Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

SLOW DOWN: NoIE4StubProcessing IE Active Desktop?


  • Please log in to reply
3 replies to this topic

#1 mant

mant

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:06 PM

Posted 20 December 2010 - 05:08 AM

OS: XP SP3
IE: 8
NET Framework: 2.0 SP3

I try to find What causing slow down and figure out its all about Internet Explorer shell!
This is taken from Outpost Firewall log (system guard).



Saving text with Notepad
NOTEPAD.EXE Prompt for system object modification Shell Extensions HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\NoIE4StubProcessing
NOTEPAD.EXE Prompt for system object modification Shell Critical Entries HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{FBF23B40-E3F0-101B-8488-00AA003E56F8}
NOTEPAD.EXE Prompt for system object modification Shell Critical Entries HKEY_CLASSES_ROOT\CLSID\{0002DF01-0000-0000-C000-000000000046}\LocalServer32


Open Control Panel
CONTROL.EXE Prompt for system object modification Shell Extensions HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\NoIE4StubProcessing
CONTROL.EXE Prompt for system object modification Shell Critical Entries HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{FBF23B40-E3F0-101B-8488-00AA003E56F8}
CONTROL.EXE Prompt for system object modification Shell Critical Entries HKEY_CLASSES_ROOT\CLSID\{0002DF01-0000-0000-C000-000000000046}\LocalServer32


Open Service Manager
MMC.EXE Prompt for system object modification Shell Extensions HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\NoIE4StubProcessing
MMC.EXE Prompt for system object modification Shell Critical Entries HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{FBF23B40-E3F0-101B-8488-00AA003E56F8}
MMC.EXE Prompt for system object modification Shell Critical Entries HKEY_CLASSES_ROOT\CLSID\{0002DF01-0000-0000-C000-000000000046}\LocalServer32


Open Internet Options
RUNDLL32.EXE Prompt for system object modification Shell Extensions HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\NoIE4StubProcessing
RUNDLL32.EXE Prompt for system object modification Shell Critical Entries HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{FBF23B40-E3F0-101B-8488-00AA003E56F8}
RUNDLL32.EXE Prompt for system object modification Shell Critical Entries HKEY_CLASSES_ROOT\CLSID\{0002DF01-0000-0000-C000-000000000046}\LocalServer32



Does anybody know how to fix this unnecessary "legit hijack"?
I dont use Internet Explorer.

Edited by mant, 20 December 2010 - 07:29 AM.


BC AdBot (Login to Remove)

 


#2 mant

mant
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:06 PM

Posted 20 December 2010 - 05:20 AM

Open Display Properties and click OK
RUNDLL32.EXE Prompt for system object modification Active Desktop HKEY_USERS\S-1-5-21-1935655697-515967899-725345543-500\Control Panel\Desktop\ScreenSaveTimeOut
RUNDLL32.EXE Prompt for system object modification Active Desktop HKEY_USERS\S-1-5-21-1935655697-515967899-725345543-500\Control Panel\Desktop\ScreenSaveActive
RUNDLL32.EXE Prompt for system object modification Active Desktop HKEY_USERS\S-1-5-21-1935655697-515967899-725345543-500\Control Panel\Desktop\SCRNSAVE.EXE
RUNDLL32.EXE Prompt for system object modification Active Desktop HKEY_USERS\S-1-5-21-1935655697-515967899-725345543-500\Software\Microsoft\Internet Explorer\Desktop\Components\GeneralFlags
RUNDLL32.EXE Prompt for system object modification Active Desktop HKEY_USERS\S-1-5-21-1935655697-515967899-725345543-500\Software\Microsoft\Internet Explorer\Desktop\Components\GeneralFlags
RUNDLL32.EXE Prompt for system object modification Active Desktop HKEY_USERS\S-1-5-21-1935655697-515967899-725345543-500\Software\Microsoft\Internet Explorer\Desktop\Components\Settings
RUNDLL32.EXE Prompt for system object modification Active Desktop HKEY_USERS\S-1-5-21-1935655697-515967899-725345543-500\Software\Microsoft\Internet Explorer\Desktop\Components\DeskHtmlMinorVersion
RUNDLL32.EXE Prompt for system object modification Active Desktop HKEY_USERS\S-1-5-21-1935655697-515967899-725345543-500\Software\Microsoft\Internet Explorer\Desktop\Components\DeskHtmlVersion
RUNDLL32.EXE Prompt for system object modification Active Desktop HKEY_USERS\S-1-5-21-1935655697-515967899-725345543-500\Software\Microsoft\Internet Explorer\Desktop\Components
RUNDLL32.EXE Prompt for system object modification Active Desktop HKEY_USERS\S-1-5-21-1935655697-515967899-725345543-500\Control Panel\Desktop\Wallpaper
RUNDLL32.EXE Prompt for system object modification Active Desktop HKEY_USERS\S-1-5-21-1935655697-515967899-725345543-500\Control Panel\Desktop\WallpaperStyle
RUNDLL32.EXE Prompt for system object modification Active Desktop HKEY_USERS\S-1-5-21-1935655697-515967899-725345543-500\Control Panel\Desktop\TileWallpaper
RUNDLL32.EXE Prompt for system object modification Active Desktop HKEY_USERS\S-1-5-21-1935655697-515967899-725345543-500\Software\Microsoft\Internet Explorer\Desktop\General\WallpaperLocalFileTime
RUNDLL32.EXE Prompt for system object modification Active Desktop HKEY_USERS\S-1-5-21-1935655697-515967899-725345543-500\Software\Microsoft\Internet Explorer\Desktop\General\WallpaperFileTime
RUNDLL32.EXE Prompt for system object modification Active Desktop HKEY_USERS\S-1-5-21-1935655697-515967899-725345543-500\Software\Microsoft\Internet Explorer\Desktop\General\BackupWallpaper
RUNDLL32.EXE Prompt for system object modification Active Desktop HKEY_USERS\S-1-5-21-1935655697-515967899-725345543-500\Software\Microsoft\Internet Explorer\Desktop\General\Wallpaper
RUNDLL32.EXE Prompt for system object modification Active Desktop HKEY_USERS\S-1-5-21-1935655697-515967899-725345543-500\Software\Microsoft\Internet Explorer\Desktop\General\WallpaperStyle
RUNDLL32.EXE Prompt for system object modification Active Desktop HKEY_USERS\S-1-5-21-1935655697-515967899-725345543-500\Software\Microsoft\Internet Explorer\Desktop\General\TileWallpaper
RUNDLL32.EXE Prompt for system object modification Active Desktop HKEY_USERS\S-1-5-21-1935655697-515967899-725345543-500\Control Panel\Desktop\ConvertedWallpaper


Does not harm but causing unresponsive application and 3 sec blank wallpaper every logon.
Conflict risk may lead to BSOD because using CPU 100%.
All above applications functions are stills normal if I block this "unnecesary legit hijack Active Desktop modification" with Firewall.

Edited by mant, 20 December 2010 - 07:38 AM.


#3 mant

mant
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:06 PM

Posted 22 December 2010 - 01:52 AM

SOLVED!


OPEN REGISTRY EDITOR AND EXPORT THIS BOTH KEYS FOLDER FOR YOUR BACKUP:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer




1. Disable unnecesary Active Setup

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components

Edit DWORD:

IsInstalled 0


For keys: Internet Explorer, Web Folder, Active Desktop Update, Microsoft Outlook, Messenger, NetMeeting, Browsing Enhancements, Windows Desktop Update, Address Book 6, Dynamic HTML Data Binding, Windows Movie Maker v2.1, HTML Help, Internet Explorer Help, Active Directory Service Interface. You have the idea.





2. Disable Active Desktop and Components

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

Create DWORD:

NoActiveDesktop 1
NoComponents 1





Reboot. WHEN LOGON Windows will prompt that Applications IS DISABLED AND CLEANUP your personal data . Click OK. XP runs very smooth now :)

Edited by mant, 22 December 2010 - 02:04 AM.


#4 hamluis

hamluis

    Moderator


  • Moderator
  • 55,264 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:07:06 PM

Posted 22 December 2010 - 10:37 AM

Thanks for posting your resolution...happy computing :).

Louis




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users