General discussion
-
CreatorTopic
-
November 12, 2004 at 5:30 am #2285232
IE and Windows Explorer Slow
Lockedby supmktg · about 19 years, 5 months ago
I got hit by a virus that disabled my virus and malware software. I had to shut down to stop it. I then installed fresh versions of AVG, Adaware and Spybot, and found 550 malware and 9 virus entries were made/installed. I successfully removed everything (that I could find with multiple scans, reboots,scans,etc). Now IE, My Computer, Windows Explorer and Control Panel each take a full minute or more to load. Once they load, they run normal speed. I’ve intalled Firefox to replace IE and it works fine, and I’ve installed 2xExplorer to replace Windows Explorer and it works fine too.
I need to resolve this problem, at least so I can get to My Computer and Control Panel.Short of a Format/Fresh Install of everything, where can I look to find my problem?
Thanks,
SupTopic is locked -
CreatorTopic
All Comments
-
AuthorReplies
-
-
November 12, 2004 at 1:39 pm #3312959
Registry
by matmak · about 19 years, 5 months ago
In reply to IE and Windows Explorer Slow
Click start > regedit > then expand Hkey Local machine> then Software > then Microsoft > then Windows > Then Current Version > Then Run and check the settings within this key look for the executables then check the internet against what they do and associated applications, I assume you’ll know your applications aggainst any foreign ones remembering to take into consideration of your driver executables (hence the need to check against the internet.
But delete any strings that you find to be viral or spyware related or indeed anything to do with gain, gator ware and the like.
Hope this helps
Regards
Matmak
-
November 14, 2004 at 3:44 pm #3311206
system files damage?
by blerg · about 19 years, 5 months ago
In reply to IE and Windows Explorer Slow
after massive infections of malware, I’ve found some of the systems are simply not “fixable” to the point where they function well. I don’t know what OS you’re running, but a re-install over the existing copy may replace some damaged or missing system files. You may also have a lot of miscellaneous toolbar entries floating around your system32 folder and registry, not executing but making things bog.
There’s RegClean from Microsoft, and several comparable 3rd party apps, that might do more cleanup for ya. I like to use WinDoctor from Norton SystemWorks. After I clean a system, I run Bazooka from http://www.kephyr.com and the Trend online scan at http://housecall.trendmicro.com as a last check, as they seem pretty good at spotting things my other utils miss.
The previous suggestion about looking in the registry for startups is a good one. Two other additions to that idea: Besides HKLM/Software/Microsoft/Windows/CurVersion/Run there is a similar key in the HKCU branch that can also start programs. Also find an executable called Process Explorer (or look in Task Manager/Processes) for processes that don’t look familiar. Process Explorer is available from http://www.sysinternals.com and allows you to kill processes that Windows won’t allow.
-
November 14, 2004 at 6:26 pm #3312212
found/removed suspicious entries
by supmktg · about 19 years, 5 months ago
In reply to system files damage?
I found the following suspicious registry entries:
[HKEY_CURRENT_USER\Software\Bundles]
“create”=”yes”
“optimizejames.exe”=”yes”
“2504041019.exe”=”yes”
“CSV7P070.exe”=”yes”
“WebRebates_Auto_InstallSilent.exe”=”yes”
“thin-8-1-x-x.exe”=”yes”
“TVM_B5_Bundle_8.EXE”=”yes”
“james_dh.exe”=”yes”
“vl_ezstub.exe”=”yes”
“adv0ltc0m.exe”=”yes”
“bs5-vwqouc.exe”=”yes”
“shopinst.exe”=”yes”
“txdesuf.exe”=”yes”
“d_otbp.exe”=”yes”
“saie1101.exe”=”yes”
“s4Sept.exe”=”yes”
“runsearch.exe”=”yes”
“HelperInstaller.exe”=”yes”
“setup_silent_26221.exe”=”yes”
“stlb2_seed.exe”=”yes”
“snackman.exe”=”yes”[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\saie]
“SlowInfoCache”=hex:28,02,00,00,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,\
00,00,00,00,00,ff,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00
“Changed”=dword:00000000[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Virtual Bouncer]
“SlowInfoCache”=hex:28,02,00,00,01,00,00,00,00,c0,15,00,00,00,00,00,42,ad,30,\
de,4f,c3,c4,01,00,00,00,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,\
61,00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,56,00,42,00,6f,00,75,\
00,6e,00,63,00,65,00,72,00,5c,00,56,00,69,00,72,00,74,00,75,00,61,00,6c,00,\
42,00,6f,00,75,00,6e,00,63,00,65,00,72,00,55,00,6e,00,69,00,6e,00,73,00,74,\
00,61,00,6c,00,6c,00,65,00,72,00,2e,00,45,00,58,00,45,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00
“Changed”=dword:00000000I researched saie and virtual bouncer which I found were virus/malware. I removed them both!
I researched the list of exe’s in ‘bundles’ but found nothing about them. I can tell from their names that they are probably NO GOOD, so I exported the entry and then deleted the entire ‘bundles folder from my registry. I’ll reboot and see if any of this helps. Does the ‘bundles’ folder belong and does anyone recognize any of the exe’s as valid or necessary?Meanwhile, I’m holding off on a re-install of my XP Home OS until I finish a project that I’m working on for fear of losing data or screwing things uo worse.
Thanks for your help!!!
-
November 14, 2004 at 6:39 pm #3312211
Everything works in safe mode
by supmktg · about 19 years, 5 months ago
In reply to found/removed suspicious entries
On normal reboot, nothing has changed. However, I rebooted in safe mode, and everything works perfectly in safe mode. Is there any clue from this fact?
Thanks!!
-
March 17, 2005 at 2:25 am #3352332
Safemode
by ruairi · about 19 years, 1 month ago
In reply to Everything works in safe mode
If you’re starting in safe mode without networking then check your video – safe mode also disables your start menu items so look at what processes are running in task manager/processes,(in safe mode) – write them down or do a screen dump – reboot normally and look at what else starts up in normal mode (task manager/processes)… one of those programs could be damaged from all the infections OR you maybe able to see if one of them is hogging resources
-
March 17, 2005 at 5:38 am #3352293
System maintenance time
by ole88 · about 19 years, 1 month ago
In reply to Everything works in safe mode
Have you tried optimizing (defragmenting) your hard drive(s)? If not, this would be my next move to see if it is being caused by high levels of fragmentation. This may or may not correct the issue, but you could see a performance increase. You could also go to microsoft.com and download the IE6 SP1 install package and reload the browser. There could be damaged or corrupted browser files that are slowing everything down.
-
-
-
March 29, 2005 at 7:51 pm #3250280
IE and Windows Explorer slow
by craig herberg · about 19 years ago
In reply to IE and Windows Explorer Slow
Also, make sure to clean out all of your temp folders, either manually or with a product like Window Washer. You may have thousands of garbage files that take up a ton of memory and systems resources.
Craig Herberg
-
-
AuthorReplies