Weird one this, wondered if anyone can shed any light on it.

Last night I rebooted my PC (to play a bit of LFS - sometimes LFS only gives me about half the FPS I should have for reasons unknown to me, so I usually reboot before I start LFS) and my system tray ("notification area"?) didn't get as busy as it usually does. Only the Wingman Profiler icon appeared. I also noticed the extra button on my mouse wasn't working.

This morning I started my computer and the same thing happened. It seems ZoneAlarm, AVG, ATI Control Panel and my mouse software have all stopped loading at start-up. I've now added them all to the Programs > Startup folder, but I can't figure out why they got disabled. I looked in msconfig at the start up tab and only ZoneAlarm had a line in there (un-checked), so does this mean all the other application start-up lines got dropped from the registry?

The only setting I changed last night was disabling active scripting in IE7 so I could test a web page and make sure it worked without Javascript. I've downloaded and installed Windows malicious software thing this morning and it found nothing wrong, I also run a full scan with AVG and again, nothing. Windows hasn't install any updates recently, I haven't installed anything, or visited any iffy websites, and I don't use MS network clients except for testing my own work (as in IE7 above) so I'd be surprised if this is an infection.

Any clues?

I've no idea how they stopped on you but go into Windows services and make sure they are turned to: automatic and if they are stopped> start em'
Also if u c any services u dont want switch em' off too.
If that fails start>run>msconfig> startup and make amends there
Hope I help.

Can you get to an event viewer? Look in the application log at the entries that are being created at startup. You may find that if those applications are failing to start they may well produce some useful info in the log. System log may be worth a perusal too.

If you run mmc you can snap in the event viewer from there.

Quote from thisnameistaken :

Just checked the event log and there's nothing interesting in there. It's weird - I can't possibly have disabled all this stuff without knowing about it. I can only imagine some sort of malware did it, which would make sense for the personal firewall and anti-virus but not for ATI control centre or my mouse software.

I am bamboozled.

If there are no events for termination of these applications then they almost certainly never started in the first place. Espacially as usually you will see a confirmation message in the Application log that the apps started.

I did think there may be some form of virus when I ifrst read your post, but it's human nature to think that.

Have a hunt round for any files in the application's working directories with the .log file extension. You will be able to view them in notepad.

Sounds like the registry keys have been deleted.

Check to see if HKLM\Software\Microsoft\Windows\CurrentVersion\Run and HKCU\Software\Microsoft\Windows\CurrentVersion\Run are completely clean. In most circumstances, you'd see at least 2 or 3 entries in here. If its totally clean, it either means they've been manually deleted, or a program with the relevant privileges has deleted them. These are viewable using msconfig, under the start up tab as well.

You could try System Restore..?

*TiJay hangs head, applies for job at PC World*

Quote from thisnameistaken :

Local Machine's got one line for ZoneAlarm, but that's probably because I checked its "Start at start-up" checkbox this morning. Current User has a line for the Wingman Profiler and one for ctfmon so I think that one probably wasn't touched given that the Profiler was the only thing that I noticed wasn't affected.

Do you know of any reason why the Run keys in the HKLM hive might've been wiped?

When I looked in msconfig this morning, the start-up tab wasn't empty but it was massively depleted - there used to be a huge list of disabled start-up items in there and now there's only about one page in total. Now that I look again, the only active items are from HKCU (although there are still records for a few old disabled progs like the pointless Quicktime taskbar memory hog - these are in HKLM but in msconfig's own little junk drawer).

Something fishy must've gone on, right?

It does sound like the behavious of a virus. A full system restore is fine if you have a recent system state backup to restore from. Better bet is to reinstall the programs that are not starting up. Check the registry keys that angry mentioned earlier. See if they did disappear for sure.

Then take a system state backup immediately in case the problem re-occurs. It may be that the offending virus has now been removed by your AV software.