Re: Lag only when on-line



> START UP LIST
>
>
> --- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---
>
> 2005-05-31 blindman.exe (1.0.0.1)
> 2005-05-31 SpybotSD.exe (1.4.0.3)
> 2005-05-31 TeaTimer.exe (1.4.0.2)
consider disabling TeaTimer, ive found it to be an irritating cause of some
system lag



> 2005-10-03 unins000.exe (51.41.0.0)
You disabled this by now, yes?



> 2005-05-31 Update.exe (1.4.0.0)
> 2005-05-31 advcheck.dll (1.0.2.0)
> 2005-05-31 aports.dll (2.1.0.0)
Uninstall this


> 2005-05-31 borlndmm.dll (7.0.4.453)
I have this also, dont know what installs it, but it shouldn't be loading
unless you need the Borland Memory Manager.

> 2005-05-31 delphimm.dll (7.0.4.453)
What is this for? do you need it to be loaded?



> 2005-05-31 SDHelper.dll (1.4.0.0)
> 2005-05-31 Tools.dll (2.0.0.2)
> 2005-05-31 UnzDll.dll (1.73.1.1)
> 2005-05-31 ZipDll.dll (1.73.2.0)

>
> Located: HK_LM:Run, NvCplDaemon
> command: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
> file: C:\WINDOWS\system32\RUNDLL32.EXE
> size: 33280
> MD5: da285490bbd8a1d0ce6623577d5ba1ff

I'm guessing your using an NVidia video card?


>
> Located: HK_CU:Run, UninstallAbility
> command: "C:\Program Files\UninstallAbility\uability.exe" /AUTO
> file: C:\Program Files\UninstallAbility\uability.exe
> size: 740352
> MD5: 225ecfd9f305f7f022be813195c4e05f

Please investigate this program, it may be the one loading unins000.exe
Do you want it running all the time?



>
> Located: Startup (common), Run Google Web Accelerator.lnk
> command: C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
> file: C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
> size: 483328
> MD5: 446b2afd73aa956be81d7d057a7ec481
>

Do you use this?
If not then uninstall it


> Located: Startup (disabled), AOL 7.0 Tray Icon (DISABLED)
> command:
> file:
>
> Located: Startup (disabled), Digital Line Detect (DISABLED)
> command: C:\PROGRA~1\DIGITA~1\DLG.exe
> file: C:\PROGRA~1\DIGITA~1\DLG.exe
> size: 24576
> MD5: d59b254a0d0d3456c9e522e65d662777
>
> Located: Startup (disabled), Exif Launcher (DISABLED)
> command: C:\PROGRA~1\FINEPI~1\QuickDCF.exe
> file: C:\PROGRA~1\FINEPI~1\QuickDCF.exe
> size: 200704
> MD5: bf0e0b83e4b2e1bbf5a77359728c92bc
>
> Located: Startup (disabled), Microsoft Office (DISABLED)
> command: C:\PROGRA~1\MICROS~2\Office10\OSA.EXE -b -l
> file: C:\PROGRA~1\MICROS~2\Office10\OSA.EXE
> size: 83360
> MD5: 5bc65464354a9fd3beaa28e18839734a
>
> Located: Startup (disabled), MSupdater (DISABLED)
> command: C:\Documents and Settings\All Users\Start
> Menu\Programs\Startup\MSupdater.exe
> file:
>
> Located: Startup (disabled), WinZip Quick Pick (DISABLED)
> command: C:\PROGRA~1\WinZip\WZQKPICK.EXE
> file: C:\PROGRA~1\WinZip\WZQKPICK.EXE
> size: 106560
> MD5: 2fe253973433442c2cb234fb2bc4bf29
>

If you've disabled them, do you still use them?
If not uninstall them


> Located: System.ini, crypt32chain
> command: crypt32.dll
> file: crypt32.dll
>
> Located: System.ini, cryptnet
> command: cryptnet.dll
> file: cryptnet.dll
>
> Located: System.ini, cscdll
> command: cscdll.dll
> file: cscdll.dll
>
> Located: System.ini, ScCertProp
> command: wlnotify.dll
> file: wlnotify.dll
>
> Located: System.ini, Schedule
> command: wlnotify.dll
> file: wlnotify.dll
>
> Located: System.ini, sclgntfy
> command: sclgntfy.dll
> file: sclgntfy.dll
>
> Located: System.ini, SensLogn
> command: WlNotify.dll
> file: WlNotify.dll
>
> Located: System.ini, termsrv
> command: wlnotify.dll
> file: wlnotify.dll
>
> Located: System.ini, wlballoon
> command: wlnotify.dll
> file: wlnotify.dll
>

I do not like it when something tries to run from system.ini .
You should post a new thread asking if anyone knows what these prgrames are
so you can
decide if you need to disable them.


Read about controlling Startup Items at
http://www.pacs-portal.co.uk/startup_content.php

> -----------------------PROCESS LIST--------------------------
>
>
> --- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---
>
> 2005-05-31 blindman.exe (1.0.0.1)
> 2005-05-31 SpybotSD.exe (1.4.0.3)
> 2005-05-31 TeaTimer.exe (1.4.0.2)
> 2005-10-03 unins000.exe (51.41.0.0)
Don't like it, see above


> 2005-05-31 Update.exe (1.4.0.0)
> 2005-05-31 advcheck.dll (1.0.2.0)


> 2005-05-31 aports.dll (2.1.0.0)
> 2005-05-31 borlndmm.dll (7.0.4.453)
> 2005-05-31 delphimm.dll (7.0.4.453)
These 3 items concern me, while i have borlndmm.dll, it isnt running on my
comp
both of the last 2 should be loading if your using something that needs them
and your process list doesn't indicate anything that may need them.

And as I said above aport.dll isnt part of Spybot, it's either from the
legit version AATools or from the malware version.
Check out the website i mentioned before to see about removing it.



> 2005-05-31 SDHelper.dll (1.4.0.0)
> 2005-05-31 Tools.dll (2.0.0.2)
> 2005-05-31 UnzDll.dll (1.73.1.1)
> 2005-05-31 ZipDll.dll (1.73.2.0)
>
> PID: 0 ( 0) [System]
> PID: 584 ( 4) \SystemRoot\System32\smss.exe
> PID: 632 ( 584) \??\C:\WINDOWS\system32\csrss.exe
> PID: 656 ( 584) \??\C:\WINDOWS\system32\winlogon.exe
> PID: 700 ( 656) C:\WINDOWS\system32\services.exe
> size: 108032
> MD5: C6CE6EEC82F187615D1002BB3BB50ED4
> PID: 712 ( 656) C:\WINDOWS\system32\lsass.exe
> size: 13312
> MD5: 84885F9B82F4D55C6146EBF6065D75D2
> PID: 872 ( 700) C:\WINDOWS\system32\svchost.exe
> size: 14336
> MD5: 8F078AE4ED187AAABC0A305146DE6716
Read how to tell if svchost.exe is being used to load malware/trojans/etc.
http://www.sysinfo.org/startuplist.php?filter=svchost.exe


> PID: 1380 ( 700) C:\WINDOWS\system32\LEXBCES.EXE
> size: 303104
> MD5: 2B7005BD9E0966CCCF70AE9A5B9D2427

http://www.neuber.com/taskmanager/process/lexbces.exe.html
lexbces.exe is a process which is associated with Lexmark MarkVision., do
have one installed?
This should be loaded in order to confirgure a Lexmark printer's onboard
network server.
This program is a non-essential system process, but should not be terminated
unless suspected to be causing problems.
And make sure you're using using a Lexmark MarkVision, because the fact that
this entry is upcase is suspicious,
and probably should be in the system32 folder if its legitimate.


> PID: 1640 ( 700) C:\WINDOWS\System32\CTsvcCDA.exe
> size: 44032
> MD5: 3C8B6609712F4FF78E521F6DCFC4032B

http://www.auditmypc.com/process/ctsvccda.asp
To see if you need this

> PID: 2000 ( 700) C:\WINDOWS\system32\nvsvc32.exe
> size: 127043
> MD5: F5CA5A3E07FE3FEFA48B620A25BE5863
http://www.auditmypc.com/process/nvsvc32.asp
I have an NVidia card, but i dont have this file.


> PID: 456 ( 700) C:\WINDOWS\system32\wdfmgr.exe
> size: 38912
> MD5: C81B8635DEE0D3EF5F64B3DD643023A5
http://www.auditmypc.com/process/wdfmgr.asp
Lists this as a microsoft system app, but i dont have it on my system


> PID: 560 ( 700) C:\WINDOWS\System32\MsPMSPSv.exe
> size: 53520
> MD5: 581176F60885AEF8F78C6E38DCC3CDF9
http://www.auditmypc.com/process/mspmspsv.asp
Lists this as a microsoft system app, but i dont have it on my system


> PID: 3764 (1896) C:\WINDOWS\system32\lexpps.exe
> size: 174592
> MD5: 7A4CC92D2A23D34934C71C61671E3A7C
http://www.auditmypc.com/process/lexpps.asp
Another Lexmark driver.
that site says it's only needed if your sharing the printer over a network,
and
that some people have problems with it

> PID: 3756 (1896) C:\Program Files\Google\Web
> Accelerator\GoogleWebAccWarden.exe
> size: 483328
> MD5: 446B2AFD73AA956BE81D7D057A7EC481
> PID: 1140 (3756) C:\Program Files\Google\Web
> Accelerator\googlewebaccclient.exe
> size: 1126400
> MD5: 19290208A6CBCFF4BC96AF198FA35892

I take it, these are part of the web accelerator listed further up?


> PID: 1716 ( 872) C:\WINDOWS\system32\wisptis.exe
> size: 293376
> MD5: 9C492FEC0D62844ADFA1FD910F0AF3B8
http://www.auditmypc.com/process/wisptis.asp
Indicates you only need for for tablet pc's



You should check the version tab on the properties windows for the files
that i wrote that i dont have
findout what information that tab has listed for each program.



.