# [SOLVED] Outlook Express slow start



## tom.stevenson (Apr 1, 1999)

Hardware: AMD Athlon 64-bit 3400+ 2.20 GHz processor; 1GB PC3200 RAM; 2 x 120GB Maxtor DiamondMax Plus 9 HDD.
Operating System: XP Professional

For the past couple of months, it has taken forever to startup my Outlook Express. The small blue screen is all I see for 25 seconds! Many years ago I changed from MacAfee to Norton, when MacAfee seemed to be slowing down the sending and receiving of emails, so the first thing I tried was to turn off Norton (and my ZoneLab Pro firewall), but this made no difference whatsoever. I then checked the updates and although I thought that the Cumulative Security Update for Outlook Express 6 Service Pack 1 (KB837009) was probably installed a couple of months before the slow down occurred, I tried uninstalling that, but this also had no effect.

I cannot find any processes running. In fact, I have run a memory and cpu usage app when starting up OE6, and found nothing much happens in memory. It pretty much seems to be sitting there, as if it's been forgotten about. However, the cpu usage is strange. Here is a breakdown of the 25 seconds of cpu usage during the start up of my OE6:
1 second: 40% usage (blue screen)
2-20 seconds: 0% usage (blue screen)
21 seconds: 40% usage (blue screen)
22 seconds: 0% usage (blue screen)
23 seconds: 60% usage (OE6 window opens)
24 seconds: 40% usage (connecting)
25 seconds: 100% usage (checking mail)
Post-25 seconds: 0% usage (unless OE checks mail or I do someting)

In addition to the frustratingly long start up, I don't think it should be devoting 100% cpu usage every time it checks the mail. 

Any ideas how to get OE6 to start-up as quickly as it should and/or how to ensure that my system does not devote 100% usage when checking for mail?


----------



## southernlady (May 6, 2004)

Can we presume that you have run all your normal maintenance such as Disk CleanUp and Degragging, running your A/V scan with up to date definitions, a spyware scan, etc and found all that clean? Liz


----------



## tom.stevenson (Apr 1, 1999)

Yes Liz. I have Camtech's Spyware Innoculator, but I have run several other spyware scans just in case it was not quite the run & forget it likes to claim to be, but I am 100% clean. I run a full system scan (including bloodhound hueristics at the highest level) once a week, and I use Norton 2004 with automatic live updates (and I'm broadband, so it gets updated whenever Norton deems fit). My disk has been defragged a few times since the slow start, and it is currently 5% total fragmented; 10% file fragmented; and 0% free space fragmented. And I run disk cleanups prior to defragging. TIA, Tom


----------



## southernlady (May 6, 2004)

Just wanted to be sure and get that out of the way 

But just in case, why not download HiJack This and check yourself out. 
http://www.spywareinfo.com/~merijn/downloads.html

Create a folder on your hard drive somewhere like in "My Documents" and name it Hijackthis

Doubleclick HijackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log" button.

Press that, save the log, load it in Notepad, and copy its contents here. Most of what it lists

will be harmless or even essential, DO NOT fix anything yet.

Run Spybot again.

Before scanning press Online and Search for Updates .

Put a check mark at and install all updates.

Click Check for Problems and when the scan is finished let Spybot fix/remove all it finds marked in RED.

Restart your computer, post another Hijack This log.

And at this point, you've reached my limits...you may need to download CWShredder http://www.majorgeeks.com/download4086.html
Liz


----------



## tom.stevenson (Apr 1, 1999)

Hi Liz, here is the first HijackThis saved scan:

Logfile of HijackThis v1.98.0
Scan saved at 20:59:37, on 10/07/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\TOMSWIN\System32\smss.exe
C:\TOMSWIN\system32\winlogon.exe
C:\TOMSWIN\system32\services.exe
C:\TOMSWIN\system32\lsass.exe
C:\TOMSWIN\System32\Ati2evxx.exe
C:\TOMSWIN\system32\svchost.exe
C:\TOMSWIN\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\TOMSWIN\system32\spoolsv.exe
C:\TOMSWIN\System32\cisvc.exe
C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\TOMSWIN\system32\Ati2evxx.exe
C:\TOMSWIN\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\TOMSWIN\System32\ctfmon.exe
C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Real\RealOne Player\realplay.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\TOMSWIN\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
C:\TOMSWIN\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\VCOM\SYSTEM~1\mxtask.exe
C:\TOMSWIN\System32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Copernic Agent\CopernicAgent.exe
C:\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = C:\Program Files\Copernic Agent\Web\SearchBar.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.meshcomputers.com/updated/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
O2 - BHO: 12Ghosts Popup-Killer - {00000000-0007-5041-4354-0020e48020af} - C:\Program Files\12Ghosts\12popup.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\TOMSWIN\System32\IETie.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\TOMSWIN\System32\msdxm.ocx
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
O3 - Toolbar: 550Access Toolbar - {26CB33C5-1F3C-4C52-8B26-29D6E0635770} - C:\Program Files\550AccessToolbar\550AccessToolbar.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: 12-Popup - {00000000-0008-5041-4354-0020e48020af} - C:\Program Files\12Ghosts\12popup.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Rent A Coder Toolbar - {79C9FDA0-0A67-4C56-BC89-6AB3FEC2752F} - C:\TOMSWIN\System32\racbar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: Search This Site - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\Program Files\Insomniac Software\SiteSearch\SiteSearchBar.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\TOMSWIN\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\TOMSWIN\System32\ctfmon.exe
O4 - HKCU\..\Run: [InstantTray] C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
O4 - HKCU\..\Run: [IW_Drop_Icon] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe /DropDisc
O4 - HKCU\..\Run: [PlaxoUpdate] C:\TOMSWIN\Plaxo\2.0.1.31\I -a
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [TClockEx] C:\Program Files\TClockEx\TCLOCKEX.EXE
O4 - Startup: realplay.exe.lnk = C:\Program Files\Real\RealOne Player\realplay.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: 550Access Toolbar Serach - C:\Program Files\550AccessToolbar\550accessmenusearch.htm
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Customize Menu	&4 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms	&] - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Open PDF in Word - res://C:\Program Files\ScanSoft\PDF Converter\IEShellExt.dll /100
O8 - Extra context menu item: Save Forms	&[ - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Search Using Copernic Agent - C:\Program Files\Copernic Agent\Web\SearchExt.htm
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: (no name) - {0BCBCDD8-E5D9-417D-A752-C2DA929A21BF} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O9 - Extra 'Tools' menuitem: Track Page Using Copernic Agent - {0BCBCDD8-E5D9-417D-A752-C2DA929A21BF} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms	&] - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms	&[ - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {578FC4E3-151E-456c-AF8E-B63061EFE228}} - (no file)
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RF Toolbar	&2 - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: 550Access Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\Program Files\550AccessToolbar\550AccessToolbar.dll
O9 - Extra 'Tools' menuitem: 550Access Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\Program Files\550AccessToolbar\550AccessToolbar.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O15 - Trusted Zone: http://www.journee-vinicole.com
O15 - Trusted Zone: http://uk.standardlifeinvestments.com
O15 - Trusted Zone: www.zonelabs.com
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - http://down.plaxo.com/down/beta/PlaxoInstall.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/12119/CTSUEng.cab
O16 - DPF: {763C10EE-E4C6-49AA-9325-F15ABF1C52B0} (X1 DownloadControl Class) - http://www.x1.com/download/X1WebInstall.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.cab
O16 - DPF: {E56347B0-6C2B-4C2E-939F-EE513EAC80BC} (Creative Product Registration ActiveX Control Module) - http://us.creative.com/support/register/OCXs/CtORWebClientNoMFC.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/12119/CTPID.cab


----------



## tom.stevenson (Apr 1, 1999)

Here is the HijackThis saved scan after running spybot and deleting 4 red items (one of which, DSO Exploit, is found every time I run Spybot, even though I delet each time). No green items found.

Logfile of HijackThis v1.98.0
Scan saved at 09:29:33, on 11/07/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\TOMSWIN\System32\smss.exe
C:\TOMSWIN\system32\winlogon.exe
C:\TOMSWIN\system32\services.exe
C:\TOMSWIN\system32\lsass.exe
C:\TOMSWIN\System32\Ati2evxx.exe
C:\TOMSWIN\system32\svchost.exe
C:\TOMSWIN\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\TOMSWIN\system32\spoolsv.exe
C:\TOMSWIN\System32\cisvc.exe
C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\TOMSWIN\system32\Ati2evxx.exe
C:\TOMSWIN\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\TOMSWIN\System32\ctfmon.exe
C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Real\RealOne Player\realplay.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\TOMSWIN\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
C:\TOMSWIN\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\VCOM\SYSTEM~1\mxtask.exe
C:\TOMSWIN\System32\cidaemon.exe
C:\Program Files\Copernic Agent\CopernicAgent.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = C:\Program Files\Copernic Agent\Web\SearchBar.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.meshcomputers.com/updated/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
O2 - BHO: 12Ghosts Popup-Killer - {00000000-0007-5041-4354-0020e48020af} - C:\Program Files\12Ghosts\12popup.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\TOMSWIN\System32\IETie.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\TOMSWIN\System32\msdxm.ocx
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
O3 - Toolbar: (no name) - {26CB33C5-1F3C-4C52-8B26-29D6E0635770} - (no file)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: 12-Popup - {00000000-0008-5041-4354-0020e48020af} - C:\Program Files\12Ghosts\12popup.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Rent A Coder Toolbar - {79C9FDA0-0A67-4C56-BC89-6AB3FEC2752F} - C:\TOMSWIN\System32\racbar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\TOMSWIN\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\TOMSWIN\System32\ctfmon.exe
O4 - HKCU\..\Run: [InstantTray] C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
O4 - HKCU\..\Run: [IW_Drop_Icon] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe /DropDisc
O4 - HKCU\..\Run: [PlaxoUpdate] C:\TOMSWIN\Plaxo\2.0.1.31\I -a
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [TClockEx] C:\Program Files\TClockEx\TCLOCKEX.EXE
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: realplay.exe.lnk = C:\Program Files\Real\RealOne Player\realplay.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: 550Access Toolbar Serach - C:\Program Files\550AccessToolbar\550accessmenusearch.htm
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Customize Menu	&4 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms	&] - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Open PDF in Word - res://C:\Program Files\ScanSoft\PDF Converter\IEShellExt.dll /100
O8 - Extra context menu item: Save Forms	&[ - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Search Using Copernic Agent - C:\Program Files\Copernic Agent\Web\SearchExt.htm
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: (no name) - {0BCBCDD8-E5D9-417D-A752-C2DA929A21BF} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O9 - Extra 'Tools' menuitem: Track Page Using Copernic Agent - {0BCBCDD8-E5D9-417D-A752-C2DA929A21BF} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms	&] - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms	&[ - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {578FC4E3-151E-456c-AF8E-B63061EFE228}} - (no file)
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RF Toolbar	&2 - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: 550Access Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - (no file)
O9 - Extra 'Tools' menuitem: 550Access Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O15 - Trusted Zone: http://www.journee-vinicole.com
O15 - Trusted Zone: http://uk.standardlifeinvestments.com
O15 - Trusted Zone: www.zonelabs.com
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - http://down.plaxo.com/down/beta/PlaxoInstall.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/12119/CTSUEng.cab
O16 - DPF: {763C10EE-E4C6-49AA-9325-F15ABF1C52B0} (X1 DownloadControl Class) - http://www.x1.com/download/X1WebInstall.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.cab
O16 - DPF: {E56347B0-6C2B-4C2E-939F-EE513EAC80BC} (Creative Product Registration ActiveX Control Module) - http://us.creative.com/support/register/OCXs/CtORWebClientNoMFC.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/12119/CTPID.cab


----------



## southernlady (May 6, 2004)

Tom, I found some really funky things in your log but do NOT fix them based on MY word alone. I am still a novice at reading logs. I don't want you to screw something up based on what I say, ok? So wait until a security expert sees it.

Anyway, here is what I saw:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O3 - Toolbar: (no name) - {26CB33C5-1F3C-4C52-8B26-29D6E0635770} - (no file)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [PlaxoUpdate] C:\TOMSWIN\Plaxo\2.0.1.31\I -a
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - http://down.plaxo.com/down/beta/PlaxoInstall.cab

C:\TOMSWIN\System32\Ati2evxx.exe is listed twice Why?
C:\TOMSWIN\Explorer.EXE Isn't this wrong?

In fact, aren't all thiese wrong:
C:\TOMSWIN\System32\smss.exe
C:\TOMSWIN\system32\winlogon.exe
C:\TOMSWIN\system32\services.exe
C:\TOMSWIN\system32\lsass.exe
C:\TOMSWIN\System32\Ati2evxx.exe
C:\TOMSWIN\system32\svchost.exe
C:\TOMSWIN\System32\svchost.exe
C:\TOMSWIN\system32\spoolsv.exe
C:\TOMSWIN\System32\cisvc.exe
C:\TOMSWIN\system32\Ati2evxx.exe
C:\TOMSWIN\Explorer.EXE
C:\TOMSWIN\System32\ctfmon.exe
C:\TOMSWIN\System32\svchost.exe
C:\TOMSWIN\system32\ZoneLabs\vsmon.exe
C:\TOMSWIN\System32\cidaemon.exe

All of these may be why you are having issues, OK? Liz


----------



## southernlady (May 6, 2004)

Tom, you may need to take your original post and HiJack log over to the security forum since it seems that no one is paying any attention to it here. Liz


----------



## tom.stevenson (Apr 1, 1999)

Will a security expert see these posts here, or should I post a reference elsewhere?

Some of the items you list are necessary or wanted, but you are right, I do seem to have several versions of the same application running (see attached screenshot).

I might understand it if the programs were in different locations, but on the other hand, before you pointed this out, I might have thought that it was obviously necessary to run more than one of the programs, if that's what is loaded.

Tom


----------



## southernlady (May 6, 2004)

I'd take it there...and when I plugged in the TOMSWIN I came up with some foreign language. Made NO sense to me. Liz


----------



## ~Candy~ (Jan 27, 2001)

Use the report thread button and ask for a move, Liz please do not suggest starting another thread, gets too confusing. I have moved it.


----------



## ~Candy~ (Jan 27, 2001)

And by the way, Tomswin is just what he named his windows directory 

Tom, try this:

Delete Pstores.exe and associated files. Click Start and then Run, type msconfig, and press ENTER. Click the Selective Startup tab, remove the check from the Load Startup Group box, and click Apply. Click OK and restart your computer. Click Start, Find, and Files Or Folders. In Windows XP/2000 click All Files And Folders. Type pstore*.* and press ENTER. In the results that appear, right-click Pstores.exe, click Rename, type .old where the file now says .exe, and press ENTER. Repeat the process and type the following new names: Pstorec.old for Pstorec.dll, Pstorerc.old for Pstorerc.dll, Pstore.old for Pstore.log, and Psbase.old for Psbase.dll. Close the Search window.

2. Delete the ProtectedStorage Registry key. If you havent already, back up your Registry (see the Back Up & Restore The Windows 98/Me Registry sidebar). Then click Start and Run, type regedit, and press ENTER. Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES; under Services right-click ProtectedStorage and click Delete. Exit the Registry Editor.

3. Reinstall Internet Explorer (and with it, Outlook Express). Here is where Microsofts instructions get vague. The exact instructions, in Knowledge Base article 235300, are Reinstall Internet Explorer. Reinstalling from the Web (specifically from http://www.windowsupdate.microsoft.com) is simple enough and provides the advantage of upgrading to the latest versions of IE and Outlook Express. It shouldnt take too long if you have a high-speed Internet connection, but over a dial-up connection, it could take an hour or more.

4. Reinstall Pstores.exe and associated files. Click Start, then Programs, and MS-DOS Prompt. In the MS-DOS window, type C:\Windows\System\pstores.exe install and press ENTER. Type exit and press ENTER. Close all open programs and restart your PC.

Outlook Express should return to its previously snappy performance.


----------



## tom.stevenson (Apr 1, 1999)

Thanks Liz, and AcaCandy.
Tom


----------



## ~Candy~ (Jan 27, 2001)

Here is a successful thread with that issue, I think 

http://forums.techguy.org/t157698&highlight=pstores.html


----------



## southernlady (May 6, 2004)

At least it's resolved, Tom. Liz


----------



## tom.stevenson (Apr 1, 1999)

Oops AcaCandy, sent the thanks after your first post, but before your second.

Cannot find any Pstores.exe or Pst*.*. Looked in my bin, and there is just one Ps*.* file, no Pst*.* ...

Should I still reinstall IE6 & OE6? And what about the multiple versions of the programs I have running?

Tom


----------



## ~Candy~ (Jan 27, 2001)

Did you do the selective startup first?


----------



## tom.stevenson (Apr 1, 1999)

Hi AcaCandy

I ran MSCONFIG, unchecked the Load Startup Group box, and restarted. I found and renamed Pstorec.dll and (not included in your list) Pstorsvc.dll, but there was no Pstores.exe, Pstorerc.dll, Pstore.log or Psbase.dll. In fact, there were only two Pst*.dl_ files (Pstorec.dl_ and Pstorsvc.dl_) and they are 12 months newer than the actual dll files (strange?). I keep my XP system automatically updated with every critical update (and others if applicable). Does this partial Pstores situation need sorting before or after I reinstall IE6 & OE6? And how do I go about that?

TIA
Tom


----------



## ~Candy~ (Jan 27, 2001)

Look for pstores in the windows\system folder. If you don't have 'show extensions' checked when you are searching, you may not see it as pstores.exe.


----------



## tom.stevenson (Apr 1, 1999)

Hi AcaCandy

Definitely no Pstores.exe anywhere. Perhaps that was part of the problem, but things have moved on ... sort of.

It was impossible to reinstall IE6 & OE6, whether from Microsoft's download site or by my CD. Each time I was thwarted by the claim that the IE6 on my machine was newer, which closed down the process. I could understand that from my CD, but I had even uninstalled the last IE6 patch, thus the MS download should have been newer. Anyhow, I then tried to reinstall the entire XP operating system from my CD using the repair mode, but everytime it got to installing drivers at 34 minutes left to go, the installation failed. So I performed a clean, parallel installation, which is fine and dandy, returning OE6 to its former snappy self, even if it leaves me with the huge headache of reinstalling my apps.

I ran the Files & Settings Transfer Wizard (from TOMSWIN to TOMWIN2), and have this compressed somewhere on my harddrive. However, before I install, would you kindly advise:

1. Is it safe, or do I risk transferring any of the problems that either slowed down OE6 or resulted in two or three of the same startup progs running simultaneously?
2. Where are the compressed files & settings? The user-friendly wizard asks me to browse for them, but it has not told me any specific files or folders to look for, nor did it warn me to specify a location to begin with.
3. Once my apps are up and running, I can safely delete the old WINDOWS and TOMSWIN directories, but How do I remove the zillions of administrators and other identities I have seemingly created (this is the second parallel install)?
4. How do I remove second and third identical XP bootup line?

TIA
Tom


----------



## ~Candy~ (Jan 27, 2001)

Well, I've never transferred settings, so I'll leave someone else address that. When you are done, all you need to do is edit the boot.ini file to remove the other startup choices.
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q289022


----------



## tom.stevenson (Apr 1, 1999)

Hi AcaCandy

Although I had to do a parallel reinstall, I appreciate the time and trouble you spent time trying to help me, and would like to pass on the solution I found so that you can include it in your box of tricks for anyone else with a similar problem.

I kept the previous installation with the painfully slow loading Outlook Express, which I later found out had nothing to do with Pstores.exe (although that is obviously a common cause from the MSKB document you pointed me to). There is another cause: getting rid of Windows Messenger. You get rid of it, and every time Outlook Express is started it spends a lot of time looking everywhere for it before giving up and loading. Anyone with this problem should down load *No Messenger* from http://basicsec.org/tools.html

As the site says, No Messenger is "A batch file that eliminates Windows Messenger and fixes the problem of Outlook Express loading slowly when Messenger is absent, by an anonymous friend of The Register."

This download a zip file that contains two simple BAT files: nomsngr.bat, which gets rid of messenger and stops OE from looking for it, thus should be run even if someone has already got rid of his/her Windows Messenger; and wmreset.bat, which will reset whatever it is that nomsngr.bat does. Simply run the BAT files from Windows. You don't even have to start up a DOS box. I ran nomsngr.bat on my old XP installation with the crippled OE6 and now OE6 is, like, instant. So instant, in fact, that it makes OE6 in my new XP installation seem slow!

Hope you can pass this on, to relieve others of their misery.

Thanks.
Tom


----------



## ~Candy~ (Jan 27, 2001)

Thanks, I had heard something like that before, can't remember where. Will definitely add it to the box of tricks


----------

