What Slows Windows Down?

Introduction

Any computer user that's owned and installed software onto their computer knows that the more you install, the slower the beast runs. Most also know that it's not just quantity and that what you install plays a large factor in how slowly your computer runs.

The aim of this article is to find out what types of application slow down a computer the most. I'm going to be measuring the“speed” as the time it takes to shutdown, restart and get back to desktop (with auto-login) and start an application in the computer's start-up settings.

The Process

To make sure the tests are fair, I installed XPSP2a Professional (release1) onto a Microsoft VirtualPC 4 (sp1) virtual machine and cloned the hard disk images for each test I'm going to run. Each VM will be running on its own,without any other applications running on the host operating system except notepad, so I can record the results.

To measure performance, I'm going to be using Microsoft BootVis, an application to time the load-times of each element of the system so users can remove the offending items or otherwise disable things that are taking too long. BootVis will tell me how long the system takes to boot from start to finish and I shall deduct the time the fresh install takes to boot. I will then have a percentage delay that each application adds to the system.

I'm going to run each test three times and take the mean to eradicate any discrepancies.

What Should This Show Us?

By seeing how much the text install slows down compared to the clean install, we have a clear metric to see how much damage one application is doing. This way you can best judge what to not install (if you can avoid it) in order to keep peak performance on your computer.

Spyware and Viruses

During the course of these tests, it's highly likely that I'm going to pick up spyware from one of the applications. This could affect the results but this is true to life. There is no detection process for these tests, and most things will have been scanned, but be aware.

Pages

1. Introduction
2. The Offending Software
3. Results and Conclusions

The Offending Software

The list of software is broken into categories for comparison between brands:

System Security

Firewall, anti-virus and anti-spyware programs are where I expect to see the biggest delays from a system, so much so that I refuse to use any on my home computer. This belief comes from the fact that they are always running and start as soon as they can in order to catch what they need. I'm therefore comparing the three most popular security “suites” which cover all three subcategories.

1. Norton Internet Security 2006
2. McAfee SecurityCentre
3. Kaspersky Internet Security 6.0.0.303
4. BitDefender v10

Office Software

Office suites tend to be huge behemoths that can take up gigabytes of space. In order to make your life easier, they also install a lot of things around the system so they're easier to find. Here I shall be pitting Microsoft Office 2003 vs. OpenOffice. And because of OpenOffice, I shall not be installing Outlook in the Microsoft suite.

1. Microsoft Office 2003 (v11)
2. OpenOffice 2.0.3

Chat Software

Some may think this is a little silly, but chat applications– especially when they're stacked up – can add significant delay to the load times of a system. Here I will compare the most popular chat clients around. You should note that Trillian and Gaim are multiple-protocol messengers so that you can use one instead of several messaging clients. I also deviated from the initial mission statement and set each client to load with windows for a better comparison.

1. Windows Live Messenger 8
2. Yahoo Instant Messenger 8.0
3. AOL Instant Messenger 1.5 Preview
4. Trillian 3.1 Basic (with all plug-ins)
5. Gaim 1.5.0 (again with all plug-ins)

Codecs and Fonts

It's not uncommon to hear people going on about you not installing too much of this or too much of that... Codecs and fonts are usually at the brunt of this argument as they are in areas that are checked by the system all the time.

1. Apple QuickTime 7.1
2. DivX 6.3
3. K-Lite Codec Pack 2.76 FULL
4. 100 Fonts
5. 1000 Fonts

Peer-to-Peer Download Software

These are probably some of the least likely contenders for system-slowdown but they are popular on the internet, and therefore could be doing a lot more damage that some people think. Each application shall be setup to boot with windows (as most people have it setup).

1. Kazaa 3 (+included crapware)
2. Azureus 2.5.0.0 (+ Java Runtime)
3. uTorrent 1.4
4. BitComet 0.7

Compression Utilities

Very small and lightweight applications for compressing files... Most people wouldn't think of these as bad pieces of software but they sometimes do install explorer extensions and things that may leak through to affect the rest of the system.

1. WinRAR
2. WinZIP
3. WinAce
4. 7-Zip

Other Applications

Here are the other applications I want to test that don't fit into another category. You shouldn't compare any of these against each other as they all do different things. Some of them are necessary libraries and frameworks and some are things you wouldn't touch unless you really needed them.

1. Microsoft Visual Studio 2005 Professional Edition
2. Adobe Photoshop CS2
3. Macromedia Studio MX 2004
4. VMWare Workstation 5.5.1-19
5. Java Runtime 1.5.0.06
6. .NET Framework Runtime 2.0
7. DirectX 9.0c

Results and Conclusions

So between the last page and what's about to come, there has been hours of gruelling testing going on. Believe me when I say that 8 hours of watching a virtual machine restart is not my idea of fun, but I think the results justify the means.

If you think there's anything missing from the list, use the contact page to tell me what to add.

Software	Mean Boot Time (s)	System Delay (s)	System Delay (%)
Norton Internet Security 2006	118.33	43.33	57.78
1000 Fonts	105.00	30.00	40.00
Kaspersky Internet Security 6.0.0.303	85.67	10.67	14.22
Yahoo Instant Messenger 8.0	85.67	10.67	14.22
AOL Instant Messenger 1.5 Preview	85.33	10.33	13.78
McAfee SecurityCentre	83.67	8.67	11.56
Kazaa 3 (+included crapware)	83.67	8.67	11.56
Trillian 3.1 Basic	83.33	8.33	11.11
VMWare Workstation5.5.1-19	83.33	8.33	11.11
Microsoft Visual Studio2005 Pro.	82.67	7.67	10.22
.NET Framework Runtime2.0	81.67	6.67	8.89
100 Fonts	80.33	5.33	7.11
Microsoft Office 2003(v11) Pro.	80.00	5.00	6.67
Windows Live Messenger(MSNM8)	80.00	5.00	6.67
Gaim 1.5.0	79.67	4.67	6.22
Adobe Photoshop CS 2	79.33	4.33	5.78
OpenOffice 2.0.3	79.00	4.00	5.33
Macromedia Studio MX 2004	79.00	4.00	5.33
QuickTime 7.1	78.67	3.67	4.89
DivX 6.3	78.67	3.67	4.89
DirectX 9.0c	78.67	3.67	4.89
Azureus 2.5.0.0 (+ Java Runtime)	78.33	3.33	4.44
BitDefender v10	78.00	3.00	4.00
WinRAR 3.60	78.00	3.00	4.00
Java Runtime 1.5.0.06	78.00	3.00	4.00
WinAce 2.65	77.67	2.67	3.56
K-Lite Codec Pack 2.76FULL	77.33	2.33	3.11
WinZip	77.33	2.33	3.11
7-Zip 4.42	77.00	2.00	2.67
BitComet 0.7	76.67	1.67	2.22
uTorrent 1.4	76.33	1.33	1.78
Control (none)	75.00	0.00	0.00

Things That Did Bad

The results of the security software were quite shocking. I've always known that being most involved with the system, antivirus and firewall programs are going to make things slower, but I was just completely astounded by the Norton result when compared against the other software on show.

Fonts were as, if not more, amazing. I know people always say not to install too many fonts (which is really hard when you have a DVD full of them), but this is the first proof I've seen that shows fonts have a massive effect on the windows load time.

One conclusion that we can take from this is software that makes many, many changes to the system when it installs is going to have a larger effect to windows boot timings. Examples of this were shown by the .NET runtime (both standalone and part of Visual Studio) and the fonts which get scooped up by system services. VMWare Workstation installs a lot of system drivers to emulate hardware properly which also goes a long way to slow down a computer. Furthermore, if that software loads at boot, this is going to have an added knock on effect, shown best by the antivirus programs and the chat clients.

Things That Did Well

Surprisingly, the codecs made little effect. Even the full (everything checked) K-Lite Codec Pack only added a few seconds to the boot time. Quicktime was slower as this installs a load-on-boot tray icon.

The compression utilities all did very well considering that all of them add about thirty extension associations and add explorer context menus. I think this shows that they're both fairly lightweight and you shouldn't be too concearned over applications which install them.

BitDefender was another suprise. I've heard a lot of mixed things about it since I started the testing but it certainly uses the fewest resource on boot. This could mean a couple of things: Either its incredibly efficient or its a very lazy protection scheme that doesnt protect your computer all the time.

Final Words...

In closing, just be careful over what you install. If you need a font for something, you only need to open it in the Windows font browser and it should become available in your application until you close the font browser. Installing and forgetting about fonts is a very easy way to slowly degenerate your boot times. If you can avoid them, don't install an antivirus program (especially not Norton). That's not perfect advice for everyone, but if you've got an oodle of web-smarts, you should be able to spot what's bad and what's ok.

One thing not covered by this test (for sheer time purposes)is what happens when you uninstall the software. It's well known that applications junk the registry with crap long after they've gone so be aware that the only way to get some of that performance back from a bad application may be to do a clean install of Windows.

Another was drivers. Drivers are known to increase the boot time (as VMWare displays) but are completely impossible to demonstrate on a testing system like this. If I did the tests again with a whole PC and different hardware, this would be more a test of hardware than software. If you want to know how drivers perform, read the hardware reviews.

i-Charge The Fuel Saver

Importance of Car Electronics and Stability of In-Car Voltage
Do you know how important is electrical voltage to your car performance and life-span? Many problems occurred in your car now are due to unstable voltage supply, and if your car is not taken care of ASAP, it will then worsen to serious problem later. Most of the car owners look for mechanics assistance when having problems with their cars from time to time. They are unable to find the right cause and remedy to the problems, and worst of all, car owners have to compromise to the problems most of the time. As we know "precaution is better then treatment", like we take good care of our body, we should take good care of our car before it is too late. Small spending in advance is definitely a wise investment, as it has very high cost/performance in returns.

Electrical systems in our cars are interconnected to each other. To get perfect performance you need a good and harmony electrical circuit environment. For example, if you have a old and less efficient ignition circuit in your car, you will have very poor fuel consumption, low throttle response, misfiring problem, jerking gear shift, all problems may occurred due to a single defect in another electrical problem. So to maintain optimum electrical performance in your car, we need to have a very stable voltage environment. Here comes a new electronic device - i-CHARGE, original patent/copyright from Japan, a multi-purpose Voltage Stabilizer with built in Battery Doctor System and Interference Reducer System. Once you use i-CHARGE, your car is in best control by this product, it will solve small problems that due to unstable voltage during driving. What is more wonderful, it is so easy to installed, with just a plug into cigar-lighter socket, will activate this device. Unlike other fuel saving product, by adding chemical and tablets into the fuel tank, increase the risk of car damages.

Feature
i-CHARGE Voltage Stabilizer has the following three systems：
• Voltage Stabilizer System
• Interference Reducer System
• Battery Doctor System

Benefits • Fuel saving • Better RPM response • Increase engine torque • Engine power up • Optimized all electronic devices in car Notices • Do not disassemble or modify this product to avoid damage or injury. • Only design for 12V vehicles. Do not use on 24V vehicles. • Do not plug in and out from the cigar-lighter socket during driving. • When install, please make sure the plug of i-CHARGE is securely in contact with the socket. • If the cigar-lighter socket is loosened due to previous usage of other charging device, please adjust the contact point inside the socket before plug in. • Fuel saving effect will differ according to car type, driving behavior, weather, road condition etc.

Advantages • Faster throttle response, engine power up. • Reduce car CPU noise signal, improve CPU reaction time, improve electronic efficiency. • Smoother gear shift on automatic car. • Improve engine power, better acceleration response, hence improve fuel saving. • Maximize ignition efficiency, easier engine start. • Prolong engine and electrical device life-span. • Easy installation, totally DIY, the first choice for ladies drivers. • Universal for all cars and motorcycles • Reduce noise with built in noise filter, improve sound system performance. • Equipped with double fuse protection, for better product life and safety. • Faster RPM response, it gives you powerful acceleration even when your car's air condition turn on to maximum load. • Cleaner exhaust emission on HC and CO gas. So more environment friendly. • Twelve (12) months Limited Product Warranty.

ADD SUBTITLE TO YOUR VIDEO

Welcome to Oscar g2v10 ¶

Latest version g2v10 released 2008/02/17 ...

Let's face it. Searching for subtitles to your favorite movies/TV series can be a real pain in the ass. OSCAR is a tool to make your life a little easier, find your subtitle files quickly and enjoy your videos without the hassle of searching the web for the correct version, then trying to synchronize them with your video file.

OSCAR uses the OSDb standard to communicate with remote subtitle sites and search/download subtitle files matching your videos.

There are two main advantages to this approach:

• EXACT MATCHES - instead of having a lot of subtitles matched to a single movie title, you assign them directly to a video file (using a specific fast hash function). So when searching for subtitles to a specific video file you'll only get those that (according to otherusers) match your video file 100%.

• SPEED - instead of searching for subtitles on a web site, you are provided with a user-friendly application that allows easy and fast search and download of subtitles.

Main features: ¶

• quick and accurate search/download of subtitle files for your movies
• upload subtitles to help out others in need ;)
• multi-language support
• Windows Explorer integration
• command-line parameters
• proxy support
• IMDb support
• drag-n-drop support
• and much more ...

You can learn more about this application by browsing this Wiki or by simply downloading the application and giving it a go.

Available for the Windows 32bit platform, no Unix versions planned.

Please note that this application requires an internet connection.

Enjoy.

Links: ¶

• Quick-start guide
• Instructions
• Download
• Version history
• How-to?
• Tips&tricks
• Setting preferences
• Screenshots
• Showcase videos
• Technical stuff
• To-do list
• Links
• Opensubtitles forum thread dedicated to Oscar

Attachments

• oscar.gif (199.4 kB) -Oscar features showcase (first draft), added by majky on 02/14/08 22:52:05.

How to Make Your PC Run Faster and Better - Speed up Startup

The default settings and configuration for your computer are not necessarily the most efficient for your particular usage. Here are some tips and tweaks to speed up your computer and improve performance.

---

First Do Essential Housekeeping

Before undertaking any system changes, be sure that the basic maintenance chores are done. Also be sure that you know how to get back where you started in case changes don't work out. As a reminder here are the things that need to be done regularly:

• Run up-to-date anti-virus
• Run up-to-date anti-spyware (preferably two or more)
• Empty “temp” files
• Empty Recycle Bin
• Run chkdsk and disk defragmenter
• Back up your system

Make your computer start faster

Getting the computer up and running involves several stages. There are various tweaks that can be applied for each stage to speed things up. In my own experience, only a few make much difference. Some references are given in the sidebar. The most important improvement by far comes from controlling the programs that are loaded at start up. This item will be discussed in more detail below but first here is a survey of other possibilities.

The boot process involving the BIOS

There are a variety of tweaks that are possible in this first stage but I have never found one that did more than shave a second or two here and there. Furthermore, the BIOS is terra incognita for the average PC user. There are probably more fruitful areas where time-saving measures can be looked for but those who love to tinker can get some ideas from this ExtremeTech reference.

About Bootvis.exe

This graphical Microsoft developer tool is mentioned and recommended as a way to speed up booting in countless places. I see it so often that I felt constrained to devote a separate section to it. This is what Microsoft has to say

Please note that Bootvis.exe is not a tool that will improve boot/resume performance for end users. Contrary to some published reports, Bootvis.exe cannot reduce or alter a system's boot or resume performance. The boot optimization routines invoked by Bootvis.exe are built into Windows XP. These routines run automatically at pre-determined times as part of the normal operation of the operating system.

From what I understand (I'm no expert) a brand-new setup might take a couple of days before Windows XP finishes optimizing and, if you just can't wait, Bootvis.exe might help you optimize right away . But, basically, you can forget about using this tool in spite of what everybody keeps saying. You can't even download it from Microsoft anymore although there are sites that still have it. There seem to be several versions and one or more may not work in SP2.

In any event, it seems it is possible to carry out some of the type of optimization done by this tool just by using RUNDLL32.EXE. In Start-Run. Enter the command RUNDLL32.EXE advapi32.dll,ProcessIdleTasks

Loading Windows

Windows XP loads pretty fast but there are some ways to hurry it up a bit. Unfortunately, a lot of the stuff you read isn't too useful. Here are a few of the common suggestions.

1. A study has shown that cutting down on the number of fonts being loaded will speed things up. If you have many hundreds of fonts, you might consider removing some. Those who wish to manage their fonts can read this article.
2. There is a lot of discussion of configuring "Prefetch" and the related subject "boot defrag". The average PC user can ignore these subjects since Windows XP basically takes care of this area on its own. These configurations are part of what the utility "Bootvis.exe" discussed above was supposed to help manage. If you must tinker, do the RUNDLL32.exe command given above in the Bootvis.exe section. However, forget the often-mentioned idea of regularly deleting the contents of the \Windows\Prefetch\ folder. In fact, deleting Prefetch will initially slow down the boot until the folder is rebuilt. See Ed Bott's blog on the subject. Also see this bad tweaks list.
3. The Start menu in Windows XP contains an entry, My Recent Documents, where a list of all the recent documents that you have opened or used is kept. This provides a quick way to reopen any document. After a while the list can get quite long and it has the effect of slowing the bootup process. Details of managing this feature are discussed here. What isn't obvious is that the list of files that can be accessed from the My Recent Documents entry in the Start may be only the tip of the iceberg. The folder, %USERPROFILE%\Recent, where the entries are stored may have many more. This folder should be cleaned regularly. This can be done manually or automatically every time you log off. To make the cleanup automatic you can edit the Registry. (The usual caveats about Registry editing apply.) In the Registry editor Regedit, navigate to this key: HKEY_CURRENT_USER\Software\Microsoft\Windows\ CurrentVersion\Policies\Explorer Create a DWORD value named ClearRecentDocsOnExit and give it a data value of 1. Shortcut entries for “My Recent Documents” will still be collected during a login session but will then be cleared at logoff. For those who shun Registry editing, I have written an INF file to do the Registry change. Download the zipped file here to anywhere convenient and unzip. Then right-click and choose “Install” from the context menu. The change will take place when you log off or reboot.
   Note: This file is offered without any guarantees and the user assumes all respnsibility for its use.

Drivers and hardware

Part of the boot process is loading and initializing the hardware.

1. Keep the drivers for your peripherals and other hardware up-to-date. This may require checking regularly at the Web sites of the manufacturers. If you have older equipment, be sure that you are using drivers written for Windows XP.
2. You may want to disable rarely used peripherals or hardware services. Possible examples are game ports, IR ports, MIDI devices, and Firewire. Disabling devices does not remove them and they can be re-enabled if desired. Use Device Manager to make changes. Click here to see how to use Device Manager.

Networking tweaks

Network cards can be a substantial drag on startup time since they can spend a lot of time getting network addresses. Also if you have a lot of network protocols , loading them can take time.

1. If you have a home network and are using automatic IP assignments, you may be able to speed things up by assigning permanent IPs to the computers on your network. Consult the instructions for your router. Also see this reference.
2. If you are using DSL and connect by PPPOE directly to a modem (not a router) you definitely want to assign a permanent IP to your network card. Otherwise, there is a considerable delay while the card hunts for an address when you boot. Consult your ISP for instructions. Also see this reference.

Limiting the programs and services that start up

This area is where the big savings in time can be made. The average PC user probably has far too much stuff loading at start up. Also, Windows starts up a lot of services by default that many systems do not need. The measures to take are covered in great detail on pages elsewhere on this site. How to use the Windows System Configuration Utility (Msconfig) and the Services Console to control both programs and services is discussed. There is also some excellent freeware to help manage your startup and one program, WinPatrol, is evaluated here.

Speed up youy PC

5 ways to speed up your PC

Related Links • Backup basics for Vista • Backup basics for XP • Keep Vista Up-to-date • Maintain your XP system • Office Updates • Shop for products that work with Windows • Shop for products and services that work with Office

By following a few simple guidelines, you can maintain your computer and keep it running smoothly. This article discusses how to use the tools available in Windows XP Service Pack 2 (SP2) and Windows Vista to more efficiently maintain your computer and safeguard your privacy when you're online.

On This Page

	Free up disk space
	Speed up access to data
	Detect and repair disk errors
	Protect your computer against spyware
	Learn all about ReadyBoost

Free up disk space

By freeing disk space, you can improve the performance of your computer. The Disk Cleanup tool helps you free up space on your hard disk. The utility identifies files that you can safely delete, and then enables you to choose whether you want to delete some or all of the identified files.
Use Disk Cleanup to:

•	Remove temporary Internet files.
•	Remove downloaded program files (such as Microsoft ActiveX controls and Java applets).
•	Empty the Recycle Bin.
•	Remove Windows temporary files.
•	Remove optional Windows components that you don't use.
•	Remove installed programs that you no longer use.

Tip: Typically, temporary Internet files take the most amount of space because the browser caches each page you visit for faster access later.

To use Disk Cleanup

1.	Click Start, point to All Programs, point to Accessories, point to System Tools, and then click Disk Cleanup. If several drives are available, you might be prompted to specify which drive you want to clean.
2.	In the Disk Cleanup for dialog box, scroll through the content of the Files to delete list. Choose the files that you want to delete.
3.	Clear the check boxes for files that you don't want to delete, and then click OK.
4.	When prompted to confirm that you want to delete the specified files, click Yes.

After a few minutes, the process completes and the Disk Cleanup dialog box closes, leaving your computer cleaner and performing better.

Top of page

Speed up access to data

Disk fragmentation slows the overall performance of your system. When files are fragmented, the computer must search the hard disk when the file is opened to piece it back together. The response time can be significantly longer.

Disk Defragmenter is a Windows utility that consolidates fragmented files and folders on your computer's hard disk so that each occupies a single space on the disk. With your files stored neatly end-to-end, without fragmentation, reading and writing to the disk speeds up.

When to run Disk Defragmenter
In addition to running Disk Defragmenter at regular intervals—monthly is optimal—there are other times you should run it too, such as when:

•	You add a large number of files.
•	Your free disk space totals 15 percent or less.
•	You install new programs or a new version of Windows.

To use Disk Defragmenter:

1.	Click Start, point to All Programs, point to Accessories, point to System Tools, and then click Disk Defragmenter. Click Analyze to start the Disk Defragmenter.
2.	In the Disk Defragmenter dialog box, click the drives that you want to defragment, and then click the Analyze button. After the disk is analyzed, a dialog box appears, letting you know whether you should defragment the analyzed drives. Tip: You should analyze a volume before defragmenting it to get an estimate of how long the defragmentation process will take.
3.	To defragment the selected drive or drives, click the Defragment button. Note: In Windows Vista, there is no graphical user interface to demonstrate the progress—but your hard drive is still being defragmented. After the defragmentation is complete, Disk Defragmenter displays the results.
4.	To display detailed information about the defragmented disk or partition, click View Report.
5.	To close the View Report dialog box, click Close.
6.	To close the Disk Defragmenter utility, click the Close button on the title bar of the window.

Top of page

Detect and repair disk errors

In addition to running Disk Cleanup and Disk Defragmenter to optimize the performance of your computer, you can check the integrity of the files stored on your hard disk by running the Error Checking utility.

As you use your hard drive, it can develop bad sectors. Bad sectors slow down hard disk performance and sometimes make data writing (such as file saving) difficult, or even impossible. The Error Checking utility scans the hard drive for bad sectors, and scans for file system errors to see whether certain files or folders are misplaced.

If you use your computer daily, you should run this utility once a week to help prevent data loss.

To run the Error Checking utility:

1.	Close all open files.
2.	Click Start, and then click My Computer.
3.	In the My Computer window, right-click the hard disk you want to search for bad sectors, and then click Properties.
4.	In the Properties dialog box, click the Tools tab.
5.	Click the Check Now button.
6.	In the Check Disk dialog box, select the Scan for and attempt recovery of bad sectors check box, and then click Start.
7.	If bad sectors are found, choose to fix them.

Tip: Only select the "Automatically fix file system errors" check box if you think that your disk contains bad sectors.

Top of page

Protect your computer against spyware

Spyware collects personal information without letting you know and without asking for permission. From the Web sites you visit to usernames and passwords, spyware can put you and your confidential information at risk. In addition to privacy concerns, spyware can hamper your computer's performance. To combat spyware, you might want to consider using Microsoft Windows Defender, which is included in Windows Vista, and is available as a free download for Microsoft XP SP2. Alternatively, there are other free anti-spyware software programs available.

Top of page

Learn all about ReadyBoost

If you're using Windows Vista, you can use ReadyBoost to speed up your system. A new concept in adding memory to a system, it allows you to use non-volatile flash memory—like a USB flash drive or a memory card—to improve performance without having to add additional memory. Learn more.

CWS HIJACKER

By: Mike Healan
July 9, 2003

Updated August 6, 2003

CWS is a trojan that hijacks Internet Explorer start and search settings to one of several different web sites (see below). Most of these web sites appear to have an affiliate relationship with coolwebsearch.com in which coolwebsearch pays them for every visitor they refer. There could be other domains involved in the future.

This hijack is similar to the datanotary.com hijack discovered last month. As with datanotary, the CWS hijack sets Internet Explorer to use a custom style sheet containing javascript that opens a pop up window. In fact, we believe the trojan involved with CWS is an updated version of the same malware involved with datanotary.

In the original variant, the start and search settings were changed to an address in which the letters are converted into an unreadable mess of numbers and % symbols to hide the domain name from the user. It also made it difficult to blacklist the domain. Internet Explorer is able to translate the symbols and load the hijacker's web site.

An executable file named bootconf.exe is copied to the \windows\system32\ folder and set to load at startup. Even if you fix the hijack, this file will reinstall it the next time it is loaded.

More current variants also install a small web server, contained in a file named svchost32.exe. It adds several google addresses (google.de, google.ch, google.ca, etc) search.yahoo.com, and search.msn.com to the HOSTS file, telling windows that the IP addresses for those sites is 127.0.0.1, and that's where it's webserver is listening.

Yet another variant hijacks Internet Explorer's SearchHook setting with a file named dnsrelay.dll. This redirects all search and start page settings to allhyperlinks.com.

Finally, the trojan lists the hijacker's web site in Internet Explorer's trusted security zone. Domains listed in the trusted security zone have no restrictions on what they can do. This allows that web site to have virtually unlimited access to the infected computer's file system.

We believe the source of the infections might be activex drive by installers located on pornographic web sites, or possibly trojan programs pretending to be illegal serial number generators. Unfortunately, this is just speculation for now.

This trojan is detected by Computer Associates antivirus products under the following names (More info):
Win32.Startpage.C
JS.CSSPopup.B,
JScript/IEstart.Trojan,
Win32/IEstart.Trojan

Removal Instructions

Merijn, author of HijackThis and StartupList, has created CWShredder specifically to remove this parasite. Please make certain that all browser and folder windows are closed before using CWShredder. If any symptom of the problem remains afterward, then follow these directions below. If you have any problem with CWShredder, please ask for help in our support forums.

This article is located at http://www.spywareinfo.com/articles/cws/

Hijacker Web Sites

The following web sites have been found in log files of people infected with this trojan. To our best knowledge, they are all affiliated with coolwebsearch.com

193.125.201.50, 1stpagehere.com, 66.250.130.194, adulthyperlinks.com, allhyperlinks.com, approvedlinks.com, bannedhost.net, bestcrawler.com, cantfind.com, carsands.com, cool-web-search.com, coolfreepage.com, coolwebsearch., coolwwwsearch., couldnotfind.com, defaultsearch.net, dev.ntcor.com, drvvv.com, ewebsearch.net, findloss.com, findwhat.com, firstbookmark.net, freebookmark.net, freebookmarks.net, global-finder.com, globesearch.com, gratis-porn-movie.com, hardloved.com, itseasy.us, jethomepage.com, jetseeker.com, kazaa-lite.ws, martfinder.com, mature50.com, mommykiss.com, mywebsearch.net, noblindlinks.com, nocensor.com, ok-search.com, pedo.ws, runsearch.com, search-2003.com, search.xrenoder.com, searchdesire.com, searchnow.ws, searchv.com, searchxp.com, sharempeg.com, sixroads.com, slawsearch.com, slotch.com, stopxxxpics.com, super-spider.com, super-websearch.com, the-exit.com, the-huns-yellow-pages.com, topsearcher.com, unipages.cc, web-search.tk, white-pages.ws, youfindall.com, youfindall.net, yourbookmarks.info, and yourbookmarks.ws