msconfig: "Selective" or "Normal" Startup ??

June 22

Hello,

I went to msconfig just for a look, and noticed the radio button was set to "Selective Startup". I thought it was supposed to be set to "Normal" Startup, which loads all drivers, etc.

Is it supposed to be set to "Selective" or "Normal" ? If it is supposed to be set to "Normal" then that was how it was set after we finished with the last trojan removal and housecleaning. It WAS set to "Normal", as I best recall last month.

How, then, did it get switched to "Selective" ?

I couldn't find your page on that subject, but didn't spend an hour looking. I know you have instructions for this in the basic maintenance section somewhere.

Please post that page link, so I'll know if I'm okay or in some trouble.

Thanks again for all your abundant assistance in these matters.

-scottportraits

 

Normal should be the setting by threads here:

http://forums.majorgeeks.com/showthread.php?t=149804

 

June 23, 2007

Hi,

Thanks for the link and the info re: setting msconfig to "Normal" Startup. The article makes alot of sense.

Went ahead and set the right radio button to 'Normal' and rebooted. Now, I have CCleaner and also downloaded Mike Linn's Startup Utility (from Control Panel). But something is not quite right....

...CCleaner > Tools > Startup list the five things I want on my start, run menu. They are 1.) AVG Anti-Virus, 2.) Sygate firewall, 3.) Windows Defender, 4.) Comodo BO Cleaner, and 5.) ctfmon. In Mike Linn's app the first four items are under the HKLM / Run tab, and ctfmon is under them HKCU / Run tab.

Fine. Okay. But when I go to msconfig's startup tab I find two extra entries that have no title (are blank) under the 'Command' column, and they are given these values under the 'Location' column:

HKCU\Software\Microsoft\WindowsNT\CurrentVersion\Windows: Run
&
HKCU\Software\Microsoft\WindowsNT\CurrentVersion\Windows: Load

So seven items show up under that tab, and I don't know what those two above ones are or where they came from. I am also concerned as to why and how the "Normal" start button switched to "Selective" this time, in the first place. As I said, it was set to "Normal" when last I looked several weeks ago after a malware cleaning. What made it go into the selective mode ?

Did usual scans but found no malware, and no other symptoms of infection.

It seems to stay at "Normal" when I reboot, but there should only be 5 items on the list, and I never saw these two registry entries before in my life. It is puzzling me

Any ideas ??

Thanks again, old chums; wouldn't know what to do without you guys (and gals) at MG's.

-scottportraits

 

So is it Blank under both "Startup Item" and "Command"?

Hopefully someone else is going to provide some input here.

Nice having only 5 startup items but I hope no essential services are switched off, personally I have 20, but that inlucdes AV, Spyware monitoring, Remote Control, Realtek etc etc and I have 4Gb of RAM on a 64Bit os so no biggie here.

 

June 23, 2008

Bold Eagle,

Yes, that is correct. Those two registry items are both blank under the "Startup Item" & "Command" columns.

As I've said, I pared it down to the minimum five items; AVG A/V; Sygate Firewall; Comodo BO Cleaner; and Windows Defender. "ctfmon" has something to do with the whole MS Office suite, so it always finds its way back onto the start > run menu.

I also have Realtek audio drivers, a video card driver, as well as two printers that tried to put their spool drivers on that list, but I deleted them through CCleaner.....because the printers and audio work fine on an 'as needed' basis. They appear to do fine when I launch them, so I figured they don't really need to be running in the background all the time. They work whenever I need them to, once in a while, so I guess it's alright.

I have two 512MB RAM sticks, so there's not much available memory to run many things in the background. Since I use Spybot and SpywareBlaster FREE EDITION they only run on a limited scale. I'm counting on my paid AVG anti-virus, Sygate Firewall, Comodo, and Windows Defender programs to protect me.

What else should I put on the run menu that would make my system securer, without taxing a bunch of my limited RAM ? I don't believe I've switched off any essential services from the My Computer > Manage > Services list. I know I disabled ALL Symantec stuff, even used a special removal tool to scrub out any Symantec stains that got in there from before.

I have a 32-bit XP Home OS, with less than 1GB RAM, so it isn't a very big rig we are dealing with here. I'd like to know what essential services need to be enabled on that list, just to check. Everything I use seems to work well, so I can't imagine anything off that should be on.

Still wondering why that radio button in the System Configuration Utility switched itself from "Normal" to "Selective".......(?)

Thanks for the input, we learn a lot when we come here.

-scottportraits

 

Just to clarify, you are saying that in MSconfig there are two entries that do not show up using any other tool(like ccleaner), correct?

Make sure you have the latest version of CCleaner. The latest version as of now is 2.08.588. You can see what version you have by running CCleaner, it should be listed directly to the right of "CCleaner.com" at the top, directly above the system information. The last update that I received stated that startup locations were added, so if you have an older version, it may just not be checking where those startup items are located.

If it still does not show, you could most likely remove those entries using HijackThis, or, probably also with a program that I personally have grown to love, WinPatrol. You'll probably want to make sure that the entries are not needed before deleting them, if you choose to go that route. Especially if you choose to use HijackThis, it is a powerful tool and most entries listed in it's scans are not only legitimate but necessary for your computer to operate.

WinPatrol monitors your startup items, services, IE helpers, active x controls, and alerts you to things being added or removed. It allows you to manage them including deleting them, disabling them or delaying them, among several other things. You can look at it at http://www.winpatrol.com/

As far as figuring out how the startup got switched to selective... Did you notice any startup items unchecked under the startup tab?

 

Essentially your talking about "Optimising XP" and If I remeber correctly the most popular guide here used to be by "BlackViper", hopefully someone else can confirm or dispute this. Be careful your getting to that stage of knowing enough to become "dangerous" on your PC!:

Windows XP x86 (32 bit) Service Pack 3 Service Configurations.

On my old PC I used to follow these guides and gain a little more speed but things became a bit "to manual" and I had to manually connect a USB device everytime I plugged one in etc etc, and a bit of a pain in the arse for a little speed boost! It is easy to take it that one step to far and begin to impair or lose OS functionality or even corrupt the OS. So here is another guide you can use to "rebuild XP" without DATA or settings loss, try and bookmark it to another PC in the house so you can repair yours if you ever have to, I highly recommend it for all (impress the girls by fixing their PC and getting their data back):

Langa Letter: XP's No-Reformat, Nondestructive Total-Rebuild Option

You can take this a step further by "slipstreaming" XP with SP3, you'd have to google that.

I have just spent the last 3-4 days rebuilding this OS and uninstalling all my apps and re-installing them so I dont follow these guides anymore (totally unrelated problem though!).

Not sure what happened with the Normal to Selective issue but I wouldn't like having 2 start up items that dont show a name. I suggest that you do a root-kit analysis to see if there are any deeply hidden nasties, these don't normally show as start up items though but it wont hurt:

http://technet.microsoft.com/en-us/sysinternals/bb897445.aspx

Try rootkit reveler, read the page and instructions and see how you go. Please make a system restore point before you go any further!

 

I have been thinking about it and I tried the CCleaner method the other day and I didn't like it because it does seem to "delete" services (to brutal imho), personally you may need that service at some later time, hopefully it is just "disabling it". The method shown by BlackViper does just "disable" or make it a "manual" service rather than have it as an automatic service at start-up. Therefore you should follow his method using "services.msc" and then manually disable or change to manual the services that aren't "crucial". He list the vast majority of system services with explanations (click on the link, those not listed are from 3rd party software/apps) down the bottom, make you sure you understand the purpose of each service before disabling. If you have inadvertantly "deleted" the service you can run "sfc /scannow" with your system disk in the drive to hopefully repair/replace anyhting you may have lost. BE CAREFUL!

 

June 24, 2008

Yes Bold Eagle, I am truly at that point where I know enough to really screw things up worse, thinking that " I sort of know what I'm doing, but it can't hurt to give it a try " . Could be a deadly way to go, or just mildly destructive.

At any rate, let me answer a few questions first.

1) Yes, Unbanable, I am saying that in my msconfig's System Configuration Utility, (which I learned from Chaslang last month was NOT the way to manipulate your startup/run menu), there lurks two odd entries which do NOT show up using the most updated CCleaner and Mike Linn's utility, under the 'StartUp' window.

2) Using WinPatrol, as you've suggested, I find that the two entries DO show up under the 'Startup Programs' tab. They are titled simply 'run' and 'load', have no command .exe (blank) , nor 'company ' (also a blank). Under the 'Type' column they are listed respectively like this:
- WIN.INI_RUN; and
- WIN.INI_LOAD .
There is no date of detection....as I earlier stated today was the first time I ever saw them before in my life. Also, when I highlighted each of the two WIN.INI_ and asked for more information, the window had almost no information whatsoever. Under 'Status' it says "Local File Not Found". So I have no idea what these entries are or supposedly do. They are still in the msconfig startup menu with no name and no command listed, just a blank space. From there, again they are:

HKCU\Software\Microsoft\WindowsNT\CurrentVersion\Windows: Run
&
HKCU\Software\Microsoft\WindowsNT\CurrentVersion\Windows: Load

Since I am now fed up with them, I went ahead and highlighted each in WinPatrol and then hit 'disable', which leaves the entry there, just shuts it off. Then I checked run > msconfig > startup and guess what....the two above registry values have disappeared !!! They are still on WinPatrol's list, just marked as disabled, so if I need to turn them back on I can do it from there.

...and WinPatrol is the only one that shows them. The latest CCleaner still misses them. Incidentally, WinPatrol looks very interesting, but do I really need it on my startup/run menu, or to run every time I start up....?? Remember, I only have a little under 1GB of RAM, and it is a Celeron 'second-rate' processor.

3) Finally, there are no unchecked items on my run > msconfig > startup menu. All seven items listed there now are checked, with five I know I need, and two we are trying to figure out now.

I will wait RE: HiJackThis 'til tomorrow when I can study the issue and article in more detail.

I did install and run RootkitRevealer, and it's scan reported 53 discrepancies. I also created a System Restore Point before running that scan. I had trouble saving the log (as a .txt file), and I don't know why it wouldn't save it. Then I got an error message that shut-down the app. Ran it again and got 34 discrepancies, and again the attempt to save the log brought up an error window and shut it (RootkitRevealer) down. I'd like to post a log of the findings, but can't...

Langa's non-destructive OS rebuilder looks great, but we really don't need to go that far today, with this incident. It would be very useful indeed after a nasty trojan attack, but let's hope that won't happen again for a long time.

BlackViper may well have useful info RE: streamlining your OS, but none that I desperately need at this moment. I have bookmarked Langa's article and BlackViper's page so I can visit them tomorrow and study it out a little better.

So that's where we are today with this, which is now seemingly fixed by WinPatrol, but the two values are still on the list there, just disabled. They have disappeared off the msconfig start menu. No trace ever showed on the CCleaner utility, or Mike Linn's app.

Much food for thought....

-scottportraits