Join or sign in Register for your free TechRepublic membership or if you are already a member, sign in using your preferred method below. Use Your Email Use FacebookUse Linkedin

IE and Windows Explorer Slow

Locked

I got hit by a virus that disabled my virus and malware software. I had to shut down to stop it. I then installed fresh versions of AVG, Adaware and Spybot, and found 550 malware and 9 virus entries were made/installed. I successfully removed everything (that I could find with multiple scans, reboots,scans,etc). Now IE, My Computer, Windows Explorer and Control Panel each take a full minute or more to load. Once they load, they run normal speed. I’ve intalled Firefox to replace IE and it works fine, and I’ve installed 2xExplorer to replace Windows Explorer and it works fine too.
I need to resolve this problem, at least so I can get to My Computer and Control Panel.

Short of a Format/Fresh Install of everything, where can I look to find my problem?

Thanks,
Sup

Topic

Registry

In reply to IE and Windows Explorer Slow

Click start > regedit > then expand Hkey Local machine> then Software > then Microsoft > then Windows > Then Current Version > Then Run and check the settings within this key look for the executables then check the internet against what they do and associated applications, I assume you’ll know your applications aggainst any foreign ones remembering to take into consideration of your driver executables (hence the need to check against the internet.

But delete any strings that you find to be viral or spyware related or indeed anything to do with gain, gator ware and the like.

Hope this helps

Regards

Matmak

system files damage?

In reply to IE and Windows Explorer Slow

after massive infections of malware, I’ve found some of the systems are simply not “fixable” to the point where they function well. I don’t know what OS you’re running, but a re-install over the existing copy may replace some damaged or missing system files. You may also have a lot of miscellaneous toolbar entries floating around your system32 folder and registry, not executing but making things bog.

There’s RegClean from Microsoft, and several comparable 3rd party apps, that might do more cleanup for ya. I like to use WinDoctor from Norton SystemWorks. After I clean a system, I run Bazooka from http://www.kephyr.com and the Trend online scan at http://housecall.trendmicro.com as a last check, as they seem pretty good at spotting things my other utils miss.

The previous suggestion about looking in the registry for startups is a good one. Two other additions to that idea: Besides HKLM/Software/Microsoft/Windows/CurVersion/Run there is a similar key in the HKCU branch that can also start programs. Also find an executable called Process Explorer (or look in Task Manager/Processes) for processes that don’t look familiar. Process Explorer is available from http://www.sysinternals.com and allows you to kill processes that Windows won’t allow.

found/removed suspicious entries

In reply to system files damage?

I found the following suspicious registry entries:

[HKEY_CURRENT_USER\Software\Bundles]
“create”=”yes”
“optimizejames.exe”=”yes”
“2504041019.exe”=”yes”
“CSV7P070.exe”=”yes”
“WebRebates_Auto_InstallSilent.exe”=”yes”
“thin-8-1-x-x.exe”=”yes”
“TVM_B5_Bundle_8.EXE”=”yes”
“james_dh.exe”=”yes”
“vl_ezstub.exe”=”yes”
“adv0ltc0m.exe”=”yes”
“bs5-vwqouc.exe”=”yes”
“shopinst.exe”=”yes”
“txdesuf.exe”=”yes”
“d_otbp.exe”=”yes”
“saie1101.exe”=”yes”
“s4Sept.exe”=”yes”
“runsearch.exe”=”yes”
“HelperInstaller.exe”=”yes”
“setup_silent_26221.exe”=”yes”
“stlb2_seed.exe”=”yes”
“snackman.exe”=”yes”

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\saie]
“SlowInfoCache”=hex:28,02,00,00,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,\
00,00,00,00,00,ff,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00
“Changed”=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Virtual Bouncer]
“SlowInfoCache”=hex:28,02,00,00,01,00,00,00,00,c0,15,00,00,00,00,00,42,ad,30,\
de,4f,c3,c4,01,00,00,00,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,\
61,00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,56,00,42,00,6f,00,75,\
00,6e,00,63,00,65,00,72,00,5c,00,56,00,69,00,72,00,74,00,75,00,61,00,6c,00,\
42,00,6f,00,75,00,6e,00,63,00,65,00,72,00,55,00,6e,00,69,00,6e,00,73,00,74,\
00,61,00,6c,00,6c,00,65,00,72,00,2e,00,45,00,58,00,45,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00
“Changed”=dword:00000000

I researched saie and virtual bouncer which I found were virus/malware. I removed them both!
I researched the list of exe’s in ‘bundles’ but found nothing about them. I can tell from their names that they are probably NO GOOD, so I exported the entry and then deleted the entire ‘bundles folder from my registry. I’ll reboot and see if any of this helps. Does the ‘bundles’ folder belong and does anyone recognize any of the exe’s as valid or necessary?

Meanwhile, I’m holding off on a re-install of my XP Home OS until I finish a project that I’m working on for fear of losing data or screwing things uo worse.

Thanks for your help!!!

Everything works in safe mode

In reply to found/removed suspicious entries

On normal reboot, nothing has changed. However, I rebooted in safe mode, and everything works perfectly in safe mode. Is there any clue from this fact?

Thanks!!

Safemode

In reply to Everything works in safe mode

If you’re starting in safe mode without networking then check your video – safe mode also disables your start menu items so look at what processes are running in task manager/processes,(in safe mode) – write them down or do a screen dump – reboot normally and look at what else starts up in normal mode (task manager/processes)… one of those programs could be damaged from all the infections OR you maybe able to see if one of them is hogging resources

System maintenance time

In reply to Everything works in safe mode

Have you tried optimizing (defragmenting) your hard drive(s)? If not, this would be my next move to see if it is being caused by high levels of fragmentation. This may or may not correct the issue, but you could see a performance increase. You could also go to microsoft.com and download the IE6 SP1 install package and reload the browser. There could be damaged or corrupted browser files that are slowing everything down.

IE and Windows Explorer slow

In reply to IE and Windows Explorer Slow

Also, make sure to clean out all of your temp folders, either manually or with a product like Window Washer. You may have thousands of garbage files that take up a ton of memory and systems resources.

Craig Herberg

[Author]

Replies