Driver making windows startup slow

  BobDibley 16:46 07 Jan 2009

Hey, i've just joined this forum in the hope that someone can help me.

I currently have a problem with a Symantec Driver, which is making windows take bout 1:30 to start up. In windows performance information and tools, it says:

"These drivers are causing Windows to start slowly:

Name: Symantec AutoProtect
Filename: SRTSP.SYS
Publisher: Symantec Corporation
Time Taken: 36.4 seconds"

This only started about 2 weeks ago. I have an Acer Aspire 5612 with a pentium dual core 1.6ghz processor and 2GB of RAM. Windows usually only takes about 30 seconds to boot, so i know it isnt a performance issue.
The driver that is causing the problem is from Norton Antivirus, but the only way i have seen so far to stop the problem is to uninstall Norton (but as i have paid for the subscription, i dont want to do this). I have scanned for spyware and viruses with Spybot, Norton Antivirus, Norton Recovery Tool and i have ran a Hijackthis log, which did not find any spyware or malware. I would like to know if it is possible to update the driver, as the Symantec website does not offer support for this problem outside of the USA.

kind regards


  skidzy 21:12 07 Jan 2009

and welcome to the forum.

First thing;

" i have ran a Hijackthis log, which did not find any spyware or malware "

I take it you know how to read a HJT scan ?
This is not sarcasm,but HJT logs can be extremely difficult to understand and playing with the scan results can render the machine in-operable or function incorrectly.

What happens if you disable Norton and its startup entry in MSCONFIG.
Also check for any services related to Symantec and stop these.

Now the bootup quicker ?
Does the machine boot ok into safemode ?

You are relying on an error report that is saying SRTSP.SYS is at fault,disabling Norton and its services briefly will prove if the error report is correct.

No idea if you are using 2008 or 2009 Norton,but i believe there is a free upgrade to 2009 if using 2008.This may cure the SYS error.

  BobDibley 08:14 08 Jan 2009

I have already disabled the startup services for Norton, but the problem still continues. I have not yet tried safe mode, but I will do later today as I have to get going now.

Here is a HJT Log. My friend who is a technical advisor at BT has read through it but cannot see any faults. Maybe you guys will find something.

Many thanks

  BobDibley 08:15 08 Jan 2009

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:12:43, on 08/01/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Documents\Programs, Applications\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = click here
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = click here
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = click here
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = click here
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = click here
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = click here*click here
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll (file missing)
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

  BobDibley 08:15 08 Jan 2009

O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet6_38.dll' missing
O13 - Gopher Prefix:
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - click here
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - click here
O20 - AppInit_DLLs: eNetHook.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: M-Audio Fast Track Installer (FastTrackInstallerService) - Unknown owner - C:\Program Files\M-Audio\Fast Track USB\MAUSBFTInst.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\Windows\system32\UAService7.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
End of file - 8105 bytes

  BobDibley 13:46 08 Jan 2009

I have just updated to norton 2009 but the driver is still causing a slow startup :S

  skidzy 18:19 08 Jan 2009

Are you experiencing any redirections while on the internet ?

I cannot not see a lot wrong with your HJT report,though i may have missed something...its easily done.

There are a few entries that need cleaning up,nothing major.

I suggest you download Malwarebytes click here update and boot into safemode and run Malwarebytes.

Now boot back into windows.

Also download Ccleaner Slim click here and run this and reboot the computer.

Do not run Ccleaner in safemode !

If problems persist;

Can i suggest you get the log looked over at one of these specialist forums.

VirusVault click here

Malwareremoval click here

Of course there are others if you so wish.
VirusVault could be the quickest to reply.

If you decide to post at both or more forums and receive advice from a helper,please close the other threads or at least inform the helper you are receiving help from another forum.

  skidzy 19:21 08 Jan 2009

My main concern relating to your HJT log,is if your Hosts file has been/become infected.

Hence why i asked if you have had any redirections ?

Let me know if you decide to post a HJT scan log at a Removal forum (please post a link here).

Im not saying you are infected,but certainly a few issues need cleaning and checking out.

Better to be safe than sorry.

Going back to your original post;

" which is making windows take bout 1:30 to start up ".

Im assuming you mean just over a minute...hope so because if over an have got problems :-)

Have you considered System Restore to a time before this happened ?
Thats quite a normal bootup time and i would not worry about this.

  BobDibley 20:47 08 Jan 2009

I have just ran Malwarebytes which found 220 pieces of malware! thanks for that link lol

I dont have any redirections on the internet and i am pretty sure it is reasonably malware/spyware free as i have run numerous programs now which have deleted a few pieces.
I didnt initially notice that windows was taking longer to boot up, but when i read the error about the SRTSP.SYS driver i did realise that something was wrong. I found someone else who had the same problem with the driver, but the only response they received was to uninstall Symantec Endpoint Protection (part of Norton).

  BobDibley 21:00 08 Jan 2009

Here is the link

click here

thanks for your help btw =)

  skidzy 22:10 08 Jan 2009

Hi again Bob

Ive had a bit of time to research your log further,you do have issues that need addressing from an expert.

It certainly looks like you have been Hijacked !

Is your latest HJT log (virus vault) after you ran MBAM in safemode or before ?

Do not install anything else to the computer until your helper gives you the all clear.

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

WPA2 hack: How secure is your Wi-Fi?

Add Depth Of Field to a photo using Tilt Shift Blur in Photoshop

iPhone tips & tricks

Comment afficher des fichiers cachés sur Mac ?