Computer is running very very slowly

Solved/Closed
elishabenabbuyah
Posts
3
Registration date
Sunday December 21, 2014
Status
Member
Last seen
December 21, 2014
- Dec 21, 2014 at 03:06 PM
Ambucias
Posts
47360
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
September 1, 2021
- Dec 27, 2014 at 06:24 PM
Hi,
I'm having a popup message that says "A program running on the computer is trying to display a message" and it gives me the choice of "View the message" or "Ask me later." When I go to the "Show program details" it tells me that the program path is spoolsv.exe.

Would someone please be able to help me to understand what this is and if it is dangerous?

thank you very much,

E

6 replies

Ambucias
Posts
47360
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
September 1, 2021
11,255
Dec 21, 2014 at 04:01 PM
spoolsv.exe (spoolsv stands for Printer Spooler Service) is a Windows NT/2000/XP generic process which places printing jobs in a queue.

It is not in any way a virus, a worm, a Trojan horse, spyware, or AdWare.

It is a process which can be terminated.
0
elishabenabbuyah
Posts
3
Registration date
Sunday December 21, 2014
Status
Member
Last seen
December 21, 2014

Dec 21, 2014 at 04:42 PM
Thank you Ambucias,
I understand that sometimes viruses hide themselves in this program, and there are many things going wrong with the computer simultaneously. My microsoft word won't open, my virus software (Avira and Malwarebites) is stopping midway, and the computer is running very very slowly. I just thought they might all be connected.
Thank you for your help.
E
0
elishabenabbuyah
Posts
3
Registration date
Sunday December 21, 2014
Status
Member
Last seen
December 21, 2014

Dec 21, 2014 at 07:35 PM
never mind, I got it. I downloaded it in safe mode.
I'll send on the file.
Thank you.
0
Ambucias
Posts
47360
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
September 1, 2021
11,255
Dec 21, 2014 at 05:11 PM
Hello,

It may not be related but it seems as if you have a virus.

To help you and prescribe the remedy, I must make a diagnostic and to do so, I require a log.

1. Open this link and download ZHPDiag2 :

https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html

(Don't be alarmed is the site is in French, it sometimes happens, the tool will take your system language and allow the download if you get a warning message, ignore it.)

2. Save the file on your Desktop.

3. Double click on ZHPDiag.exe and follow the installation instructions.

(For Vista and Win 7 users, click right to ensure you execute with admin right)

The tool creates three icons ZHPDiag, MRB, and ZHPFix (If necessary,we will use ZHPFix after log analysis).

4. Double click on the short cut ZHPDiag on your Destktop.

5. If you need to change the language, click on the little house, (bottom right) and change to English

6. Click on Full.

Wait for the tool to finished (maybe a long time)

7. Close ZHPDiag.

8. To transmit the report, click on this link :

https://authentification.site

9. Search the directory where you installed ZHPDiag (usually C:\desktop\zhpdiag.txt).
0
elisha ben abbuyah
Dec 21, 2014 at 07:16 PM
Dear Ambucias,
I have been trying to download the program, but I am unsuccessful. It says failed each time, and the program will not open.
On my other computer it succeeded, so I know that I am doing everything correctly, and I don't know what I'm doing wrong on this computer.
Do you have any suggestions?
Thank you,
E
0
elisha ben abbuyah
Dec 21, 2014 at 07:57 PM
I have uploaded the file. Here are the two links it gave me:

HTML link: <a href="http://speedy.sh/GZkuM/ZHPDiag.txt">Download at SpeedyShare</a>

Forum link: http://speedy.sh/GZkuM/ZHPDiag.txt

Download link: http://speedy.sh/GZkuM/ZHPDiag.txt

Thank you again for your help.
0

Didn't find the answer you are looking for?

Ask a question
Ambucias
Posts
47360
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
September 1, 2021
11,255
Dec 22, 2014 at 04:45 AM
Hello

Sorry for the late reply.

You presently have to many antivirus software which is risky business.
Avira Free Antivirus v14.0.7.468
AVG 2014 v14.0.4765
Malwarebytes Anti-Malware version 2.0.4.1028
Secunia PSI
Spybot - Search & Destroy v2.4.40

You should have only one. The reason being is that the search engines may come in conflict, give false positives or even miss detect. Those search engines will also slowdown your computer.

I urge you to uninstall all of the above mentioned except one being the one that you have purchased.

This tool will remove the viruses presently on your machine

Download AdwCleaner (by Xplode) on your desktop.
Launch the program and click on Remove.
Wait for the scan to be completed. You may need to restart the computer after the scan.
Once the process is completed, a report will be generated which you can copy and paste here.

Good luck
0
elisha ben abbuyah
Dec 27, 2014 at 10:53 AM
Dear Ambucias,
Sorry for the delay. I've done what you suggested and removed all the conflicting anti-virus software and anti-spyware software, and I have done a scan and cleanup (there was no option for remove) with adwcleaner.
II am sending along the report, as you suggested. (I could not figure out how to attach it, so I'm pasting it in).
Thank you again for your help.
E

# AdwCleaner v4.106 - Report created 27/12/2014 at 10:39:44
# Updated 21/12/2014 by Xplode
# Database : 2014-12-21.4 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Sarra Lev - SARRALEV-HP
# Running from : C:\Users\Sarra Lev\Desktop\adwcleaner_4.106.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : vToolbarUpdater18.1.9
[#] Service Deleted : Skype C2C Service

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\1ClickDownload
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\ConduitEngine
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Users\Sarra Lev\AppData\Local\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Sarra Lev\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Sarra Lev\AppData\LocalLow\ConduitEngine
File Deleted : C:\Windows\SysWOW64\conduitEngine.tmp
File Deleted : C:\Users\Sarra Lev\AppData\Roaming\Mozilla\Firefox\Profiles\rwo52m7i.default\user.js

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder
Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder.1
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3225826
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1663C10B-0D55-438D-8496-19A3DBAEC0E4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{289A792A-FB6B-4FEA-9628-F898FCD14348}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B254BE2D-596C-4967-A892-BD6016893AFB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1BBF42E9-7EC1-4758-8F10-D67F9B665477}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1BBF42E9-7EC1-4758-8F10-D67F9B665477}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\conduitEngine

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v34.0.5 (x86 en-US)

[rwo52m7i.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "Vosteran");
[rwo52m7i.default\prefs.js] - Line Deleted : user_pref("browser.search.order.1", "Ask.com");
[rwo52m7i.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");
[rwo52m7i.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename", "Ask.com");
[rwo52m7i.default\prefs.js] - Line Deleted : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=52065DC0-D207-4CF8-90B4-3C02EFBD34CF&apn_ptnrs=TV&apn_sauid=85D85BE9-D6C4-410F-A9CE-E8DB08294CF8&[...]
[rwo52m7i.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "");

-\\ Google Chrome v39.0.2171.95

[C:\Users\Sarra Lev\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Sarra Lev\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Sarra Lev\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.exitingsearch.info/?l=1&q={searchTerms}&pid=714&r=2014/03/17&hid=15047158179632882956&lg=EN&cc=IL&unqvl=50
[C:\Users\Sarra Lev\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://us.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
[C:\Users\Sarra Lev\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://us.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}

*************************

AdwCleaner[R0].txt - [10046 octets] - [27/12/2014 10:36:45]
AdwCleaner[S0].txt - [9469 octets] - [27/12/2014 10:39:44]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9529 octets] ##########
0
Ambucias
Posts
47360
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
September 1, 2021
11,255 > elisha ben abbuyah
Dec 27, 2014 at 04:30 PM
Perfect elisha, viruses are gone!
0
elisha ben abbuyah
Dec 27, 2014 at 04:39 PM
Thank you so very much for all your help.
Have a happy new year.
E
0
Ambucias
Posts
47360
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
September 1, 2021
11,255
Dec 27, 2014 at 06:24 PM
The pleasure was mine.
Live long and properous.
0