MSCONFIG STARTUP LIST

[Flamejanes]

I have winxp and I was wondering if someone could help me fix a problem? When I open "Msconfig" I see that there are like "20 something plain square boxes" in my startup list, located in (software\microsoft\windows nt\currentversion\windows)

I don't know if that's (HKLM or HKCU or what) thats the only location description it shows. How do I find it & delete it? Any help would be deeply appreciated

Here is my HJT Log

Logfile of HijackThis v1.99.0

Scan saved at 9:17:41 AM, on 6/7/2005

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\Explorer.exe

C:\Program Files\Yahoo!\browser\ybrwicon.exe

C:\HP\KBD\KBD.EXE

C:\windows\system\hpsysdrv.exe

C:\WINDOWS\System32\hkcmd.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE

C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\interMute\SpamSubtract\SpamSub.exe

C:\PROGRA~1\Yahoo!\browser\ycommon.exe

C:\WINDOWS\System32\msiexec.exe

C:\Program Files\Yahoo!\browser\YBrowser.exe

C:\Program Files\Yahoo!\Messenger\YPAGER.EXE

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\hijackthis.exe

F2 - REG:system.ini: Shell=C:\WINDOWS\Explorer.exe

O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [iPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [CMPDPSRV] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE

O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [sSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe

O16 - DPF: {4EC8E993-32C1-47F5-A07A-5B0574655AD4} (WXcom Class) - http://us.dl1.yimg.com/download.yahoo.com/...ntr_current.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{851FA0D9-8763-4662-83EA-DCB1C7FEEFBC}: NameServer = 69.50.166.94 69.31.80.244

O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Norton AntiVirus Auto-Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

[Tarun]

Looks completely clean. Is HijackThis reporting the blank checkmarks? Also, do they display as the following:

[x] (No information follows)

If so, they are safe to remove/delete.

[Flamejanes]

Thanks alot Tarun for your help and NO HJT doesn't report the square boxes that's in msconfig....Yes they look like this ( [] [] [] [] [] [] [] [] [].....) msconfig reports the location as (software\microsoft\windows nt\currentversion\windows)

but I dont know where that is in regedit No HKLM or HKCU \ software.... like it should be

[Tarun]

Thanks alot Tarun for your help    and NO HJT doesn't report the square boxes that's in msconfig....Yes they look like this ( [] [] [] [] [] [] [] [] [].....) msconfig reports the location as  (software\microsoft\windows nt\currentversion\windows)

but I dont know where that is in regedit    No HKLM or HKCU \ software.... like it should be

<{POST_SNAPBACK}>

Always be careful when editing the registry!

Go to Start, Run... and type in regedit

• Now check the following keys:
  
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
  
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
  
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
  
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
  
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
  
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
  

If you have CCleaner, you may also be able to remove them using the Tools -> Startup Programs section of CCleaner.