Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

slow PC [CLOSED]

Started by msiz , Sep 02 2005 10:22 AM

  • This topic is locked This topic is locked

#16
greyknight17
Posted 10 September 2005 - 07:49 AM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Did you run some of those programs manually?

Yahoo Messenger, MSN Messenger, Outlook, Internet Explorer, etc.

Go to Start->Run and type in msconfig and hit OK. Go to the Startup tab. Tell me what you see there that are checked. I don't need the unchecked ones.

Download CleanUp! http://cleanup.stevengould.org/ (Alternate Link if main link don't work - http://www.greyknigh...spy/CleanUp.exe ) and install it. CleanUp! deletes EVERYTHING out of your temp/temporary folders, it does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp!. Run CleanUp! and click on the Options button. Uncheck 'Scan local drives for temporary files'. Also uncheck those two Newsgroup entries if you don't want to delete them. Click OK and then click on the CleanUp! button. Let it run. After it's done, choose Yes to logoff.
  • 0

Advertisements

#17
msiz
Posted 10 September 2005 - 10:48 AM

msiz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
only 2 items listed - both ticked:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

zclient C:Program Files\Zone Labs\ZoneAlarm\zlcient.exe HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ru

Running yahoo, msn, outlook etc through icons on desktop
  • 0

#18
greyknight17
Posted 10 September 2005 - 11:42 AM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
I don't know what else can be causing the problem. It's slow overall right? Not online?

Did you install any new software or hardware before this slowdown?
  • 0

#19
msiz
Posted 10 September 2005 - 12:39 PM

msiz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
yes slow all the time - especially on start up and shut down. dont think I installed anything new prior to the slow down
  • 0

#20
greyknight17
Posted 10 September 2005 - 12:55 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Hit ctrl+alt+del and go to the Processes tab. Sort it by the last column (usually memory used) to see which programs are using lots of memory.

Give me these logs:

Right click on http://www.silentrun...ent Runners.vbs and choose Save As...Save it to your Desktop. Make sure you have disabled any programs that may block/disable scripts (ex: Ad-Watch, TeaTimer, Norton, etc.). Double click on 'Silent Runners' to run it. This will take a few minutes. It will create a file called 'Startup Programs' followed by your computer name and current date. Open up that file and post all the contents here in your next post.

Download StartDreck http://www.greyknigh.../StartDreck.zip

Unzip to its own folder and start the program:
Press 'Config'
Press 'mark all'

Uncheck the following boxes only:
System/Running Process -> List Modules
System/Drivers -> NT Services
System/Drivers -> NT Kernel- and FS-drivers
Press 'OK'

Press 'Save' and select the location to save the log file (default is the same folder as the application)

Post the log in this thread.
  • 0

#21
msiz
Posted 10 September 2005 - 01:20 PM

msiz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
These are the largest processes running:

ypager.exe 33436K
explorer.exe 27440K
iexplore.exe 23652K
svchost.exe 22712K
vsmon.exe 15136K
msnmsg.exe 12904K
OUTLOOK.EXE 12620K

svchost.exe appears several times (22712, 5028, 4692, 4472 4348) - dont know if that makes any difference!


SILENT RUNNERS LOG

"Silent Runners.vbs", revision 40.1, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"RegistryMechanic" = (empty string)
"Zone Labs Client" = "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" ["Zone Labs, LLC"]

HKLM\Software\Microsoft\Active Setup\Installed Components\
{8b15971b-5355-4c82-8c07-7e181ea07608}\(Default) = "Fax"
\StubPath = "rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\fxsocm.inf,Fax.UnInstall.PerUser" [MS]
{94de52c8-2d59-4f1b-883e-79663d2d9a8c}\(Default) = "Fax Provider"
\StubPath = "rundll32.exe C:\WINNT\System32\Setup\FxsOcm.dll,XP_UninstallProvider" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{0CF0B8EE-6596-11D5-A98E-0003470BB48E}\(Default) = "CCHelper Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Panicware\Pop-Up Stopper\CCHelper.dll" [empty string]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = "Google Toolbar Helper" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar_en_2.0.111-big.dll" ["Google Inc."]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\(Default) = "MSN Search Toolbar Helper" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {CLSID}\InProcServer32\(Default) = "C:\WINNT\System32\hticons.dll" ["Hilgraeve, Inc."]
"{5b4dae26-b807-11d0-9815-00c04fd91972}" = "Menu Band"
-> {CLSID}\InProcServer32\(Default) = "C:\WINNT\system32\SHELL32.dll" [MS]
"{8278F931-2A3E-11d2-838F-00C04FD918D0}" = "Tracking Shell Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINNT\system32\SHELL32.dll" [MS]
"{E13EF4E4-D2F2-11d0-9816-00C04FD91972}" = "Menu Site"
-> {CLSID}\InProcServer32\(Default) = "C:\WINNT\system32\SHELL32.dll" [MS]
"{ECD4FC4F-521C-11D0-B792-00A0C90312E1}" = "Menu Desk Bar"
-> {CLSID}\InProcServer32\(Default) = "C:\WINNT\system32\SHELL32.dll" [MS]
"{D82BE2B0-5764-11D0-A96E-00C04FD705A2}" = "IShellFolderBand"
-> {CLSID}\InProcServer32\(Default) = "C:\WINNT\system32\SHELL32.dll" [MS]
"{0E5CBF21-D15F-11d0-8301-00AA005B4383}" = "&Links"
-> {CLSID}\InProcServer32\(Default) = "C:\WINNT\system32\SHELL32.dll" [MS]
"{7487cd30-f71a-11d0-9ea7-00805f714772}" = "Thumbnail Image"
-> {CLSID}\InProcServer32\(Default) = "C:\WINNT\system32\SHELL32.dll" [MS]
"{450D8FBA-AD25-11D0-98A8-0800361B1103}" = "MyDocs Folder"
-> {CLSID}\InProcServer32\(Default) = "C:\WINNT\system32\SHELL32.dll" [MS]
"{5E44E225-A408-11CF-B581-008029601108}" = "Adaptec DirectCD Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Adaptec\EASYCD~1\DirectCD\Shellex.dll" ["Roxio"]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Real\RealOne Player\rpshell.dll" ["RealNetworks, Inc."]
"{C14F7681-33D8-11D3-A09B-00500402F30B}" = "AvxShellEx"
-> {CLSID}\InProcServer32\(Default) = "blank" [file not found]
"{6E3C607A-B99C-4FA8-98F5-1AC1ADF7F5B9}" = "MediaFace extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Fellowes\MediaFACE 4.0\MFShlExt.dll" ["Fellowes, Inc."]
"{7E82235C-F31E-46CB-AF9F-1ADD94C585FF}" = "Pa&nicware Pop-Up Stopper"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Panicware\Pop-Up Stopper\pstopper.dll" ["Panicware, Inc."]
"{8F05B1A8-9D77-4B8F-AF54-6B2202066F95}" = "Pop-Up Stopper &Companion"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Panicware\Pop-Up Stopper Companion\popupus.dll" ["Panicware, Inc."]
"{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3}" = "My Logitech Pictures"
-> {CLSID}\InProcServer32\(Default) = "blank" [file not found]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {CLSID}\InProcServer32\(Default) = "C:\WINNT\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINNT\system32\Audiodev.dll" [MS]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]
"{5464D816-CF16-4784-B9F3-75C0DB52B499}" = "Yahoo! Mail"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\ymmapi.dll" ["Yahoo! Inc."]
"{7C5E74A0-D5E0-11D0-A9BF-E886A83B9BE5}" = "Context Menu Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\TAGREN~1\TRshell.dll" ["Softpointer Inc"]
"{13E7F612-F261-4391-BEA2-39DF4F3FA311}" = "Windows Desktop Search"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\MSN Toolbar Suite\EXT\02.05.0000.1110\en-gb\msnlExt.dll" [MS]
"{97090E2F-3062-4459-855B-014F0D3CDBB1}" = "MSN Deskbar"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\MSN Toolbar Suite\DB\02.05.0000.1082\en-gb\deskbar.dll" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{9EF34FF2-3396-4527-9D27-04C8C1C67806}" = "Microsoft AntiSpyware Service Hook"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft AntiSpyware\shellextension.dll" [MS]
INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ewido\security suite\shellhook.dll" ["TODO: <Firmenname>"]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\
"AppInit_DLLs" = (value not set)

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! wzcnotif\DLLName = "wzcdlg.dll" [MS]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
AvxShellEx\(Default) = "{C14F7681-33D8-11D3-A09B-00500402F30B}"
-> {CLSID}\InProcServer32\(Default) = "blank" [file not found]
MediaFaceExtension\(Default) = "{6E3C607A-B99C-4FA8-98F5-1AC1ADF7F5B9}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Fellowes\MediaFACE 4.0\MFShlExt.dll" ["Fellowes, Inc."]
TagRename_ContextMenu\(Default) = "{7C5E74A0-D5E0-11D0-A9BF-E886A83B9BE5}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\TAGREN~1\TRshell.dll" ["Softpointer Inc"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Yahoo! Mail\(Default) = "{5464D816-CF16-4784-B9F3-75C0DB52B499}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\ymmapi.dll" ["Yahoo! Inc."]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
MediaFaceExtension\(Default) = "{6E3C607A-B99C-4FA8-98F5-1AC1ADF7F5B9}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Fellowes\MediaFACE 4.0\MFShlExt.dll" ["Fellowes, Inc."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
AvxShellEx\(Default) = "{C14F7681-33D8-11D3-A09B-00500402F30B}"
-> {CLSID}\InProcServer32\(Default) = "blank" [file not found]
TagRename_ContextMenu\(Default) = "{7C5E74A0-D5E0-11D0-A9BF-E886A83B9BE5}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\TAGREN~1\TRshell.dll" ["Softpointer Inc"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\L Smith\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000004\LibraryPath = "%SystemRoot%\System32\nwprovau.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 18
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar_en_2.0.111-big.dll" ["Google Inc."]

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = "Yahoo! Toolbar" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll" ["Yahoo! Inc."]

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar_en_2.0.111-big.dll" ["Google Inc."]

"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" = "MSN Search Toolbar" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll" [MS]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar_en_2.0.111-big.dll" ["Google Inc."]

"{8F05B1A8-9D77-4B8F-AF54-6B2202066F95}" = "Pop-Up Stopper &Companion" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Panicware\Pop-Up Stopper Companion\popupus.dll" ["Panicware, Inc."]

"{7E82235C-F31E-46CB-AF9F-1ADD94C585FF}" = "Pa&nicware Pop-Up Stopper" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Panicware\Pop-Up Stopper\pstopper.dll" ["Panicware, Inc."]

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = "Yahoo! Toolbar" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll" ["Yahoo! Inc."]

"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" = "MSN Search Toolbar" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll" [MS]

Explorer Bars

HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\
{4528BBE0-4E08-11D5-AD55-00010333D0AD}\ = "&Yahoo! Messenger" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Messenger\yhexbmesuk.dll" ["Yahoo! Inc."]

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{4528BBE0-4E08-11D5-AD55-00010333D0AD}\ = "&Yahoo! Messenger" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Messenger\yhexbmesuk.dll" ["Yahoo! Inc."]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll" ["Sun Microsystems, Inc."]

{4528BBE0-4E08-11D5-AD55-00010333D0AD}\
"ButtonText" = "Messenger"
"MenuText" = "Yahoo! Messenger"
"CLSIDExtension" = "{4C171D40-8277-11D5-AD55-00010333D0AD}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Messenger\yhexbmesuk.dll" ["Yahoo! Inc."]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

ewido security suite control, ewido security suite control, "C:\Program Files\ewido\security suite\ewidoctrl.exe" ["ewido networks"]
TrueVector Internet Monitor, vsmon, "C:\WINNT\system32\ZoneLabs\vsmon.exe -service" ["Zone Labs, LLC"]
Windows User Mode Driver Framework, UMWdf, "C:\WINNT\system32\wdfmgr.exe" [MS]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 75 seconds, including 31 seconds for message boxes)

STARTDECK LOG

StartDreck (build 2.1.7 public stable) - 2005-09-10 @ 20:13:02 (GMT +01:00)
Platform: Windows XP (Win NT 5.1.2600 Service Pack 2)
Internet Explorer: 6.0.2900.2180
Logged in as Linzi Smith at LINZI

»Registry
»Run Keys
»Current User
»Run
»RunOnce
»Default User
»Run
*internat.exe=internat.exe
*Yahoo! Pager=C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
»RunOnce
*^SetupICWDesktop=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop
*tscuninstall=%systemroot%\system32\tscupgrd.exe
»Local Machine
»Run
*RegistryMechanic=
*Zone Labs Client=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
+OptionalComponents
+MSFS
*Installed=1
+MAPI
*Installed=1
*NoChange=1
+MAPI
*Installed=1
*NoChange=1
»RunOnce
»RunServices
»RunServicesOnce
»RunOnceEx
»RunServicesOnceEx
»File Associations (CR)
+.bat
*batfile="%1" %*
+.com
*comfile="%1" %*
+.disabled
*SpybotSD.DisabledFile="C:\Program Files\Spybot - Search & Destroy\blindman.exe" "%1"
+.exe
*exefile="%1" %*
+.hta
*htafile=C:\WINNT\System32\mshta.exe "%1" %*
+.htm
*htmlfile="C:\Program Files\Internet Explorer\iexplore.exe" -nohome
+.html
*htmlfile="C:\Program Files\Internet Explorer\iexplore.exe" -nohome
+.js
*JSFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.jse
*JSEFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.pif
*piffile="%1" %*
+.reg
*regfile=regedit.exe "%1"
+.scr
*scrfile="%1" /S
+.txt
*txtfile=%SystemRoot%\system32\NOTEPAD.EXE %1
+.vbs
*VBSFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.vbe
*VBEFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.wsh
*WSHFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.wsf
*WSFFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.lnk
`lnkfile= [key or value does not exist]
»Active Setup (LM)
+Internet Explorer/>{26923b43-4d38-484f-9b9e-de460746276c}
*StubPath=%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
+Browser Customizations/>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS
*StubPath=RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
+Outlook Express/>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}
*StubPath=%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
+Themes Setup/{2C7339CF-2B09-4501-B3F3-F3508C9228ED}
*StubPath=%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
+Microsoft Outlook Express 6/{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
*StubPath="%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
+NetMeeting 3.01/{44BBA842-CC51-11CF-AAFA-00AA00B6015B}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
+Internet Explorer/{4b218e3e-bc98-4770-93d3-2731b9329278}
*StubPath=%SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
+Windows Messenger 4.7/{5945c046-1e7d-11d1-bc44-00c04fd912be}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\msmsgs.inf,BLC.QuietInstall.PerUser
+EnableRevocation/{6A5110B5-E14B-4268-A065-EF89FF33C325}
*StubPath=regsvr32.exe /s /n /i:"S 2 true 3 true 4 true 5 true 6 true 7 true" initpki.dll
+Microsoft Windows Media Player/{6BF52A52-394A-11d3-B153-00C04F79FAA6}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\wmp10.inf,PerUserStub
+Address Book 6/{7790769C-0471-11d2-AF11-00C04FA35D02}
*StubPath="%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
+Windows Desktop Update/{89820200-ECBD-11cf-8B85-00AA005B4340}
*StubPath=regsvr32.exe /s /n /i:U shell32.dll
+Internet Explorer 6/{89820200-ECBD-11cf-8B85-00AA005B4383}
*StubPath=%SystemRoot%\system32\ie4uinit.exe
+Fax/{8b15971b-5355-4c82-8c07-7e181ea07608}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\fxsocm.inf,Fax.UnInstall.PerUser
+Fax Provider/{94de52c8-2d59-4f1b-883e-79663d2d9a8c}
*StubPath=rundll32.exe C:\WINNT\System32\Setup\FxsOcm.dll,XP_UninstallProvider
+CRLUpdate/{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}
*StubPath=%SystemRoot%\System32\updcrl.exe -e -u %SystemRoot%\System32\verisignpub1.crl
»Browser Helper Objects (LM)
*CCHelper.CCHelper.1/{0CF0B8EE-6596-11D5-A98E-0003470BB48E}
`InprocServer32=C:\Program Files\Panicware\Pop-Up Stopper\CCHelper.dll
*{53707962-6F74-2D53-2644-206D7942484F}
`InprocServer32=C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
*{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}
`InprocServer32=
*Google Toolbar Helper/{AA58ED58-01DD-4d91-8333-CF10577473F7}
`InprocServer32=c:\program files\google\googletoolbar_en_2.0.111-big.dll
*MSN Search Toolbar Helper/{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
`InprocServer32=C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll
»Internet Explorer
»Current User
*Local Page=C:\WINNT\SYSTEM32\blank.htm
*Search Bar=http://g.msn.co.uk/0SEENGB/SAOS01
*Search Page=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
*Start Page=http://www.google.co.uk/
*SearchAssistant=http://ie.search.msn.com/en-gb/srchasst/srchasst.htm
+SearchUrl
*provider=MSN
*=http://home.microsoft.com/access/autosearch.asp?p=%s
»Default User
»Local Machine
*Default_Page_URL=http://uk.yahoo.com/?.home=msgr
*Default_Search_URL=http://home.microsoft.com/search/search.asp
*Local Page=C:\WINNT\SYSTEM32\blank.htm
*Search Bar=http://g.msn.co.uk/0SEENGB/SAOS01
*Search Page=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
*Start Page=http://uk.yahoo.com/?.home=msgr
*CustomizeSearch=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
*SearchAssistant=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
+SearchUrl
*=http://home.microsoft.com/access/autosearch.asp?p=%s
»ShellServiceObjectDelayLoad (LM)
*WebCheck={E6FB5E20-DE35-11CF-9C87-00AA005127ED}
`InprocServer32=%SystemRoot%\System32\webcheck.dll
*SysTray={35CEC8A3-2BE6-11D2-8773-92E220524153}
`InprocServer32=C:\WINNT\System32\stobject.dll
*PostBootReminder={7849596a-48ea-486e-8937-a2a3009f31a9}
`InprocServer32=%SystemRoot%\system32\SHELL32.dll
*CDBurn={fbeb8a05-beee-4442-804e-409d6c4515e9}
`InprocServer32=%SystemRoot%\system32\SHELL32.dll
»Special NT Values
»Current User
*Load=
*Run=
*Programs=com exe bat pif cmd
*SHELL=
»Default User
*Load=
*Run=
*Programs=com exe bat pif cmd
*SHELL=
»Local Machine
*AppInit_DLLs=
*SHELL=Explorer.exe
*Userinit=C:\WINNT\system32\Userinit.exe,
»Files
»Autostart Folders
»Current User
*C:\Documents and Settings\Linzi Smith\Start Menu\Programs\Startup\desktop.ini
»Default User
*C:\WINNT\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini
»Local Machine
*C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
»INI-Files
»WIN.INI\[windows]
*LOAD=
*RUN=
»SYSTEM.INI\[boot]
*SHELL=Explorer.exe
»Text Files
*C:\boot.ini
`[boot loader]
`timeout=30
`default=multi(0)disk(0)rdisk(0)partition(1)\WINNT
`[operating systems]
`multi(0)disk(0)rdisk(0)partition(1)\WINNT="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
*C:\msdos.sys
*C:\WINNT\system32\config.nt
`dos=high, umb
`device=%SystemRoot%\system32\himem.sys
`files=40
*C:\autoexec.bat
*C:\WINNT\system32\autoexec.nt
`@echo off
`lh %SystemRoot%\system32\mscdexnt.exe
`lh %SystemRoot%\system32\redir
`lh %SystemRoot%\system32\dosx
*C:\WINNT\wininit.ini
`[Rename]
`NUL=C:\DOCUME~1\LINZIS~1\LOCALS~1\Temp\bdl14025.exe
`NUL=C:\WINNT\downlo~1\ymsgrins.exe
*C:\WINNT\system32\drivers\etc\hosts
`127.0.0.1 localhost
»Program Files
*C:\ntldr
*C:\ntdetect.com
*C:\io.sys
*C:\WINNT\system32\win.com
*C:\WINNT\explorer.exe
»%PATH% Companion Files
+C:\UNWISE.EXE
*C:\WINNT\UNWISE.EXE
+C:\WINNT\system32\notepad.exe
*C:\WINNT\notepad.exe
+C:\WINNT\system32\slrundll.exe
*C:\WINNT\slrundll.exe
+C:\WINNT\system32\taskman.exe
*C:\WINNT\taskman.exe
+C:\WINNT\system32\winhlp32.exe
*C:\WINNT\winhlp32.exe
»System/Drivers
»VMM32Files (LM)
»%System%\VMM32
»%System%\IOSUBSYS
»Application specific
»MS Office 97/8.0 STARTUP-PATH
»Current User
»Default User
»Local Machine
»ICQ NetDetect
»Current User
»Default User
  • 0

#22
greyknight17
Posted 10 September 2005 - 03:08 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Go to C:\WINNT\ and double click on wininit.ini to open it. Delete these two lines:

`NUL=C:\DOCUME~1\LINZIS~1\LOCALS~1\Temp\bdl14025.exe
`NUL=C:\WINNT\downlo~1\ymsgrins.exe

Save the file and close it.

Do you get this slowdown once you login to Windows? I just want to make sure that when you say startup, you mean that you didn't run MSN Messenger, Outlook, Yahoo, etc... yet right?

Yes, those several instances of svchost.exe is normal.
  • 0

#23
msiz
Posted 10 September 2005 - 03:23 PM

msiz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
deleted those two lines!

My PC takes ages to log into windows and once I am logged in and try to log into Outlook MSN Yahoo etc, takes ages also!
  • 0

#24
greyknight17
Posted 10 September 2005 - 08:12 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
I'm thinking that it may not be software related anymore.

Are you connected on a network? If so, unplug the network cable and see if that speed things starting up and shutting down.
  • 0

#25
msiz
Posted 11 September 2005 - 02:43 AM

msiz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
no Im not connected on a network. Just a stand alone PC on a broadband connection.
  • 0

Advertisements

#26
msiz
Posted 11 September 2005 - 02:43 AM

msiz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
no Im not connected on a network. Just a stand alone PC on a broadband connection.
  • 0

#27
greyknight17
Posted 11 September 2005 - 07:52 AM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
OK, unplug that network cable or wireless card so you have no internet. Power on and see if it's still slow. Shutdown and see how that is also.
  • 0

#28
msiz
Posted 11 September 2005 - 08:03 AM

msiz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
nope, still the same :tazz:
  • 0

#29
greyknight17
Posted 11 September 2005 - 06:46 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Ask this question in the Windows forum to see if anyone has any other ideas. As far as I know now, you are all clean.

If they can't resolve it, post back here. Post back either way to let me know if the problem was resolved or not.
  • 0

#30
msiz
Posted 12 September 2005 - 06:50 AM

msiz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
will do. thanks so much for all your help, I really appreciate it. willlet you know how I get on.

:tazz:
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP