1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved XP SP3 Boot Issue

Discussion in 'Malware and Virus Removal Archive' started by Boomer53, 2009/02/07.

  1. 2009/02/07
    Boomer53

    Boomer53 Inactive Thread Starter

    Joined:
    2009/02/07
    Messages:
    6
    Likes Received:
    0
    [Resolved] XP SP3 Boot Issue

    Hi - for the last 2 weeks, I've been experiencing a slow boot problem. XP brings up my desktop in the normal time (about 1.5 min), but then nothing will respond for as long as 15 min. I ran Bootvis, and had one instance of fltmgr.exe running on for several minutes, but nothing else. Further iterations looked normal. I am also seeing numerous errors in the System section of event viewer indicating services that failed to start due to timeout. Here's a chkdsk log I just ran:

    Checking file system on C:
    The type of the file system is NTFS.
    Cleaning up 30 unused index entries from index $SII of file 0x9.
    Cleaning up 30 unused index entries from index $SDH of file 0x9.
    Cleaning up 30 unused security descriptors.
    CHKDSK is verifying file data (stage 4 of 5)...
    File data verification completed.
    CHKDSK is verifying free space (stage 5 of 5)...
    Free space verification is complete.

    73184107 KB total disk space.
    57667692 KB in 82945 files.
    60004 KB in 8131 indexes.
    0 KB in bad sectors.
    215047 KB in use by the system.
    65536 KB occupied by the log file.
    15241364 KB available on disk.

    4096 bytes in each allocation unit.

    I run BitDefender, but uninstalled it to run a dds log (below), then reinstalled:

    DDS (Ver_09-02-01.01) - NTFSx86
    Run by Bruce at 10:17:44.37 on Sat 02/07/2009
    Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.642 [GMT -5:00]

    FW: ZoneAlarm Firewall *enabled*

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\PRISMSVR.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    C:\WINDOWS\system32\tcpsvcs.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\UPHClean\uphclean.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Bruce\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.yahoo.com/
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Settings,ProxyOverride = localhost;*.local
    uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
    mSearchAssistant = hxxp://www.google.com/ie
    BHO: IE7Pro BHO: {00011268-e188-40df-a514-835fcd78b1bf} - c:\program files\iepro\iepro.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: {53707962-6F74-2D53-2644-206D7942484F} - No File
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
    TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
    EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    mRun: [SigmatelSysTrayApp] stsystra.exe
    mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
    mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
    mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe "
    dRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
    IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim95\aim.exe
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {000002a3-84fe-43f1-b958-f2c3ca804f1a} - {CD275D4E-791A-4993-9D4D-6A071EDD2709} - c:\program files\iepro\iepro.dll
    IE: {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - {B119EB0C-C021-46CF-85B0-34A760E0D5FE} - c:\program files\iepro\iepro.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F}
    Trusted Zone: turbotax.com
    DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?LinkID=39204
    DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
    DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www1.snapfish.com/SnapfishActivia.cab
    DPF: {4B48D5DF-9021-45F7-A240-60304302A215} - hxxp://download.microsoft.com/download/5/c/2/5c2fc4b7-3875-4eec-946b-ffe15472cabc/WebCleaner.cab
    DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1141256049578
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
    DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} - hxxp://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab
    DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
    DPF: {E856B973-45FD-4559-8F82-EAB539144667} - hxxp://pccheckup.dellfix.com/rel/41/install/gtdownde.cab
    TCP: {06E66957-57A9-45B2-9C07-97EAE9ABB59F} = 208.67.222.222,208.67.220.220
    Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    LSA: Notification Packages = scecli scecli scecli scecli

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\bruce\applic~1\mozilla\firefox\profiles\q62si4j5.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
    FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
    FF - component: c:\program files\mozilla firefox\components\FFComm.dll
    FF - plugin: c:\program files\picasa2\npPicasa2.dll

    ============= SERVICES / DRIVERS ===============

    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-9-3 8944]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-9-3 55024]
    R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2006-2-11 353680]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-7-30 206096]
    R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
    S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\10.tmp --> c:\windows\system32\10.tmp [?]
    S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-9-3 7408]
    S4 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
    S4 PRISMSVC;PRISMSVC;c:\windows\system32\PRISMSVC.exe [2006-2-7 57344]
    S4 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-10-5 13592]

    =============== Created Last 30 ================

    2009-01-31 20:39 <DIR> --d----- C:\560878c86d024a85bce451ec7f9e11
    2009-01-31 20:38 <DIR> --d----- c:\windows\SxsCaPendDel
    2009-01-31 16:16 713,426,382 a------- c:\documents and settings\bruce\TRACE_BOOT+DRIVERS_1_1.BIN
    2009-01-31 13:31 142,096 a------- c:\windows\system32\drivers\tmcomm.sys
    2009-01-31 10:44 5,760 -------- c:\windows\system32\1.tmp
    2009-01-31 10:44 <DIR> --d----- c:\program files\Sophos
    2009-01-30 18:34 <DIR> --d----- c:\program files\ACW

    ==================== Find3M ====================

    2009-02-07 10:09 81,984 a------- c:\windows\system32\bdod.bin
    2008-12-21 08:38 410,984 a------- c:\windows\system32\deploytk.dll
    2008-12-13 01:40 3,593,216 a------- c:\windows\system32\dllcache\mshtml.dll
    2008-12-12 11:18 87,336 a------- c:\windows\system32\dns-sd.exe
    2008-12-12 11:11 61,440 a------- c:\windows\system32\dnssd.dll
    2008-12-11 05:57 333,952 a------- c:\windows\system32\drivers\srv.sys
    2008-12-11 05:57 333,952 -------- c:\windows\system32\dllcache\srv.sys
    2008-12-04 18:37 4,212 a---h--- c:\windows\system32\zllictbl.dat
    2008-11-13 15:18 1,221,008 a------- c:\windows\system32\zpeng25.dll
    2006-03-19 17:39 251 a------- c:\program files\wt3d.ini
    2006-02-12 11:20 368 a------- c:\program files\Shortcut to DREAMQUEST on MAIN (Ci761155-a).lnk
    2002-11-18 06:26 61,440 a------- c:\windows\inf\i386\onetUSD.dll
    2002-10-24 08:29 36,864 a------- c:\windows\inf\i386\Vizmicro.dll
    2002-10-24 08:28 172,032 a------- c:\windows\inf\i386\viceo.dll
    2002-10-24 08:02 225,280 a------- c:\windows\inf\i386\rtscan.dll
    2001-08-03 18:29 13,824 a------- c:\windows\inf\i386\Usbscan.sys
    2006-02-14 11:57 104 a--shr-- c:\windows\system32\6AA71A957D.sys
    2008-05-17 16:56 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008051720080518\index.dat

    ============= FINISH: 10:18:43.81 ===============

    Probably plenty of other options, but it's now time for some expert advice. Any thoughts?

    THX
     
  2. 2009/02/07
    Evan Omo

    Evan Omo Computer Support Technician Staff

    Joined:
    2006/09/10
    Messages:
    7,919
    Likes Received:
    511
    Hi Boomer53. Welcome to Windowsbbs! :)

    I do not know how to read the DDS log you posted. I will let other more knowledgeable members read and analyze it. In the meantime however try following the instructions below to make your computer faster.

    Follow these steps:

    1. Click Start< Control Panel< Add/Remove Programs and uninstall any programs that you dont use.
    2. While in the add/remove programs window click the button that says add/remove windows components and uncheck the checkboxes next to Indexing Service, MSN Explorer, Windows Messenger and click ok when you are done.
    3. Click Start< Run and type services.msc and press ok. The Services window will open. Highlight the following services, click properties and under startup type click disabled and hit ok. Do this ONLY for each service that I list below:
    Distributed Link Tracking Client
    Distributed Transaction Coordinator
    Health Key and Certificate Management Service
    Indexing Service
    Net Logon
    NetMeeting Remote Desktop Sharing
    QoS RSVP
    Remote Desktop Help Session Manager
    Remote Registry
    Smart Card
    Telnet
    Windows Media Player Network Sharing Service
    WMI Performance Adapter

    4. Download and run ATF Cleaner and select all the checkboxes in the program then hit the empty selected button, http://majorgeeks.com/ATF_Cleaner_d4949.html.
    5. Run Disk Cleanup, Start< All Programs< Accessories< Sytstem Tools< Disk Cleanup. When its done calculating how much free space you can save make sure you check all the checkboxes except for compress old files.
    6. Download and run Auslogics Disk Defrag from here, http://auslogics.com/en/software/disk-defrag/download.
    7. Download and run Auslogics Registry defrag from here, http://auslogics.com/en/software/registry-defrag/download.
    8. Click Start< Right Click My Computer and click Properties. Click the advanced tab< Under performance hit settings< click advanced again and under virtual memory click change< Make sure your harddrive is selected and select the option that says system managed size and click the set button. Now Click ok on all the windows to close them out and reboot the computer.
    9. Make sure you have all the latest Windows Updates installed including Windows XP Service Pack 3, Internet Explorer 7 and Windows Media Player 11.

    Note: In step number 3, before you disable any windows service could you let me know if you do any file, media, or printer sharing? Is the computer used in a work environment? If you use file/media sharing and the computer is used in a work environment and not connected to a home network then do NOT disable those services. If you use the computer only at home and don't use file sharing then you can safely disable those services.

    Let me know if your computer is faster after performing the above steps. :cool:
     
    Last edited: 2009/02/07

  3. to hide this advert.

  4. 2009/02/08
    Arie

    Arie Administrator Administrator Staff

    Joined:
    2001/12/27
    Messages:
    15,174
    Likes Received:
    412
    I have said this before: There is NO need to disable these services.

    Distributed Link Tracking Client - would save you a whopping 3.5MB RAM... woohoo!

    Remote Registry - That one could be recommended to be set to disabled on a Home Users machine.


    Telnet - Disabled by default


    These are all set to be started Manually, so are not started by default; no need to disable.

    Distributed Transaction Coordinator
    Health Key and Certificate Management Service
    Indexing Service
    Net Logon
    NetMeeting Remote Desktop Sharing
    QoS RSVP
    Remote Desktop Help Session Manager
    Smart Card
    WMI Performance Adapter
     
    Arie,
    #3
  5. 2009/02/08
    Boomer53

    Boomer53 Inactive Thread Starter

    Joined:
    2009/02/07
    Messages:
    6
    Likes Received:
    0
    Thanks for the quick reply.
    Here's what I've done on your suggestions:

    1) I had already cleaned out all "garbage" programs (I'm kind of particular that way).
    2) I removed Indexing Service, MSN Explorer, and Windows Messenger when I got this machine a few years ago, so no action needed there.
    3) Almost all the services listed are either disabled or set to manual
    4) I run CCleaner fairly regularly - last time was when I noticed the boot time issue a few weeks ago, but I ran it again just to be sure. Not much to clean up... just about 65mb. of temporary internet files.
    5) I ran Disc Cleanup right before I ran CCleaner a few weeks ago, but ran it again just now. CCleaner had already taken care of business.
    6) I ran the Windows disc defrag tool - only moderate defragmentation needed.
    7) Ran the Auslogics Registry defrag - only 2.7% savings.
    8) I changed the virtual memory setting to "system managed ".
    9) Updates are all current, and latest IE7, Media Player 11 are installed.

    This is a home computer. I'm running a Netgear WPN824 v2 wireless router along with a Dell Inspiron laptop.

    Bottom line: When I rebooted, the desktop came up in the usual 1.5 minutes or so, but I got no response from anything for 18 minutes. Previously, I'd get normal responses from everything about 30 seconds after the desktop appeared. I'm stumped. I've scanned for rootkits with BitDefender (both from my desktop copy and the online version), and have also run Panda and Sophos online tools - both come up empty, so I'm moderately confident I don't have an infection. Just in case, here's a current HijackThis log from yesterday:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:21:12 AM, on 2/7/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\PRISMSVR.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    C:\WINDOWS\system32\tcpsvcs.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\UPHClean\uphclean.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Down\HijackThis\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
    O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe "
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
    O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
    O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
    O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
    O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1141256049578
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
    O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/41/install/gtdownde.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{06E66957-57A9-45B2-9C07-97EAE9ABB59F}: NameServer = 208.67.222.222,208.67.220.220
    O17 - HKLM\System\CS1\Services\Tcpip\..\{06E66957-57A9-45B2-9C07-97EAE9ABB59F}: NameServer = 208.67.222.222,208.67.220.220
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    --
    End of file - 8756 bytes
     
  6. 2009/02/10
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Hi Boomer53,

    I'd like to eliminate the most suspect of causes first. See if this causes a normal logon for you. Open the Zone Alarm security center and on the Overview>Preferences tab deselect 'Load ZA when windows starts'. Reboot.

    Note: This will change the True Vector Internet Monitor service startup type to manual as well as prevent the zlclient from running at startup. Start True Vector via services console (click Start>Run and type services.msc then hit enter), then zlclient via All Programs>Zone Labs
     
  7. 2009/02/10
    Boomer53

    Boomer53 Inactive Thread Starter

    Joined:
    2009/02/07
    Messages:
    6
    Likes Received:
    0
    Hi Noahdfear:

    Jackpot - As before, my desktop came up in less than 1.5 min, but this time I was able to open applications quickly only 1 minute later. Looks like the True Vector service is the culprit. Any thoughts on how to get around this and still load Zone Alarm at boot? Maybe change the order in which it loads?

    Thanks very much for the suggestion - Zone Alarm would never have gotten onto my suspect list.
     
  8. 2009/02/10
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Glad we hit a jackpot on the first attempt rather than the 20th :p

    There may well be a workaround to the problem, as I've dealt with it before. First I'd like you to refer to the links below for a bit of insight into the problem and possible cure. DO NOT act on anything just yet!

    http://www.windowsbbs.com/windows-xp/69658-long-pause-boot-8.html#post378161

    http://www.windowsbbs.com/windows-xp/69658-long-pause-boot-8.html#post378243

    Since that topic, I've written a tool that will gather the required information as opposed to getting registry exports. Download driver_service_info and run it.
    Press S then Enter for a Services report.
    Press B then Enter for both Active and Inactive Services.
    When prompted, press Y then Enter to gather ServiceGroup and LoadOrderGroup info.
    Copy the contents of the log that opens and paste it in a reply here.


    The log may be too large to fit in one post, requiring you to split it into 2.

    Questions - are you comfortable with editing the registry?
    What version of ZA do you have installed?
     
  9. 2009/02/11
    Boomer53

    Boomer53 Inactive Thread Starter

    Joined:
    2009/02/07
    Messages:
    6
    Likes Received:
    0
    Noahdfear:

    Here's the output from your tool...
    ~~~ Service Information report ~~~

    Microsoft Windows XP Professional
    Service Pack 3
    5.1.2600

    2/11/2009 6:22:12 PM


    ~~~Running Processes~~~

    System Idle Process
    PID: 0
    Path:
    Parent PID: 0

    System
    PID: 4
    Path:
    Parent PID: 0

    smss.exe
    PID: 656
    Path: C:\WINDOWS\System32\smss.exe
    Parent PID: 4

    csrss.exe
    PID: 704
    Path:
    Parent PID: 656

    winlogon.exe
    PID: 732
    Path: C:\WINDOWS\system32\winlogon.exe
    Parent PID: 656

    services.exe
    PID: 776
    Path: C:\WINDOWS\system32\services.exe
    Parent PID: 732

    lsass.exe
    PID: 788
    Path: C:\WINDOWS\system32\lsass.exe
    Parent PID: 732

    svchost.exe
    PID: 956
    Path: C:\WINDOWS\system32\svchost.exe
    Parent PID: 776

    svchost.exe
    PID: 1032
    Path:
    Parent PID: 776

    livesrv.exe
    PID: 1120
    Path: C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
    Parent PID: 776

    vsserv.exe
    PID: 1152
    Path: C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
    Parent PID: 776

    svchost.exe
    PID: 1252
    Path: C:\WINDOWS\System32\svchost.exe
    Parent PID: 776

    svchost.exe
    PID: 1348
    Path:
    Parent PID: 776

    svchost.exe
    PID: 1448
    Path:
    Parent PID: 776

    spoolsv.exe
    PID: 1620
    Path: C:\WINDOWS\system32\spoolsv.exe
    Parent PID: 776

    explorer.exe
    PID: 1940
    Path: C:\WINDOWS\Explorer.EXE
    Parent PID: 1912

    PRISMSVR.exe
    PID: 1948
    Path: C:\WINDOWS\system32\PRISMSVR.EXE
    Parent PID: 1912

    AppleMobileDeviceService.exe
    PID: 1972
    Path: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    Parent PID: 776

    mDNSResponder.exe
    PID: 2012
    Path: C:\Program Files\Bonjour\mDNSResponder.exe
    Parent PID: 776

    IAANTMon.exe
    PID: 160
    Path: C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    Parent PID: 776

    jqs.exe
    PID: 320
    Path: C:\Program Files\Java\jre6\bin\jqs.exe
    Parent PID: 776

    McSACore.exe
    PID: 424
    Path: C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    Parent PID: 776

    tcpsvcs.exe
    PID: 576
    Path: C:\WINDOWS\system32\tcpsvcs.exe
    Parent PID: 776

    svchost.exe
    PID: 592
    Path: C:\WINDOWS\system32\svchost.exe
    Parent PID: 776

    uphclean.exe
    PID: 400
    Path: C:\Program Files\UPHClean\uphclean.exe
    Parent PID: 776

    stsystra.exe
    PID: 1856
    Path: C:\WINDOWS\stsystra.exe
    Parent PID: 1940

    IAAnotif.exe
    PID: 1872
    Path: C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    Parent PID: 1940

    IntelMEM.exe
    PID: 1892
    Path: C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    Parent PID: 1940

    bdagent.exe
    PID: 2020
    Path: C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
    Parent PID: 1940

    ctfmon.exe
    PID: 2096
    Path: C:\WINDOWS\system32\ctfmon.exe
    Parent PID: 1940

    wmpnscfg.exe
    PID: 2104
    Path: C:\Program Files\Windows Media Player\WMPNSCFG.exe
    Parent PID: 1940

    seccenter.exe
    PID: 2464
    Path: C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
    Parent PID: 2020

    svchost.exe
    PID: 2740
    Path:
    Parent PID: 776

    svchost.exe
    PID: 2992
    Path: C:\WINDOWS\System32\svchost.exe
    Parent PID: 776

    alg.exe
    PID: 3396
    Path:
    Parent PID: 776

    zlclient.exe
    PID: 848
    Path: C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    Parent PID: 1940

    svchost.exe
    PID: 2952
    Path: C:\WINDOWS\System32\svchost.exe
    Parent PID: 776

    svchost.exe
    PID: 2976
    Path: C:\WINDOWS\System32\svchost.exe
    Parent PID: 776

    vsmon.exe
    PID: 3064
    Path: C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    Parent PID: 776

    iPodService.exe
    PID: 672
    Path: C:\Program Files\iPod\bin\iPodService.exe
    Parent PID: 776

    firefox.exe
    PID: 1376
    Path: C:\Program Files\Mozilla Firefox\firefox.exe
    Parent PID: 1940

    OUTLOOK.EXE
    PID: 2260
    Path: C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
    Parent PID: 1940

    driver_service_info.exe
    PID: 2480
    Path: C:\Down\driver_service_info.exe
    Parent PID: 1940

    cmd.exe
    PID: 3228
    Path: C:\WINDOWS\system32\cmd.exe
    Parent PID: 2480

    wmiprvse.exe
    PID: 3896
    Path:
    Parent PID: 956

    cscript.exe
    PID: 3904
    Path: C:\WINDOWS\system32\cscript.exe
    Parent PID: 3228

    findstr.exe
    PID: 3760
    Path: C:\WINDOWS\system32\findstr.exe
    Parent PID: 3228


    ~~~Running Services by PID~~~

    PID: 3396
    Application Layer Gateway Service
    PID: 1972
    Apple Mobile Device
    PID: 1252
    Windows Audio
    Computer Browser
    Cryptographic Services
    DHCP Client
    Logical Disk Manager
    COM+ Event System
    Help and Support
    HID Input Service
    Server
    Workstation
    Network Connections
    Network Location Awareness (NLA)
    Removable Storage
    Task Scheduler
    Secondary Logon
    System Event Notification
    Windows Firewall/Internet Connection Sharing (ICS)
    Shell Hardware Detection
    System Restore Service
    Themes
    Distributed Link Tracking Client
    Windows Time
    Windows Management Instrumentation
    Security Center
    Automatic Updates
    Wireless Zero Configuration
    PID: 2012
    Bonjour Service
    PID: 956
    DCOM Server Process Launcher
    Terminal Services
    PID: 1348
    DNS Client
    PID: 2976
    Wired AutoConfig
    PID: 2952
    Extensible Authentication Protocol Service
    PID: 776
    Event Log
    Plug and Play
    PID: 2992
    HTTP SSL
    PID: 160
    Intel(R) Matrix Storage Event Monitor
    PID: 672
    iPod Service
    PID: 320
    Java Quick Starter
    PID: 1120
    BitDefender Desktop Update Service
    PID: 1448
    TCP/IP NetBIOS Helper
    Universal Plug and Play Device Host
    PID: 424
    McAfee SiteAdvisor Service
    PID: 788
    IPSEC Services
    Protected Storage
    Security Accounts Manager
    PID: 1032
    Remote Procedure Call (RPC)
    PID: 576
    Simple TCP/IP Services
    PID: 1620
    Print Spooler
    PID: 2740
    SSDP Discovery Service
    PID: 592
    Windows Image Acquisition (WIA)
    PID: 400
    User Profile Hive Cleanup
    PID: 3064
    TrueVector Internet Monitor
    PID: 1152
    BitDefender Virus Shield


    ~~~Running Services Configuration~~~

    PID: 3396
    Service: ALG
    Displayed: Application Layer Gateway Service
    Image: C:\WINDOWS\System32\alg.exe
    Start Mode: Manual

    PID: 1972
    Service: Apple Mobile Device
    Displayed: Apple Mobile Device
    Image: "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe "
    Start Mode: Auto

    PID: 1252
    Service: AudioSrv
    Displayed: Windows Audio
    Image: C:\WINDOWS\System32\svchost.exe -k netsvcs
    Start Mode: Auto

    PID: 2012
    Service: Bonjour Service
    Displayed: Bonjour Service
    Image: "C:\Program Files\Bonjour\mDNSResponder.exe "
    Start Mode: Auto

    PID: 1252
    Service: Browser
    Displayed: Computer Browser
    Image: C:\WINDOWS\system32\svchost.exe -k netsvcs
    Start Mode: Auto

    PID: 1252
    Service: CryptSvc
    Displayed: Cryptographic Services
    Image: C:\WINDOWS\system32\svchost.exe -k netsvcs
    Start Mode: Auto

    PID: 956
    Service: DcomLaunch
    Displayed: DCOM Server Process Launcher
    Image: C:\WINDOWS\system32\svchost -k DcomLaunch
    Start Mode: Auto

    PID: 1252
    Service: Dhcp
    Displayed: DHCP Client
    Image: C:\WINDOWS\system32\svchost.exe -k netsvcs
    Start Mode: Auto

    PID: 1252
    Service: dmserver
    Displayed: Logical Disk Manager
    Image: C:\WINDOWS\System32\svchost.exe -k netsvcs
    Start Mode: Auto

    PID: 1348
    Service: Dnscache
    Displayed: DNS Client
    Image: C:\WINDOWS\system32\svchost.exe -k NetworkService
    Start Mode: Auto

    PID: 2976
    Service: Dot3svc
    Displayed: Wired AutoConfig
    Image: C:\WINDOWS\System32\svchost.exe -k dot3svc
    Start Mode: Manual

    PID: 2952
    Service: EapHost
    Displayed: Extensible Authentication Protocol Service
    Image: C:\WINDOWS\System32\svchost.exe -k eapsvcs
    Start Mode: Manual

    PID: 776
    Service: Eventlog
    Displayed: Event Log
    Image: C:\WINDOWS\system32\services.exe
    Start Mode: Auto

    PID: 1252
    Service: EventSystem
    Displayed: COM+ Event System
    Image: C:\WINDOWS\system32\svchost.exe -k netsvcs
    Start Mode: Manual

    PID: 1252
    Service: helpsvc
    Displayed: Help and Support
    Image: C:\WINDOWS\System32\svchost.exe -k netsvcs
    Start Mode: Auto

    PID: 1252
    Service: HidServ
    Displayed: HID Input Service
    Image: C:\WINDOWS\System32\svchost.exe -k netsvcs
    Start Mode: Auto

    PID: 2992
    Service: HTTPFilter
    Displayed: HTTP SSL
    Image: C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    Start Mode: Manual

    PID: 160
    Service: IAANTMon
    Displayed: Intel(R) Matrix Storage Event Monitor
    Image: C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    Start Mode: Auto

    PID: 672
    Service: iPod Service
    Displayed: iPod Service
    Image: "C:\Program Files\iPod\bin\iPodService.exe "
    Start Mode: Manual

    PID: 320
    Service: JavaQuickStarterService
    Displayed: Java Quick Starter
    Image: "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf "
    Start Mode: Auto

    PID: 1252
    Service: lanmanserver
    Displayed: Server
    Image: C:\WINDOWS\system32\svchost.exe -k netsvcs
    Start Mode: Auto

    PID: 1252
    Service: lanmanworkstation
    Displayed: Workstation
    Image: C:\WINDOWS\system32\svchost.exe -k netsvcs
    Start Mode: Auto

    PID: 1120
    Service: LIVESRV
    Displayed: BitDefender Desktop Update Service
    Image: "C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe" /service
    Start Mode: Auto

    PID: 1448
    Service: LmHosts
    Displayed: TCP/IP NetBIOS Helper
    Image: C:\WINDOWS\system32\svchost.exe -k LocalService
    Start Mode: Auto

    PID: 424
    Service: McAfee SiteAdvisor Service
    Displayed: McAfee SiteAdvisor Service
    Image: "C:\Program Files\McAfee\SiteAdvisor\McSACore.exe "
    Start Mode: Auto

    PID: 1252
    Service: Netman
    Displayed: Network Connections
    Image: C:\WINDOWS\System32\svchost.exe -k netsvcs
    Start Mode: Manual

    PID: 1252
    Service: Nla
    Displayed: Network Location Awareness (NLA)
    Image: C:\WINDOWS\system32\svchost.exe -k netsvcs
    Start Mode: Manual

    PID: 1252
    Service: NtmsSvc
    Displayed: Removable Storage
    Image: C:\WINDOWS\system32\svchost.exe -k netsvcs
    Start Mode: Auto

    PID: 776
    Service: PlugPlay
    Displayed: Plug and Play
    Image: C:\WINDOWS\system32\services.exe
    Start Mode: Auto

    PID: 788
    Service: PolicyAgent
    Displayed: IPSEC Services
    Image: C:\WINDOWS\system32\lsass.exe
    Start Mode: Auto

    PID: 788
    Service: ProtectedStorage
    Displayed: Protected Storage
    Image: C:\WINDOWS\system32\lsass.exe
    Start Mode: Auto

    PID: 1032
    Service: RpcSs
    Displayed: Remote Procedure Call (RPC)
    Image: C:\WINDOWS\system32\svchost -k rpcss
    Start Mode: Auto

    PID: 788
    Service: SamSs
    Displayed: Security Accounts Manager
    Image: C:\WINDOWS\system32\lsass.exe
    Start Mode: Auto

    PID: 1252
    Service: Schedule
    Displayed: Task Scheduler
    Image: C:\WINDOWS\System32\svchost.exe -k netsvcs
    Start Mode: Auto

    PID: 1252
    Service: seclogon
    Displayed: Secondary Logon
    Image: C:\WINDOWS\System32\svchost.exe -k netsvcs
    Start Mode: Auto

    PID: 1252
    Service: SENS
    Displayed: System Event Notification
    Image: C:\WINDOWS\system32\svchost.exe -k netsvcs
    Start Mode: Auto

    PID: 1252
    Service: SharedAccess
    Displayed: Windows Firewall/Internet Connection Sharing (ICS)
    Image: C:\WINDOWS\system32\svchost.exe -k netsvcs
    Start Mode: Auto

    PID: 1252
    Service: ShellHWDetection
    Displayed: Shell Hardware Detection
    Image: C:\WINDOWS\System32\svchost.exe -k netsvcs
    Start Mode: Auto

    PID: 576
    Service: SimpTcp
    Displayed: Simple TCP/IP Services
    Image: C:\WINDOWS\system32\tcpsvcs.exe
    Start Mode: Auto

    PID: 1620
    Service: Spooler
    Displayed: Print Spooler
    Image: C:\WINDOWS\system32\spoolsv.exe
    Start Mode: Auto

    PID: 1252
    Service: srservice
    Displayed: System Restore Service
    Image: C:\WINDOWS\system32\svchost.exe -k netsvcs
    Start Mode: Auto

    PID: 2740
    Service: SSDPSRV
    Displayed: SSDP Discovery Service
    Image: C:\WINDOWS\system32\svchost.exe -k LocalService
    Start Mode: Manual

    PID: 592
    Service: stisvc
    Displayed: Windows Image Acquisition (WIA)
    Image: C:\WINDOWS\system32\svchost.exe -k imgsvc
    Start Mode: Auto

    PID: 956
    Service: TermService
    Displayed: Terminal Services
    Image: C:\WINDOWS\System32\svchost -k DComLaunch
    Start Mode: Manual

    PID: 1252
    Service: Themes
    Displayed: Themes
    Image: C:\WINDOWS\System32\svchost.exe -k netsvcs
    Start Mode: Auto

    PID: 1252
    Service: TrkWks
    Displayed: Distributed Link Tracking Client
    Image: C:\WINDOWS\system32\svchost.exe -k netsvcs
    Start Mode: Auto

    PID: 400
    Service: UPHClean
    Displayed: User Profile Hive Cleanup
    Image: C:\Program Files\UPHClean\uphclean.exe
    Start Mode: Auto

    PID: 1448
    Service: upnphost
    Displayed: Universal Plug and Play Device Host
    Image: C:\WINDOWS\system32\svchost.exe -k LocalService
    Start Mode: Manual

    PID: 3064
    Service: vsmon
    Displayed: TrueVector Internet Monitor
    Image: C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service
    Start Mode: Manual

    PID: 1152
    Service: VSSERV
    Displayed: BitDefender Virus Shield
    Image: "C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe" /service
    Start Mode: Auto

    PID: 1252
    Service: w32time
    Displayed: Windows Time
    Image: C:\WINDOWS\system32\svchost.exe -k netsvcs
    Start Mode: Auto

    PID: 1252
    Service: winmgmt
    Displayed: Windows Management Instrumentation
    Image: C:\WINDOWS\system32\svchost.exe -k netsvcs
    Start Mode: Auto

    PID: 1252
    Service: wscsvc
    Displayed: Security Center
    Image: C:\WINDOWS\System32\svchost.exe -k netsvcs
    Start Mode: Auto

    PID: 1252
    Service: wuauserv
    Displayed: Automatic Updates
    Image: C:\WINDOWS\system32\svchost.exe -k netsvcs
    Start Mode: Auto

    PID: 1252
    Service: WZCSVC
    Displayed: Wireless Zero Configuration
    Image: C:\WINDOWS\System32\svchost.exe -k netsvcs
    Start Mode: Auto


    ~~~Inactive Services Configuration~~~

    Service: Alerter
    Displayed: Alerter
    Path: C:\WINDOWS\system32\svchost.exe -k LocalService
    Start Mode: Disabled

    Service: AppMgmt
    Displayed: Application Management
    Path: C:\WINDOWS\system32\svchost.exe -k netsvcs
    Start Mode: Manual

    Service: Arrakis3
    Displayed: BitDefender Arrakis Server
    Path: "C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe "
    Start Mode: Manual

    Service: aspnet_state
    Displayed: ASP.NET State Service
    Path: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
    Start Mode: Manual

    Service: Ati HotKey Poller
    Displayed: Ati HotKey Poller
    Path: C:\WINDOWS\system32\Ati2evxx.exe
    Start Mode: Disabled

    Service: BITS
    Displayed: Background Intelligent Transfer Service
    Path: C:\WINDOWS\system32\svchost.exe -k netsvcs
    Start Mode: Manual

    Service: CiSvc
    Displayed: Indexing Service
    Path: C:\WINDOWS\system32\cisvc.exe
    Start Mode: Manual

    Service: ClipSrv
    Displayed: ClipBook
    Path: C:\WINDOWS\system32\clipsrv.exe
    Start Mode: Disabled

    Service: clr_optimization_v2.0.50727_32
    Displayed: .NET Runtime Optimization Service v2.0.50727_X86
    Path: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    Start Mode: Manual

    Service: COMSysApp
    Displayed: COM+ System Application
    Path: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
    Start Mode: Manual

    Service: dmadmin
    Displayed: Logical Disk Manager Administrative Service
    Path: C:\WINDOWS\System32\dmadmin.exe /com
    Start Mode: Manual

    Service: DSBrokerService
    Displayed: DSBrokerService
    Path: "C:\Program Files\DellSupport\brkrsvc.exe "
    Start Mode: Manual

    Service: ELService
    Displayed: Intelr Quick Resume Technology Drivers
    Path: "C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe "
    Start Mode: Auto

    Service: ERSvc
    Displayed: Error Reporting Service
    Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
    Start Mode: Disabled

    Service: FastUserSwitchingCompatibility
    Displayed: Fast User Switching Compatibility
    Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
    Start Mode: Manual

    Service: FontCache3.0.0.0
    Displayed: Windows Presentation Foundation Font Cache 3.0.0.0
    Path: c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    Start Mode: Manual

    Service: gusvc
    Displayed: Google Updater Service
    Path: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "
    Start Mode: Manual

    Service: hkmsvc
    Displayed: Health Key and Certificate Management Service
    Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
    Start Mode: Manual

    Service: idsvc
    Displayed: Windows CardSpace
    Path: "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "
    Start Mode: Manual

    Service: ImapiService
    Displayed: IMAPI CD-Burning COM Service
    Path: C:\WINDOWS\system32\imapi.exe
    Start Mode: Manual

    Service: McrdSvc
    Displayed: Media Center Extender Service
    Path: C:\WINDOWS\ehome\mcrdsvc.exe
    Start Mode: Disabled

    Service: Messenger
    Displayed: Messenger
    Path: C:\WINDOWS\system32\svchost.exe -k netsvcs
    Start Mode: Disabled

    Service: MHN
    Displayed: MHN
    Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
    Start Mode: Manual

    Service: Microsoft Office Groove Audit Service
    Displayed: Microsoft Office Groove Audit Service
    Path: "C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe "
    Start Mode: Disabled

    Service: mnmsrvc
    Displayed: NetMeeting Remote Desktop Sharing
    Path: C:\WINDOWS\system32\mnmsrvc.exe
    Start Mode: Disabled

    Service: MSDTC
    Displayed: Distributed Transaction Coordinator
    Path: C:\WINDOWS\system32\msdtc.exe
    Start Mode: Manual

    Service: MSIServer
    Displayed: Windows Installer
    Path: C:\WINDOWS\system32\msiexec.exe /V
    Start Mode: Manual

    Service: napagent
    Displayed: Network Access Protection Agent
    Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
    Start Mode: Manual

    Service: NetDDE
    Displayed: Network DDE
    Path: C:\WINDOWS\system32\netdde.exe
    Start Mode: Disabled

    Service: NetDDEdsdm
    Displayed: Network DDE DSDM
    Path: C:\WINDOWS\system32\netdde.exe
    Start Mode: Disabled

    Service: Netlogon
    Displayed: Net Logon
    Path: C:\WINDOWS\system32\lsass.exe
    Start Mode: Manual

    Service: NetSvc
    Displayed: Intel NCS NetService
    Path: C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    Start Mode: Manual

    Service: NetTcpPortSharing
    Displayed: Net.Tcp Port Sharing Service
    Path: "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe "
    Start Mode: Disabled

    Service: NtLmSsp
    Displayed: NT LM Security Support Provider
    Path: C:\WINDOWS\system32\lsass.exe
    Start Mode: Manual

    Service: odserv
    Displayed: Microsoft Office Diagnostics Service
    Path: "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "
    Start Mode: Manual

    Service: ose
    Displayed: Office Source Engine
    Path: "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "
    Start Mode: Manual

    Service: Pml Driver HPZ12
    Displayed: Pml Driver HPZ12
    Path: C:\WINDOWS\system32\HPZipm12.exe
    Start Mode: Manual

    Service: PRISMSVC
    Displayed: PRISMSVC
    Path: C:\WINDOWS\system32\PRISMSVC.EXE
    Start Mode: Disabled

    Service: RasAuto
    Displayed: Remote Access Auto Connection Manager
    Path: C:\WINDOWS\system32\svchost.exe -k netsvcs
    Start Mode: Manual

    Service: RasMan
    Displayed: Remote Access Connection Manager
    Path: C:\WINDOWS\system32\svchost.exe -k netsvcs
    Start Mode: Disabled

    Service: RDSessMgr
    Displayed: Remote Desktop Help Session Manager
    Path: C:\WINDOWS\system32\sessmgr.exe
    Start Mode: Disabled

    Service: RemoteAccess
    Displayed: Routing and Remote Access
    Path: C:\WINDOWS\system32\svchost.exe -k netsvcs
    Start Mode: Disabled

    Service: RemoteRegistry
    Displayed: Remote Registry
    Path: C:\WINDOWS\system32\svchost.exe -k LocalService
    Start Mode: Disabled

    Service: RpcLocator
    Displayed: Remote Procedure Call (RPC) Locator
    Path: C:\WINDOWS\system32\locator.exe
    Start Mode: Manual

    Service: RSVP
    Displayed: QoS RSVP
    Path: C:\WINDOWS\system32\rsvp.exe
    Start Mode: Manual

    Service: scan
    Displayed: BitDefender Threat Scanner
    Path: C:\WINDOWS\System32\svchost.exe -kbdx
    Start Mode: Manual

    Service: SCardSvr
    Displayed: Smart Card
    Path: C:\WINDOWS\System32\SCardSvr.exe
    Start Mode: Manual

    Service: SwPrv
    Displayed: MS Software Shadow Copy Provider
    Path: C:\WINDOWS\system32\dllhost.exe /Processid:{6F6160A9-C71A-4D34-91A0-5B9E71074979}
    Start Mode: Manual

    Service: SysmonLog
    Displayed: Performance Logs and Alerts
    Path: C:\WINDOWS\system32\smlogsvc.exe
    Start Mode: Manual

    Service: TapiSrv
    Displayed: Telephony
    Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
    Start Mode: Manual

    Service: TlntSvr
    Displayed: Telnet
    Path: C:\WINDOWS\system32\tlntsvr.exe
    Start Mode: Disabled

    Service: UPS
    Displayed: Uninterruptible Power Supply
    Path: C:\WINDOWS\System32\ups.exe
    Start Mode: Manual

    Service: VSS
    Displayed: Volume Shadow Copy
    Path: C:\WINDOWS\System32\vssvc.exe
    Start Mode: Manual

    Service: WebClient
    Displayed: WebClient
    Path: C:\WINDOWS\system32\svchost.exe -k LocalService
    Start Mode: Disabled

    Service: WinDefend
    Displayed: Windows Defender
    Path: "C:\Program Files\Windows Defender\MsMpEng.exe "
    Start Mode: Disabled

    Service: WmdmPmSN
    Displayed: Portable Media Serial Number Service
    Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
    Start Mode: Manual

    Service: Wmi
    Displayed: Windows Management Instrumentation Driver Extensions
    Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
    Start Mode: Manual

    Service: WmiApSrv
    Displayed: WMI Performance Adapter
    Path: C:\WINDOWS\system32\wbem\wmiapsrv.exe
    Start Mode: Manual

    Service: WMPNetworkSvc
    Displayed: Windows Media Player Network Sharing Service
    Path: "C:\Program Files\Windows Media Player\WMPNetwk.exe "
    Start Mode: Manual

    Service: WudfSvc
    Displayed: Windows Driver Foundation - User-mode Driver Framework
    Path: C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    Start Mode: Manual

    Service: xmlprov
    Displayed: Network Provisioning Service
    Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
    Start Mode: Manual


    ~~~ svchost Export ~~~

    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost
    HTTPFilter REG_MULTI_SZ
    HTTPFilter
    LocalService REG_MULTI_SZ
    Alerter
    WebClient
    LmHosts
    RemoteRegistry
    upnphost
    SSDPSRV
    NetworkService REG_MULTI_SZ
    DnsCache
    netsvcs REG_MULTI_SZ
    6to4
    AppMgmt
    AudioSrv
    Browser
    CryptSvc
    DMServer
    DHCP
    ERSvc
    EventSystem
    FastUserSwitchingCompatibility
    HidServ
    Ias
    Iprip
    Irmon
    LanmanServer
    LanmanWorkstation
    Messenger
    Netman
    Nla
    Ntmssvc
    NWCWorkstation
    Nwsapagent
    Rasauto
    Rasman
    Remoteaccess
    Schedule
    Seclogon
    SENS
    Sharedaccess
    SRService
    Tapisrv
    Themes
    TrkWks
    W32Time
    WZCSVC
    Wmi
    WmdmPmSp
    winmgmt
    wscsvc
    xmlprov
    MHN
    BITS
    wuauserv
    ShellHWDetection
    WmdmPmSN
    helpsvc
    napagent
    hkmsvc
    DcomLaunch REG_MULTI_SZ
    DcomLaunch
    TermService
    rpcss REG_MULTI_SZ
    RpcSs
    imgsvc REG_MULTI_SZ
    StiSvc
    termsvcs REG_MULTI_SZ
    TermService
    WudfServiceGroup REG_MULTI_SZ
    WUDFSvc
    eapsvcs REG_MULTI_SZ
    eaphost
    dot3svc REG_MULTI_SZ
    dot3svc
    bdx REG_MULTI_SZ
    scan
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\bdx
    CoInitializeSecurityParam REG_DWORD 0x1
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\DComLaunch
    CoInitializeSecurityParam REG_DWORD 0x1
    DefaultRpcStackSize REG_DWORD 0x8
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\dot3svc
    AuthenticationCapabilities REG_DWORD 0x3020
    CoInitializeSecurityParam REG_DWORD 0x1
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\eapsvcs
    AuthenticationCapabilities REG_DWORD 0x3020
    CoInitializeSecurityParam REG_DWORD 0x1
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\HTTPFilter
    CoInitializeSecurityParam REG_DWORD 0x1
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalService
    CoInitializeSecurityParam REG_DWORD 0x1
    AuthenticationCapabilities REG_DWORD 0x2000
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\netsvcs
    CoInitializeSecurityParam REG_DWORD 0x1
    AuthenticationCapabilities REG_DWORD 0x3020
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\PCHealth
    CoInitializeSecurityParam REG_DWORD 0x2
    AuthenticationCapabilities REG_DWORD 0x40
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\termsvcs
    CoInitializeSecurityParam REG_DWORD 0x1
    DefaultRpcStackSize REG_DWORD 0x8


    ~~~ ServiceGroupOrder ~~~

    System Reserved
    Boot Bus Extender
    System Bus Extender
    SCSI miniport
    Port
    Primary Disk
    SCSI Class
    SCSI CDROM Class
    FSFilter Infrastructure
    FSFilter System
    FSFilter Bottom
    FSFilter Copy Protection
    FSFilter Security Enhancer
    FSFilter Open File
    FSFilter Physical Quota Management
    FSFilter Encryption
    FSFilter Compression
    FSFilter HSM
    FSFilter Cluster File System
    FSFilter System Recovery
    FSFilter Quota Management
    FSFilter Content Screener
    FSFilter Continuous Backup
    FSFilter Replication
    FSFilter Anti-Virus
    FSFilter Undelete
    FSFilter Activity Monitor
    FSFilter Top
    Filter
    Boot File System
    Base
    Pointer Port
    Keyboard Port
    Pointer Class
    Keyboard Class
    Video Init
    Video
    Video Save
    File System
    Event Log
    Streams Drivers
    NDIS Wrapper
    COM Infrastructure
    BitDefender
    UIGroup
    LocalValidation
    PlugPlay
    PNP_TDI
    NDIS
    TDI
    NetBIOSGroup
    ShellSvcGroup
    SchedulerGroup
    SpoolerGroup
    AudioGroup
    SmartCardGroup
    NetworkProvider
    RemoteValidation
    NetDDEGroup
    Parallel arbitrator
    Extended Base
    PCI Configuration
    MS Transactions
    PnP Filter
    ASCTRM
    Network
    Extended base'
    TrueVector Group

    ~~~ LoadOrderGroup Members ~~~

    Service: Ati HotKey Poller
    LoadOrderGroup: Event log

    Service: AudioSrv
    LoadOrderGroup: AudioGroup

    Service: DcomLaunch
    LoadOrderGroup: Event Log

    Service: Dhcp
    LoadOrderGroup: TDI

    Service: Dnscache
    LoadOrderGroup: TDI

    Service: Dot3svc
    LoadOrderGroup: TDI

    Service: Eventlog
    LoadOrderGroup: Event log

    Service: EventSystem
    LoadOrderGroup: Network

    Service: lanmanworkstation
    LoadOrderGroup: NetworkProvider

    Service: LIVESRV
    LoadOrderGroup: BitDefender

    Service: LmHosts
    LoadOrderGroup: TDI

    Service: MSDTC
    LoadOrderGroup: MS Transactions

    Service: NetDDE
    LoadOrderGroup: NetDDEGroup

    Service: Netlogon
    LoadOrderGroup: RemoteValidation

    Service: PlugPlay
    LoadOrderGroup: PlugPlay

    Service: RpcSs
    LoadOrderGroup: COM Infrastructure

    Service: SamSs
    LoadOrderGroup: LocalValidation

    Service: SCardSvr
    LoadOrderGroup: SmartCardGroup

    Service: Schedule
    LoadOrderGroup: SchedulerGroup

    Service: SENS
    LoadOrderGroup: Network

    Service: ShellHWDetection
    LoadOrderGroup: ShellSvcGroup

    Service: Spooler
    LoadOrderGroup: SpoolerGroup

    Service: Themes
    LoadOrderGroup: UIGroup

    Service: vsmon
    LoadOrderGroup: TrueVector Group

    Service: VSSERV
    LoadOrderGroup: BitDefender

    Service: WebClient
    LoadOrderGroup: NetworkProvider

    Service: WinDefend
    LoadOrderGroup: COM Infrastructure

    Service: WudfSvc
    LoadOrderGroup: PlugPlay

    Service: WZCSVC
    LoadOrderGroup: TDI


    ~~~End of Report~~~

    >>> I'm comfortable editing the registry (yes - I'll back it up first!). My version of Zone Alarm is 8.0.065.000.
     
  10. 2009/02/12
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Unfortunately, I don't see that we'll be able to tweak ZA's loading ......... it's already set to be the last group to start, well after the things it would normally interfere with. Best I can suggest is to uninstall, reboot and re-install to see if the problem persists. If so, time to look for another firewall solution or seek assistance with Zone Alarm via their forums.
     
  11. 2009/02/13
    Boomer53

    Boomer53 Inactive Thread Starter

    Joined:
    2009/02/07
    Messages:
    6
    Likes Received:
    0
    I'm happy just to have discovered the cause of the problem - As i said, this would have been the last thing I might have considered. I'll re-install & see how that goes.

    Thanks again!
     
  12. 2009/02/14
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Happy to help. :)
     
  13. 2009/02/15
    Boomer53

    Boomer53 Inactive Thread Starter

    Joined:
    2009/02/07
    Messages:
    6
    Likes Received:
    0
    Follow up- Re-installation (unfortunately) didn't help. The Zone Alarm boards seem to have plenty of users with similar issues, dating back some years. ZA's recommendation is to step back to a previous release. Instead, I unchecked "load Zone Alarm at startup ", and dropped a shortcut in the Startup menu. I don't remember if I saw that suggestion here or on the ZA boards - but it worked perfectly. ZA still starts automatically when I boot, but I'm back to the quick boot times I had weeks ago.

    Thanks again.
     
  14. 2009/02/17
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Thanks for the update. Glad to hear it's working for you. :)
     

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.