = AOTray.Exe
LexStart = 
lxamsp32.exe = lxamsp32.exe
LexmarkPrinTray = PrinTray.exe
StillImageMonitor = C:\WINDOWS\SYSTEM\STIMON.EXE
QuickTime Task = "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
LoadQM = loadqm.exe
ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
ccRegVfy = "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
Advanced Tools Check = C:\PROGRA~1\NORTON~1\ADVTOOLS\ADVCHK.EXE
NPROTECT = C:\PROGRA~1\NORTON~1\ADVTOOLS\NPROTECT.EXE
msnappau = "c:\program files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
KodakCCS = C:\WINDOWS\System32\Drivers\KodakCCS.exe
zBrowser Launcher = C:\Program Files\Logitech\iTouch\iTouch.exe
Logitech Utility = LOGI_MWX.EXE
Lcwvl = C:\PROGRAM FILES\BNOEYX\ACLDNT.EXE
Symantec NetDriver Monitor = C:\PROGRA~1\SYMNET~1\SNDMON.EXE
CriticalUpdate = C:\WINDOWS\SYSTEM\wucrtupd.exe -startup

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

(Default) =

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
SchedulingAgent = mstask.exe
ccEvtMgr = "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
NPROTECT = C:\PROGRA~1\NORTON~1\ADVTOOLS\NPROTECT.EXE
ScriptBlocking = "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
DkService = C:\Program Files\Executive Software\Diskeeper\DkService.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

MsnMsgr = "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
ALUAlert = C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe
LDM = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = C:\WINDOWS\NOTEPAD.EXE %1

--------------------------------------------------

C:\WINDOWS\WININIT.BAK listing:
(Created 2/2/2005, 21:46:44)

[rename]
NUL=C:\WINDOWS\TEMP\_ISTMP1.DIR\00066EA1._MP
NUL=C:\WINDOWS\TEMP\_ISTMP1.DIR\ZDATAI51.DLL
NUL=C:\WINDOWS\TEMP\_ISTMP1.DIR\_WUTL951.DLL
NUL=C:\WINDOWS\TEMP\_ISTMP1.DIR\_ISTMP0.DIR\CORECOMP.INI
NUL=C:\WINDOWS\TEMP\_ISTMP1.DIR\_ISTMP0.DIR\CTL3D32.DLL
NUL=C:\WINDOWS\TEMP\_ISTMP1.DIR\_ISTMP0.DIR\ISUNINST.EXE
NUL=C:\WINDOWS\TEMP\_ISTMP1.DIR\_ISTMP0.DIR\VIASETUP.DLL
NUL=C:\WINDOWS\TEMP\_ISTMP1.DIR\_ISTMP0.DIR\VALUE.SHL
NUL=C:\WINDOWS\TEMP\_ISTMP1.DIR\_ISTMP0.DIR\6760A.DLL

--------------------------------------------------

C:\AUTOEXEC.BAT listing:

SET BLASTER=A220 I5 D1 H1 T4
SET Path=%Path%;"C:\Program Files\Executive Software\Diskeeper\"

--------------------------------------------------

Enumerating Browser Helper Objects:

NAV Helper - C:\Program Files\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}
(no name) - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
(no name) - C:\PROGRAM FILES\MSN APPS\ST\01.02.3000.1002\EN-XU\STMAIN.DLL - {9394EDE7-C8B5-483E-8773-474BF36AF6E4}
(no name) - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Symantec NetDetect.job
Tune-up Application Start.job
Norton AntiVirus - Scan my computer.job
Windows Critical Update Notification.job

--------------------------------------------------

Enumerating Download Program Files:

[CV3 Class]
InProcServer32 = C:\WINDOWS\SYSTEM\WUV3IS.DLL
CODEBASE = http://windowsupdate.microsoft.com/R1062/V31Controls/x86/w98/en/actsetup.cab

[iPIX ActiveX Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\IPIXX.OCX
CODEBASE = http://www.ipix.com/viewers/ipixx.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
CODEBASE = http://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\DIRECTOR\SWDIR.DLL
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

[QuickTime Object]
InProcServer32 = C:\WINDOWS\SYSTEM\QTPLUGIN.OCX
CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab

[{f760cb9e-c60f-4a89-890e-fae8b849493e}]

[Update Class]
InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL
CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37939.3115972222

[Toontown Installer ActiveX Control]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\TTINST.DLL
CODEBASE = http://download.toontown.com/sv1.0.9.21/ttinst.cab

[cpbrkpie Control]
InProcServer32 = C:\WINDOWS\CPBRKPIE.OCX
CODEBASE = http://a19.g.akamai.net/7/19/7125/4019/ftp.coupons.com/v3123/cpbrkpie.cab

[Actimage Room Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\BTILE.OCX
CODEBASE = http://dar.armstrong.com/ib/databases/actimage30717.cab

[Support.com Installer]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\TGCTLINS.DLL
CODEBASE = http://supportsoft.adelphia.net/sdccommon/download/tgctlins.cab

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

WebCheck: C:\WINDOWS\SYSTEM\WEBCHECK.DLL

--------------------------------------------------
End of report, 9,389 bytes
Report generated in 0.104 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only


----------



## jd_957 (Dec 30, 2004)

am not sure what you ran. but it does not look like a HJT log file. Get the latest HJT here. then post again.

http://www.tomcoyote.org/hjt/


----------



## RADLEY (May 30, 2004)

This is a startup list that is part of the features in Hijack as an optional log. I'm trying to determine what I can kill at boot time to free up resources on my Mothers PC. She has all kinds of stuff running at start-up and it takes forever to boot. ?? 

Can someone help me please?


----------



## flavallee (May 12, 2002)

Make sure you have the most current version of HijackThis, which is 1.99.0, then run a scan and save the log and post the entire contents here. Just use the "Scan" and "Save Log" functions and nothing else.

If you want to review your list of running processes in the MSCONFIG "Startup" tab, the search option at this site will be a big help to you.

Other than

*ScanRegistry

SystemTray

Antivirus program entries

Firewall program entries*

Windows 98SE needs very few other programs to be running in the background.

----------------------------------------------------------------

Besides trimming down the startup load, get rid of the buildup of temp files in that computer. Go to "Find - Files And Folders", select the hard drive to look in, then delete *everything* that appears under:

**.TMP

C:\TEMP\*.*

C:\WINDOWS\TEMP\*.**

Don't be surprised if you see hundreds of those files appear. Get rid of them *all*.

----------------------------------------------------------------

Please be patient and don't expect a reply within a few minutes. You're not the only one out there asking for help. We volunteer our time and don't get paid for this.

---------------------------------------------------------------


----------



## RADLEY (May 30, 2004)

Thank you Frank...I really appreciate the time and advice. Thanks again!


----------



## flavallee (May 12, 2002)

You're welcome.


----------

