Antivirus being removed from Startup menu

[Gustavus]

I run Windows XP with SP2 installed. My antivirus is Kaspersky 5.0.676 with todays definitions. KAV has always been in the start menu so it installed during bootup. A couple of days ago, it failed to start in the boot process, although I could manually start it from the desktop icon. A quick check showed that the exe file was no longer in the startup menu. I manually entered it, but the next time I rebooted, KAV did not start and the exe file was no longer there. Kaspersky has an option in their settings to pin the exe file to startup, so I did this -- same resul; it did not start on bootup.

I then used Startup Organizer to force the exe file into the startup menu. On the next bootup, KAV did not start and Startup Organizer reported it as "removed" and asked if I wished to "rollback" the change. I did, but on the next bootup it was reported as removed again. Apparently, whatever is doing this is doing it during the shut down sequence. I have spent hours on this with no results. SpyBot, SpySweeper, XoftSpy, Zone Alarm, Kaspersky and f-secure's Blacklight all fail to find any malware. I can see nothing suspicious in the HiJack This log.

Do any of you have an idea of what could be removing the Kaspersky exe file from the startup menu?

 

[TSCrv]

some programs dont need to be in the startup menu, check if its in the services under administrative tools, or check the services tab of msconfig to see if it starts up that way.... my startup menu is EMPTY but all my stuff still starts up (either by service or registry entries), oh also check the registry entries, and no i cant remember where to look for that....

startup organizer "might" be your problem also, i do everything manually or via msconfig, so i never use stuff that monitors startup programs, but my guess is that has sometihng to do with it... that is if i wasnt contradicting my first statement

 

[Gustavus]

TSCrv
Thanks for the reply. I have continued working on the problem -- with no solution thus far. I have installed Ewido at the suggestion of a helper at another site so have the following update. Nothing has ever found any malware. The problem is the same with Startup Organizer uninstalled as it is with it installed.

Here is a crisp statement of the problem as it now exists. If Kaspersky and Ewido are either in the startup menu or in the registry at the time the machine is turned off, on bootup the Ewido icon will appear in the tray colored yellow (indicating it is active) early in the boot process -- only to go to grey (indicating it has been reset to inactive) before the boot is complete. Kaspersky will install, but will be removed from the startup menu or reset to not start in the registry. If I don't reset the start items, on the next boot neither piece of software will start in the bootup process. What I am doing (as an interim measure I hope) is setting Ewido to active and rolling back both items in Startup Organizer so they will startup the next time the machine is booted -- although I will have to set Ewido to active after the boot is complete. That way I am protected.

But something is removing both Ewido and Kaspersky from the startup during the bootup process. I di have AdAware installed and at someone else suggestion uninstalled it. That had no effect at all on the behavior I have just described.

I suspect malware -- but as I said none of the half dozen or so softwares I have tried has found anything.

PS
There doesn't appear to be any questionable entry in the HiJack This log -- which is rather short for this machine.