Re: Odd Behavior on Bootup
- From: "Wesley Vogel" <123WVogel955@xxxxxxxxxxx>
- Date: Fri, 19 Jan 2007 19:31:16 -0700
Beats the heck out of me, Steve.
net1.exe, C:\WINDOWS\$NtServicePackUninstall$, 113 KBProbably added by SP2.
NET1.EXE-029B9DB4.pf , C:\WINDOWS\Prefetch, 16 KBMeans that NET1.EXE has run at least once on your machine. This is called a
prefetch file and makes NET1.EXE load faster.
net1.exe, C:\WINDOWS\system32, 122 KBNormal
net1.exe, C:\WINDOWS\ServicePackFiles\i386, 122 KBAdded by SP1 or SP2 and used in lieu of dllcache for Windows File
Protection.
net1.exe, C:\WINDOWS\system32\dllcache, 122 KBNormal. Used for Windows File Protection.
wmiprvse.exe, C:\WINDOWS\$NtServicePackUninstall$, 199 KBProbably added by SP2.
WMIPRVSE.EXE-029B9DB4.pf , C:\WINDOWS\Prefetch, 45 KBMeans that WMIPRVSE.EXE has run at least once on your machine. This is
called a prefetch file and makes WMIPRVSE.EXE load faster.
C:\WINDOWS\ServicePackFiles\i386, 213 KBAdded by SP1 or SP2 and used in lieu of dllcache for Windows File
Protection.
C:\WINDOWS\system32\dllcache, 213 KBNormal. Used for Windows File Protection.
C:\WINDOWS\system32\wbem, 213 KBNormal.
The ServicePackFiles folder only exists if you have upgraded to XP SP1 or XP
SP2 and they were not included in the original install and the SP1 or SP2
upgrade was done by downloading it from Microsoft. If the Service Pack is
installed by means of a CD-ROM or a distribution share, the ServicePackFiles
folder is not created. Same for slipstreaming a Service Pack.
%windir%\ServicePackFiles\i386 is used instead of %windir%\system32\dllcache
for Windows File Protection.
%windir%\ServicePackFiles\i386 contains the most recently updated service
pack files.
%windir%\ServicePackFiles\i386 folder exists if the following conditions are
true:
* You installed Windows XP SP2 from a Windows XP SP2 CD that included SP2 as
part of the base installation.
* You downloaded and installed Windows XP SP2 from the Microsoft Web site.
* Windows XP SP2 was included with the computer.
from...
http://support.microsoft.com/kb/916261
$NtServicePackUninstall$
Windows XP is really Windows NT 5.1, hence the NT part.
Service Pack
Definition: A service pack is a tested, cumulative set of all hotfixes,
security updates, critical updates, and updates. Service packs may also
contain additional fixes for problems that are found internally since the
release of the product and a limited number of customer-requested design
changes or features.
$NtServicePackUninstall$ folders are created for uninstalling Windows
Service Packs.
SP1 or SP2 are Service Pack 1 and Service Pack 2.
--
Hope this helps. Let us know.
Wes
MS-MVP Windows Shell/User
In news:86AE400A-8F71-4169-8BEA-F5A4619DCAF9@xxxxxxxxxxxxx,
Steve R <SteveR@xxxxxxxxxxxxxxxxxxxxxxxxx> hunted and pecked:
Wes,http://www.bleepingcomputer.com/startups/regsvr32.exe_ctasio.dll-4482.html
These are the locations of the net1.exe and wmiprvse.exe files.
Steve
"Wesley Vogel" wrote:
Hi Steve,
I see that it shows net1.exe starting at boot. Not good.
net1.exe should only exist in these folders...
C:\WINDOWS\system32
C:\WINDOWS\system32\dllcache
and/or
C:\WINDOWS\ServicePackFiles\i386
Wmiprvse.exe should only exist in these folders...
C:\WINDOWS\system32\wbem
C:\WINDOWS\system32\dllcache
and/or
C:\WINDOWS\ServicePackFiles\i386
Do a Search on your machine for net1.exe and Wmiprvse.exe....
To search for hidden or system files in Windows XP:
1. Click Start, click Search, click All files and folders and then click
More advanced options.
2. Click to select the Search system folders and Search hidden files and
folders check boxes.
Post back with were you see net1.exe and Wmiprvse.exe located on your
machine. You can right click the found items, click Properties,
highlight the path from the General tab listed on Location, right click
that, select Copy and paste the path into a message.
services.exe & svchost.exe
At startup, Svchost.exe checks the services portion of the registry to
construct a list of services that it needs to load. The Services Control
Manager (services.exe) is responsible for starting, stopping and
interacting with system services.
mdnsresponder.exe is a process associated with "Bonjour for Windows"
software. It is used by ITunes for music sharing. This is a non-essential
process. Disabling or enabling it is down to user preference.
imapi.exe is the IMAPI CD-Burning COM Service, needed when you want to
burn CDs with XP's CD burner. Not needed if you have a 3rd party CD
burner program like Nero, etc.
Wmiprvse.exe
Windows Management Instrumentation (WMI).
see this...
http://www.neuber.com/taskmanager/process/wmiprvse.exe.html
"javaw.exe" belongs to Java from Sun Microsystems, Inc.
Can also be added by a worm...
Name Java Virtual Machine
Command javaw.exe
Status X
Description Added by a variant of the WIN32.RBOT WORM!
http://www.castlecops.com/s10964-javaw_exe.html
--
Hope this helps. Let us know.
Wes
MS-MVP Windows Shell/User
In news:26BBAF82-9759-485F-AC7B-63BDACB486F3@xxxxxxxxxxxxx,
Steve R <SteveR@xxxxxxxxxxxxxxxxxxxxxxxxx> hunted and pecked:
Hi, Wes,
I got rid of most of the items you suggested and, according to BootLog
XP, the system load time dropped from 208 seconds to 187 seconds. The
initial long-lasting net.exe command prompt as well as the second
short-term net.exe command prompt and the ipconfig.exe command prompt
remain.
I don't know if it helps, but BootLog XP shows the following selected
long boot times:
services.exe, 95 sec.
Two instances of svchost.exe at 97 and 115 seconds.
vsmon.exe, 140 sec.
explorer.exe, 147 sec.
mDNSResponder.exe, 92 sec.
imapi.exe, 106 sec.
net1.exe, 89 sec.
wmiprvse.exe, 96 sec.
javaw.exe, 35 sec.
The others are of much shorter duration.
Steve
"Wesley Vogel" wrote:
Man, Steve, you have some crap loading! I did not find anything
obvious that would start net.exe and ipconfig.exe. But I made
comments anyway. ;-)
AsioReg regsvr32.exe /s ctasio.dll
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ctasio.dll is a module belonging to ASIO (Audio Stream In/Out) drivers
for the SoundBlaster Audigy audio hardware.
regsvr32.exe /s ctasio.dll looks suspicious as hell, but...
See this.
http://www.microsoft.com/downloads/details.aspx?familyid=3D0BA152-5D92-4772-A2FD-5AB35C750685&displaylang=enNormally the Regsvr32 tool (Regsvr32.exe) is used to register and
unregister object linking and embedding (OLE) controls such as
dynamic-link library (DLL) or ActiveX Controls (OCX) files that are
self-registerable. That is ..dll, .ocx and .cpl files. The
regsvr32.exe /s switch is for: Silent; display no message boxes.
CTDVDDet c:\program files\creative\sbaudigy2\dvdaudio\ctdvddet.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Creative Soundblaster crap, see...
http://www.bleepingcomputer.com/startups/CTDVDDet.exe-1119.html
CTHelper cthelper.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Creative Soundblaster crap, see...
http://www.bleepingcomputer.com/startups/CTHELPER.EXE-6637.html
CTSysVol c:\program files\creative\sbaudigy2\surround
mixer\ctsysvol.exe HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Creative Volume Manager Creative Soundblaster crap, see...
http://www.castlecops.com/s804-CTsysVol.html
EPSON Stylus CX6400
c:\windows\system32\spool\drivers\w32x86\3\e_s4i2l1.exe /p19 "epson
stylus cx6400" /o6 "usb001" /m "stylus cx6400"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
e_s4i2l1.exe is a process which belongs to the EPSON Status Monitor 3
which is installed alongside your EPSON printer and offers additional
diagnostic and maintenance functions. This program is a non-essential
process
EPSON Stylus CX7700
Series c:\windows\system32\spool\drivers\w32x86\3\e_fatiafl.exe /p26
"epson stylus cx7700 series" /m "stylus cx7700" /ef
HKU\S-1-5-21-606747145-515967899-839522115-1004\SOFTWARE\
Microsoft\Windows\CurrentVersion\Run
More crap from EPSON.
EPSON Stylus CX7700
Series c:\windows\system32\spool\drivers\w32x86\3\e_fatiafl.exe /p26
"epson stylus cx7700 series" /o6 "usb003" /m "stylus cx7700"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
More crap from EPSON.
FreeRAM XP "c:\program files\yourware solutions\freeram xp pro\freeram
xp pro.exe" -win
HKU\S-1-5-21-606747145-515967899-839522115-1004\SOFTWARE\
Microsoft\Windows\CurrentVersion\Run
UNINSTALL this POS, you do not need it! XP handles RAM on its own!
Google Desktop Search "c:\program files\google\google desktop
search\googledesktop.exe" /startup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Crap from Google, see...
http://www.bleepingcomputer.com/startups/GoogleDesktop.exe-1864.html
Ink Monitor c:\program files\epson\ink monitor\inkmonitor.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
More crap from EPSON, see...
http://www.bleepingcomputer.com/startups/InkMonitor.exe-2202.html
IntelliPoint "c:\program files\microsoft intellipoint\ipoint.exe"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Crap from Microsoft.
ipoint.exe is a process installed alongside a Microsoft IntelliMouse
and provides additional configuration options for these devices.
LifeSaverXP Backup c:\progra~1\lifesa~1\lifesa~1.exe /b /d30
All Users Common Startup =
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
lifesa~1.exe looks suspicious to me, a Google search turns up nothing.
If you downloaded and installed LifeSaverXP Backup on purpose it may be
all right, otherwise I would uninstall it.
If c:\progra~1\lifesa~1\lifesa~1.exe is really...
C:\Program Files\LifeSaverXP\LifeSaverXP.exe
it may be all right.
It sure looks suspicious to me.
NvCplDaemon rundll32.exe c:\windows\system32\nvcpl.dll,nvstartup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
I would delete this Run referrence. In fact, I have on my machine.
NvCpl.dll = NVIDIA Display Properties Extension
NvMediaCenter rundll32.exe
c:\windows\system32\nvmctray.dll,nvtaskbarinit
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
I would delete this Run referrence. In fact, I have on my machine.
NvMediaCenter
[[RunDLL32.exe NvMCTray.dll, NvTaskbarInit System Tray icon used to
manage settings for nVidia based graphics cards. May be required for
some 3D applications to recognize your card correctly - such as the
game "Everquest". Otherwise, settings can be changed manually via
Display Properties]]
Rainlendar2 c:\program files\rainlendar2\rainlendar2.exe
HKU\S-1-5-21-606747145-515967899-839522115-1004\
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
rainlendar2.exe MAY have something to do with a Desktop Calendar.
http://www.rainlendar.net/cms/index.php
SBDrvDet c:\program files\creative\sb drive det\sbdrvdet.exe /r
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Crap from Creative SoundBlaster.
sbdrvdet.exe is a process associated with the Creative SoundBlaster
Drivers. This process should not be removed to ensure that your sound
card drivers are working.
Also see...
http://www.bleepingcomputer.com/startups/sbdrvdet.exe-10070.html
Skype "c:\program files\skype\phone\skype.exe" /nosplash
/minimized STEVEN\Steve
HKU\S-1-5-21-606747145-515967899-839522115-1004\SOFTWARE\
Microsoft\Windows\CurrentVersion\Run
skype.exe is a process belonging to the Skype Internet Telephoney
suite, which is used for computer-to-telephone based communications
SkypeMate skypemate.lnk STEVEN\Steve Startup
STEVEN\Steve Startup =
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
SkypeMate is the software driver that allows USB phones manufactured by
Yealink to work with Skype. It must be installed on your computer for
your phone's keypad, display, and other features to function with
Skype.
Zone Labs Client "c:\program files\zone labs\zonealarm\zlclient.exe"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
This is the ZoneAlarm firewall.
avast! c:\progra~1\alwils~1\avast4\ashdisp.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ashdisp.exe is a process belonging to Avast Internet security suite.
This utility forms an important part of your computers protection
against Internet-bound viruses and worms
ctfmon.exe c:\windows\system32\ctfmon.exe STEVEN\Steve
HKU\S-1-5-21-606747145-515967899-839522115-1004\SOFTWARE
\Microsoft\Windows\CurrentVersion\Run
See...
Can I Remove the Ctfmon.exe File?
here...
Frequently asked questions about Ctfmon.exe
http://support.microsoft.com/kb/282599
itype "c:\program files\microsoft intellitype pro\itype.exe"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
itype.exe is a process belonging to Microsoft Intellitype Pro keyboard
software. Disabling or enabling it is down to user preference.
Related to Microsoft_IntelliType_Pro MS Keyboard Software.
HKU\S-1-5-21-606747145-515967899-839522115-1004\SOFTWARE\Microsoft\Windows\C
nwiz nwiz.exe /install
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
I would delete this Run referrence. In fact, I have on my machine.
nwiz.exe = NVIDIA nView Wizard
[[Application enables user to having 32 virtual desktops, get a desktop
larger than the viewable area of the monitor, being able to divide the
display across more than one monitor, managing applications and many
more functionality.]]
--
Hope this helps. Let us know.
Wes
MS-MVP Windows Shell/User
In news:D3A2AE35-9DC3-4F36-8B46-1D24836A2822@xxxxxxxxxxxxx,
Steve R <SteveR@xxxxxxxxxxxxxxxxxxxxxxxxx> hunted and pecked:
Thanks, Wes,
We have two desktops and a laptop linked to the Internet through a
Linksys WRT54G wireless router but not networked with each other.
Net.exe and ipconfig.exe do not appear in System Info-Startup
Programs, the
text of which follows.
AsioReg regsvr32.exe /s ctasio.dll All
Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
CTDVDDet c:\program files\creative\sbaudigy2\dvdaudio\ctdvddet.exe All
Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
CTHelper cthelper.exe All
Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
CTSysVol c:\program files\creative\sbaudigy2\surround
mixer\ctsysvol.exe All
Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
EPSON Stylus CX6400
c:\windows\system32\spool\drivers\w32x86\3\e_s4i2l1.exe /p19 "epson
stylus cx6400" /o6 "usb001" /m "stylus cx6400" All
Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
EPSON Stylus CX7700
Series c:\windows\system32\spool\drivers\w32x86\3\e_fatiafl.exe /p26
"epson
stylus cx7700 series" /m "stylus cx7700" /ef
"hkcu" STEVEN\Steve
urrentVersion\Run
.
- References:
- Re: Odd Behavior on Bootup
- From: Wesley Vogel
- Re: Odd Behavior on Bootup
- From: Steve R
- Re: Odd Behavior on Bootup
- From: Wesley Vogel
- Re: Odd Behavior on Bootup
- From: Steve R
- Re: Odd Behavior on Bootup
- From: Wesley Vogel
- Re: Odd Behavior on Bootup
- From: Steve R
- Re: Odd Behavior on Bootup
- From: Wesley Vogel
- Re: Odd Behavior on Bootup
- From: Steve R
- Re: Odd Behavior on Bootup
- Prev by Date: Re: 2 windows XP OS's
- Next by Date: Asking for Windows password when turning on computer
- Previous by thread: Re: Odd Behavior on Bootup
- Next by thread: Re: virtual memory management??
- Index(es):
Relevant Pages
|
