Solved

MSINFO32 --> Software Environment --> Startup Programs HUGE GIGANTIC BIG LIST ?!

Posted on 2006-07-14
20
1,019 Views
Last Modified: 2009-07-29
Hi All:

I was just wondering.... On some of my systems, those that are what we call "problematic", I have recently been noticing that their startup list in msinfo32 is HUGE!

For some reason it includes .DEFAULT, and NTAUTHORITY/SYSTEM 's entries in there which bloat up the list like a baloon!

I google'd a bit and couldn't find anything relating to this. The only "fix" I know of, is to format! On a freshly, out-of-the-box configured system the list is short and sweet.

Does anyone know WHY that gets corrupted like that? Is there indeed a fix without formatting?

--ITKnightMare
0
Comment
Question by:ITKnightMare
  • 5
  • 5
  • 3
  • +5
20 Comments
 
LVL 14

Expert Comment

by:Geisrud
ID: 17109524
I'm not too familiar with msinfo32, but on my computer I do see several programs that I've installed over time, as well as some things that I don't recognize (something to look into for me, I guess).  That said, the list is quite different from the startup tab in msconfig.

Is there something more specific (signs and symptoms) about your problematic PC's that we can drill down on?
0
 
LVL 38

Expert Comment

by:younghv
ID: 17109536
ITKM,
From the Start - Run box, type in msconfig (enter).
Take a look at everything in your startup menu and maybe you can figure out what it going on.

Are you running AV, anti-spyware, FW, using a HOSTS file, etc.?
Vic
0
 
LVL 59

Expert Comment

by:LeeTutor
ID: 17109686
Definitely sounds like viruses/trojans/spyware or other malware.  Some free online virus scanners:

http://housecall.antivirus.com  

http://www.pcpitstop.com/antivirus/default.asp

http://www.pandasoftware.com/activescan/com/activescan_principal.htm

Also try these free programs to rid your system of spyware, trojans, and other malware:

http://download.com.com/3000-2144-10194058.html?tag=lst-0-1
Spybot - Search & Destroy

http://download.com.com/3000-2094-10045910.html?legacy=cnet
LavaSoft Ad-aware  

I use BOTH of the above programs on my 3 Windows systems; what one program misses, the other catches.  Also make sure to download the most up-to-date data before you run the programs.
0
 
LVL 59

Expert Comment

by:LeeTutor
ID: 17109697
You might also try this free program (HijackThis) -- install it in its own folder, don't download to your Desktop:

http://www.spychecker.com/download/download_hijackthis.html

HijackThis is a tool that is for advanced users, because it lists all the installed browser add-on and startup items, allowing you to inspect them and then optionally remove any ones you select.  You must be careful in choosing what to remove, although the program can create a backup of your original settings.  But put a check mark to fix any home page or search page setting that HijackThis detects which you have not entered yourself.  The program has an option to download online updates of the hijack data.

You should first post the log at this site:  

http://www.hijackthis.de/index.php?langselect=english

and it will be automatically analyzed for you (after you click on the button labeled "Analyze" near the bottom of the page), telling you which entries (called "Nasty") should be fixed.  You will also be told if you have any items that are "Possibly Nasty", or "Unnecessary", or "Unknown". If you don't know what to do about these, you might find something on the module name by doing a Google search of the internet.

If you have any questions about what it is asking you to fix that you would like the E-E experts to comment on, then do this:  scroll down where you will see a Save Analysis button, hit it and it will save your Log Analysis (for a period of three days), then copy the link of that page and paste it here, and experts can check it for you.  (Please DON'T post the entire log itself in your question.)

In case you would like to learn more yourself how to use HijackThis, here are a couple of urls:

http://www.tomcoyote.org/hjt/
HijackThis Quick Start

http://www.spywareinfo.com/~merijn/htlogtutorial.html
HijackThis log tutorial
0
 
LVL 34

Accepted Solution

by:
sramesh2k earned 500 total points
ID: 17109718
System Information tool (MSINFO32) displays the list of all the system files when you click the "Startup Programs" section ?:
http://windowsxp.mvps.org/msinfofix.htm
0
 
LVL 30

Expert Comment

by:callrs
ID: 17111058
Besides disabling startup items through each program's options or uninstalling through Start > Control Panel > Add/Remove Programs, you can use autoruns to disable/delete startup items:
http://www.sysinternals.com/Utilities/Autoruns.html     Sysinternals Freeware - Autoruns

More tips at
http://www.experts-exchange.com/Operating_Systems/WinXP/Q_21885511.html     Windows XP: My programs that load on XP startup are out of control!
0
 

Expert Comment

by:Nemesis_moh
ID: 17114402
Hey
Download a free program called Start up Inspector for windows,it tells you exactly which programs start up with your pc..It also Has a database of known viruses e.t.c
http://www.windowsstartup.com/

Good Luck!!
0
 
LVL 7

Expert Comment

by:nttranbao
ID: 17115441
It's certainly a virus. see threat
http://securityresponse.symantec.com/security_response/writeup.jsp?docid=2004-031508-5302-99&tabid=2
http://securityresponse.symantec.com/security_response/writeup.jsp?docid=2003-071717-0325-99&tabid=2

There you will find ways to get rid of.
My usual solution :
1. Boot to safe mode
2.run msconfig ->startup tab ->uncheck all
3.Find all msinfo32.exe, properties each. If it has Version tab indicates Microsoft, then this is probably ok. if doesn't, delete it.

4. in msconfig windows, tab General, select Diagnostic Startup.ok->reboot normally.
5.use antivirus to scan the computer.
0
 
LVL 1

Author Comment

by:ITKnightMare
ID: 17122596
Hey guys,

OK... I guess first of all I should thank all of you for the diligent help you are trying to offer. Unfortuantely it is the wrong info... Why?

When I tried checking the msinfo32 on a fresh windows xp sp2 install... Which on top of that had these installed:

ZoneAlarm
Symantec Antivirus Corporate Edition
Spyware Blaster Corporate
Windows Defender
Spysweeper Corporate

It still was the same way. I am also equally sure that all of you will agree that the protection above is more than adequate and there is no way in "heck" that spyware is the cause of it...

That said, I am still confused as to why this bloating is occuring. I mean, it doesn't make sense.

Any more help?

--ITKM
0
 
LVL 38

Expert Comment

by:younghv
ID: 17122760
ITKM,
I have learned the hard way to 'never say never'.

If you do the Hijack This work that LeeTutor suggested, a whole bunch of folks will eyeball your logs and we may be able to come with a solution.
Good Luck,
Vic
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 1

Author Comment

by:ITKnightMare
ID: 17147644
*sigh*

Surrree....


Logfile of HijackThis v1.99.1
Scan saved at 12:20:40 PM, on 7/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\PROGRAM FILES\PROCESSEXPLORER\PROCEXP.EXE
C:\WINDOWS\system32\IFXSPMGT.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\AcroTray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
C:\Documents and Settings\amemisya\Desktop\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: SpoofStick BHO - {CBA74CDA-DF78-4AD9-954E-3B15D0A993DE} - C:\Program Files\CoreStreet\SpoofStick\SpoofStickBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: SpoofStick - {4D46ED77-1429-4CF6-8F63-C84B5D710BAF} - C:\Program Files\CoreStreet\SpoofStick\SpoofStick.dll
O4 - HKLM\..\Run: [IfxSecurePlatformIndication] C:\Program Files\Broadcom\Security Platform Software\SpTNA.exe
O4 - HKLM\..\Run: [PSDruntime] C:\Program Files\Broadcom\Security Platform Software\PSDrt.EXE
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: IfxWlxEN - C:\WINDOWS\SYSTEM32\IfxWlxEN.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: PSDNtfy - C:\Program Files\Broadcom\Security Platform Software\PSDNtfy.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\IFXSPMGT.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\IFXTCS.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Broadcom  - C:\Program Files\Broadcom\Security Platform Software\PSDsrvc.EXE
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\r_server.exe" /service (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarOpen - SigmaTel, Inc. - (no file)
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
0
 
LVL 1

Author Comment

by:ITKnightMare
ID: 17147682
And... hijackthis.de analysis showed ALL entries to be safe except my TPM stuff (broadcom security chip) which is normal, since this laptop was just made and TPM isn't that popular yet with people...

So... Unless you guys have a better idea I'm gonna chuck this as a "meh... screw it" and leave it be.

--ITKM
0
 
LVL 7

Expert Comment

by:nttranbao
ID: 17147974
Use msconfig to see which program + services is running at boottime. (tab Services and Startup )

Looks like your computer is running a lot startup services/programs. Try to uncheck the unneed ones to free system resources and avoid software conflicts. My computer has 5 startup programs.




0
 
LVL 30

Expert Comment

by:callrs
ID: 17148743
Did you take a look at my previous tips?
You don't need to re-install. Just disable/uninstall programs & services....

And is it wise to have so many antivirus/antispy apps active? Slows things down. Better to have only one antivirus and only one antispy active. (I actually don't keep ANY active lol for efficiency sake, but I'm the sole user of the computer & play it safe. I instead do a custom scan whenever needed.)
0
 
LVL 1

Author Comment

by:ITKnightMare
ID: 17169587
Guys...

*sigh*

OK... For the last time! ACTUALLY, there are only 5~10 programs or so running at startup time!

It's MSINFO32 that shows a huuuuuuge bloated up list... Hence my reason for saying, "MSINFO32 is corrupted" hence my reason for saying, "I observe this usually on 'about to die' machines"

All I wanted to know was, does anyone have an explanation for it? that's it!

@callrs: Friend, I appreciate your tips, but they are not really related to what I am asking for. Please see above comments. thank you.
0
 
LVL 30

Expert Comment

by:callrs
ID: 17170951
http://windowsxp.mvps.org/msinfofix.htm     System Information tool (MSINFO32) displays the list of all the system files when you click the "Startup Programs" section ?
http://www.experts-exchange.com/Operating_Systems/WinXP/Q_21897683.html     Windows XP: Absurd amount of Startup Programs listed in MSInfo32
0
 
LVL 59

Expert Comment

by:LeeTutor
ID: 17170981
callrs, sramesh2k already posted your first link, and that website is his...
0
 
LVL 30

Expert Comment

by:callrs
ID: 17171001
Sorry. Ended up going in circles without re-reading the whole post. :-p
Please delete or ignore my last comment. Thanks.
0
 
LVL 1

Author Comment

by:ITKnightMare
ID: 17219313
I'm an idiot... If it wasn't for callrs, I would have totally missed the post sramesh2k made!

@sramesh: THAT WAS IT DUDE :)

thx guys!

--Russ
0
 
LVL 30

Expert Comment

by:callrs
ID: 17219458
>> If it wasn't for callrs
http://www.experts-exchange.com/help.jsp#hi19 Can I split the points?
Proper way to show gratitude is to award some credit

: )
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Most of the time we are in fix when all of sudden our systems behave weirdly.  Such problems cost time and effort... so it's best to take some preventive actions so that we can avoid such issues or overcome such problems more easily. Preventive M…
Step by step guide to Clean and Sort your windows registry! Introduction: Always remember: A Clean registry = Better performance = Save your invaluable time In this article we're going to clear our registry manually! Yes, manually! The e…
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now