Several months ago, I solved a Windows XP slow shutdown problem that had been plagueing me for about three months on my notebook.
Since I normally let the notebook run overnight or close it to let it hibernate, I wasn’t able to identify when the problem happened, so I wasn’t able to identify the change that occurred.
But, shutting down the system took between 1.75 minutes and 2.5 minutes, whether it was a reboot or an actual shutdown. All the lost time was spent while WinXP said it was “saving your settings.”
Then, I solved it!
I spotted some DLL files in C:\windows\system32 that I didn’t recognize: dartftp.dll, dartsock.dll, dartzip.dll and dartweb.dll.
My first effort with Google resulted in near panic — many sites were reporting that files with several of these names were used by IAmBigBrother spyware. I was surprised because CounterSpy, AdAware SE, and SpyBot Search & Destroy hadn’t identified these files as spyware.
echo "
include ($truebase.”/includes/ad_3.php”);
echo “
“;
//echo “
//include ($truebase.”/ads/ad_160x500_tct_cb_computer5_5ads.php”);
//echo “
“;
?>
Then, I remembered that I had been testing several FTP clients several months ago. Those file names are also part of Dart Communications FTP suite. Ah HAH!
Looking back, I saw that those same sites (including Symantec’s) report that IAmBigBrother picks a several file names to use (to hide itself) from a selection of DLL file names from relatively common software.
I went back into the directory and renamed the DLLs. I was surprised that worked — I expected to have to boot to safe mode to rename them.
I rebooted, but without any change in shutdown time. That was ok, because I knew that DLLs were loaded into memory. Once Windows finished restarting, I did a shutdown — 25 SECONDS!
It was solved!
I figured that the Registry was starting the DLLs. With the files renamed, the Windows Registry entries were still trying to load them, which would slow up the boot time.
So, I fired up the registry repair tool that I used at the time (XP Repair Pro 2006) to see what it could do.
XP Repair Pro found and removed a bunch of those weird links that Microsoft uses in the registry — the ones with Registry entry names like {12345-67890-12345-67890-12345}
With the files renamed, the related Windows Registry entries removed , all that remained was deleting the renamed files.
Because…it’s all about having the right tools…
I no longer use XP Repair Pro. My choice of Windows registry repair tools is now Optimize 3.0, which optimizes a number of other things about my computer, like Internet connection settings, in addition to cleaning the Windows registry.
and