Win XPSpybot start up log, could you check to see if I can uncheck anything Also ther

J

JOE.G

New member
Hi the startup from spybot has more stuff then the MSCONFIG start up, Is there anything I can uncheck? Remove My System is slow to load. thanks
 
You probably see more stuff in Spybot's startup list than in msconfig because Spybot shows the winlogon entries.I don't suggest disabling them unless it's necessary,people have had problems with that in the past.Were those the ones you were looking at?
 
The winlogon ones,it's best to leave.In fact,if you try to disable them with Spybot they will probably not stay disabled,if Spybot 1.6 does it the same as Spybot 1.5.2.

Here's a list of some of the normal winlogon entries from my XP computer.They're all legit,and should be left alone.

Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, WgaLogon
command: WgaLogon.dll
file: WgaLogon.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Just as well to leave the other two winlogon entries I see in your list,as well.

Other than the winlogon ones,you don't really have an overabundance of startup entries.

This one is users choice:
Located: HK_LM:Run, HotKeysCmds
command: C:\WINDOWS\system32\hkcmd.exe
file: C:\WINDOWS\system32\hkcmd.exe
size: 126976
MD5: E4CF942A4AEA9D27C87F190F65E7D0F6
Click to expand...
http://www.castlecops.com/s1427-HotKeysCmds.html
http://www.bleepingcomputer.com/startups/hkcmd.exe-1939.html

Located: HK_LM:Run, IgfxTray
command: C:\WINDOWS\system32\igfxtray.exe
file: C:\WINDOWS\system32\igfxtray.exe
size: 155648
MD5: 093D3EE722542BA2E7AD929AA3CA6ABC
Click to expand...
This is listed as N for not required:
http://www.bleepingcomputer.com/startups/igfxtray-2147.html

Open Spybot,and go to System Startup.Please read the description at the links I posted,and decide if you would prefer the two items I listed in quotes above to be run at start-up,or if you would like to disable them.If you do decide on disabling those two,it'd be best if you highlight the entry with your mouse and then choose Toogle,or uncheck them,but don't use delete,in case you change your mind later.
 
what is the go to assist? The PCTVOICE what is that? What about the ctfmon? Spybot is saying it is a virus? but evrything I see seems to say it is legit but a resource hog?
 
I remember that the processes such as:
  • igfxtray.exe
  • hkcmd.exe
  • ati2evxx.exe

All have to do with a Intel Chipset/Graphics Card. I have a ATI Radeon graphics card, so these startup entries will appear in my Startup Manager.

As for 'ctfmon.exe' it's usually for [foreign] language devices. Usually it is active if you are using another language other than English.
 
Here is a description for ctfmon.exe:
http://www.bleepingcomputer.com/startups/ctfmon.exe-1121.html
Located: HK_CU:Run, ctfmon.exe
where: S-1-5-21-789336058-764733703-1060284298-1004...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8
Click to expand...

Right filename and path,so yours should be legit.If you have IE 7,it's standard to have it in your startup list.For a little more info on that,please see here:
http://forums.spybot.info/showthread.php?t=17058
I believe Spybot now lists a couple different things that ctfmon could be,to avoid confusion,though.Do you see another description if you scroll down?

http://www.castlecops.com/s5669-PCTVOICE.html
Located: HK_LM:Run, PCTVOICE
command: pctspk.exe
file: C:\WINDOWS\system32\pctspk.exe
size: 163840
MD5: 0B86BC4C123D3CD08817B1848DB07AC6
Click to expand...

http://www.castlecops.com/o20list-441.html
Located: WinLogon, GoToAssist
command: C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll
file: C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll
size: 10792
MD5: 3D6FD4FFDE6DE32C34DC280D0BE781
Click to expand...

Spybot should show bad items as red,yellow items are
unknown, unneeded or unambiguous program (e.g. malware programs might use the same file name as legitimate programs)
Click to expand...
But,you have to decide what you need or want to run after looking at the info for yourself,if it is yellow.Green is legitimate,and in most cases should not be disabled.hth.

If you have any trouble with the descriptions posted,please let me know. :)
 
'ctfmon.exe' Should I dis able it, I only use english, If I do disable it can I get it back? I have not read the links you posted ( have to get to work will read them tonight) I do remember reading somewhere a while ago that there is a whole process to disable them.
 
If you do not need it, then you can safely disable. The 'ctfmon.exe' will still be there when you need it.

The first link tells you that it is not necessary and will be up to the user's decision.
 
Joe, one way to disable "ctfmon.exe" (since English is the primary language on your computer) would be to disable the entry from starting up in the Startup Manager (msconfig), although I found that didn't work if you start up IE7 :santa:.

Here are the instructions for disabling "ctfmon.exe":
1. Open Regional and Language Options from the Control Panel.

2. In the Languages tab, click Details... for Text services and input languages.

3. In the Advanced tab, place a check in Turn off advanced text services, and Apply.

If you want to enable the process, then just do the exact opposite (Untick "Turn off advanced text services").
 
Yes,if you disable ctfmon using msconfig,it usually reappears in startup when using IE 7.That's why I don't usually recommend disabling it unless it's causing problems or someone particularly wants it disabled.More trouble than it is worth,but that's just my thing. :)
 
There are several variables, whether that be a malware infection (not trying to scare you), multiple startup entries (talk about dozens :laugh:), or lacking the sufficient resources to run all of them.

Check your TaskManager: How many processes are running?

How much RAM is currently on your XP OS?
 
Okay,try disabling ctfmon.exe,then,and see if things are any better.After you're done disabling what you've chosen to from startup,could you post another startup log,so I can see it?Instructions above.Thanks. :)

It may be later in the day before I get a chance to look,if you post tomorrow.
 
Hi, I am getting ready to leave for vactaion, I will be back monday or tuesday, I will do it then, thanks for all of the help. Is there a better way of the 2 to disable it?

How can I show you the what the taskmanger has and the ram? thanks
 
From Post #15, I'm asking you that because I wanted to know what is truly "slowing" down your computer.

TaskManager would be to press: Ctrl+Alt+Delete
For the RAM, go to System Properties in the Control Panel (Performance and Maintenance).

Joe, if you want a easier way to disable then go here:
http://forums.spybot.info/showpost.php?p=225334&postcount=12

Follow the instructions from the Control Panel. If you happen to find a "better" way to disable it than we (Zenobia and I) suggested feel free to do so ; ).
 
Last edited:
In task manager there where 35 entries in there, some say my user name, System,some say network service some say local service, CPU colume some are zero some 01,02,03 the mem usage colume has all types of #. Some of teh entries are doubles, I guess since at this time I have 4 windows open for the internet. There is also another user on the CP I do not see any list under that name, I guess cause that account is not logged on.

Is tere a very I could copy it so you could see what is there?


celron cpu 2.00 ghz/1.99ghz 256 mb

My Cp is also set to update daily. Does that slow it down? It is just real slow on start up, I will log on under my user name it gets there fast, I my desktop comes up fast, But I can not open anything for a while then say I click on IE it takes a while to open my home page.

Thanks
 
Last edited:
You must log in or register to reply here.
Back
Top