Only fully starting up after system restore

Morning Geeks,

Here's a weird one for you (I don't mean me )

Am posting in software, but in honesty, I don't know if this problem is software, I'm assuming so....

I'd had some problems with my pc not starting properly, and after assistance with clearing out unwanted stuff on Hijackthis log and temp files and stuff, there seems to be only one problem remaining, and I don't seem to be able to find out the problem.

I'm not fully pc literate, so forgive me if I don't describe something accurately or don't fully understand some of your terminology. But here goes....

On starting up my pc - it appears not to fully load what I expect - I say this purely because Icons are missing from my system tray. I would expect to see icons for the following : winpatrol, microsoft antispyware, grisoft antivir, volume control, 'safely remove hardware' thomson speedtouch moden, and 2 icons for wireless network connection (i believe one is the microsoft icon and the other for the hardware I use - a belkin wirelss adapter). However, as I was saying, on normal start up only one or two will show. I get round the problem by immediately doing a system restore (which takes ages - i think because the system is still trying desperately to load something and running into difficulties). It doesn't matter where I restore to either, as long as I restore. After that, i have all icons in systems try and a working pc.

On normal start up, if i try to run any windows program, there is a long delay (20 mins or so) before it starts and i immediately run into difficulfies with 'prog not responding' or similar. At this point, I can't even load task manager, it's as if something (I don't know what ) is utilitising all my memory.

After a restore, all appears to be ok - but it's getting tiresome having to do it every day.

Has anyone got any idea for what is happening and how to 'cure' it??

All assistance gratefully received, although would appreciate ansa's being worded in simple terms ......

Thanks in advance

 

Apologies, forgot to put my pc specs in: it's a HPpavilion 472UK with 768RAM, Pentium 4 2.0Ghz, 20mb HD, running WinXP home with SP2.

Thanks

 

Does this mean no-one knows what is happening? :-s

 

Could be a multitude of things. One thing is, its a hardware device that keeps reinstalling. You do a system restore, reboot. It works, then reinstalls the hardware device, then it happens again. Over and over.

Try this. Do a system restore, then boot to Safe Mode. Does it work ok? If you answer yes, then reboot again, back to Safe Mode. If it still works, see if there are devices in Device Manager with a red 'x' or ! next to it.

If not, http://support.microsoft.com/default.aspx?scid=kb;en-us;316434
Take a look at it.

Its too early to rule out viruses or spyware, too.

 

thanks for answering Adrynalyne.

I run a system restore and on the restart booted to safe mode (initial problem was it hanging with a list of stuff on the screen, like a batch file without the c prompt (hope i've described that enuf for you to know what i mean), and stopping on the line ....

multi(0)disk(0)rdisk(0)partition(2)\windows\system32\DRIVERS\agp440.sys

although when I left it for long enough, did proceed to start in safe. It was difficult to know whether everything was ok at this point, I'm assuming that anything not required would not load, therefore, no icons were in my system tray. Looked into Device Manager, and expanded everything, nothing had any red x or exlamation mark next to it. Restarted in Normal, and there is the problem of missing icon's etc. at this point, I know a restore will bring them up.

Off to have a look at the link you've provided now.

As far as viruses or spyware, I did have some assistance from (another site) in checking everything was clean, and my HJT log and ewido logs all suggested I was clean, however, obviously, i'm more than happy to run anything again, just in case something was missed.

any further help would be appreciated.

Thanks

 

Thanks for that Kaula, re-formatting is in my mind at the moment, although my recovery disks are full of HP stuff too (you know how they load everything on) and also pre SP1, so I'd like to avoid that if I can. Have considered buying a new set of WinXP to load, but am worried about 2 things (showing what a novice I am), will I get all the necessary drivers for my system, and, if the problem turns out to be hardware, i've wasted money (I know it's not a fortune, but my income is strictly limited).

If I was getting a particular error code, I'd google too, but something like this just doesn't seem to Google well

 

Flooz,
Try running a system utility, like Nortons or Ontrack.It'll check system files, the registry, etc for problems.Defrag the hard drive. Run Chkdsk to look for hdd problems. Enable boot logging (hit F8 at boot up and select it). This will record everything that happens during boot up so you can see what problems are occuring. The finished log file is Ntbtlog.txt. Just use a text editor and open it (it'll be somewhere in the Windows folder. You can do a search to find exactly where its at...can't remember). Also, you can enable Dr Watson which is a Microsoft diagnostic tool. Go to C:\Windows\System32 and look for Drwtsn.exe. The finished log with the results will be Drwatson.log.

I just think its a severely fragmented hard drive or another hard drive problem.

Good Luck

 

Thanks for all the replies, I've done the following:-

Ran chkdisk, no problems.
Defrag - have already done this, system advised it didn't need it, but i did it anyway.
Enabled Boot logging, checked the log after normal boot, the log is showing plenty of drivers not loaded, a very long list it was, but in honesty, I don't know if there is anything there I need or not. Stupidly didn't rename it, so i'm assuming the boot log after restoring would overwrite the original, still showing many drivers not loading, but can't see anything other than that.
Yes, this is an exclusive problem (is that the right expression), in that it is EVERY time I start up normally, and I will always have to restore, I normally just pick the previous day, rather than go back weeks.
The problem has been around for some while - i.e. months, and i've been trying to sort it since then. At the time the only thing I can recall that was installed (stupidly) was smiley central, but this has since been removed, and i ran it for some time with no problems. I had assistance from another forum with removing malware, in particular the left overs from smiley central, but it hasn't solved this issue. I'll post another HJT log in a separate post.
My AVG is up to date, i also run winpatrol and microsoft antispyware. I've run the trend micro on line scanners too.
I've got spybot search and destroy, ad aware, a2, as well, although don't run them as 'real time', mainly because i've learnt to understand winptrol and microsoft anti spyware.
Finally (i think, i'm struggling to remember all the points mentioned now), the restore: after 'cleansing' the pc, restore was disabled, then re-enabled, so i could not re-infect my self with anything (?), to start with, i used to restore back to the known 'clean' point, now i just restore to previous day, and it always works fine after restore.
Hope this helps.....
Now i'll run HJT and post again....

 

Logfile of HijackThis v1.99.1
Scan saved at 20:27:43, on 05/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
C:\WINDOWS\LOGI_MWX.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.karoo.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://www.karoo.co.uk
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.karoo.co.uk/
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot -

Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} -

C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program

files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program

files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] C:\Program Files\Thomson\SpeedTouch

USB\Dragdiag.exe /icon
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [gcasServ] C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft

Works\WkDetect.exe
O8 - Extra context menu item: &Google Search - res://c:\program

files\google\googletoolbar3.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program

files\google\googletoolbar3.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program

files\google\googletoolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program

files\google\googletoolbar3.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program

files\google\googletoolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program

files\google\googletoolbar3.dll/cmtrans.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} -

%windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 -

{85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.karoo.co.uk
O16 - DPF: PCPitstop-Tracks-Checker - http://www.pcpitstop.com/privacy/PCPTracks.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -

http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) -

http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -

http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class)

- http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) -

http://fdl.msn.com/public/chat/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{95862136-89CB-4E6D-9B4A-EBE2F5B9CD0F}: NameServer

= 212.50.160.100 213.249.130.100
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Belkin 54g Wireless USB Network Adapter (Belkin 54g Wireless USB Network

Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network

Utility\WLService.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION -

C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation -

C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation -

C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

Incidentally, the Sony stuff, I thought i'd got rid of, because i believe it relates to software my step son put on to use with his MP3 player, funny that it's showing.....

 

hmmm, tried here to post image of processes, but when I click on the insert image box, I only get 'explorer user prompt', and i've no idea what i need to do to insert the image :-s

By the way, I forgot to be polite, and thank you again for your continued assistance

Oh, and I didn't notice anyone not being very helpful, did you??

 

Apologies again, I forgot to report on Dr Watson, i've got drwatson.exe and drwtsn32.exe, drwatson.exe says no faults to report, but the drwtsn32. i didn't understand too well i've a drwatson.log, but it only tells me "
Start Dr. Watson 1.00b - Thu Oct 6 18:34:12 2005"