Computer is running very very slowly

Solved/Closed
Report
Posts
3
Registration date
Sunday December 21, 2014
Status
Member
Last seen
December 21, 2014
-
Posts
47367
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
September 1, 2021
-
Hi,
I'm having a popup message that says "A program running on the computer is trying to display a message" and it gives me the choice of "View the message" or "Ask me later." When I go to the "Show program details" it tells me that the program path is spoolsv.exe.

Would someone please be able to help me to understand what this is and if it is dangerous?

thank you very much,

E

6 replies

Posts
47367
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
September 1, 2021
11,293
spoolsv.exe (spoolsv stands for Printer Spooler Service) is a Windows NT/2000/XP generic process which places printing jobs in a queue.

It is not in any way a virus, a worm, a Trojan horse, spyware, or AdWare.

It is a process which can be terminated.
Posts
3
Registration date
Sunday December 21, 2014
Status
Member
Last seen
December 21, 2014

Thank you Ambucias,
I understand that sometimes viruses hide themselves in this program, and there are many things going wrong with the computer simultaneously. My microsoft word won't open, my virus software (Avira and Malwarebites) is stopping midway, and the computer is running very very slowly. I just thought they might all be connected.
Thank you for your help.
E
Posts
3
Registration date
Sunday December 21, 2014
Status
Member
Last seen
December 21, 2014

never mind, I got it. I downloaded it in safe mode.
I'll send on the file.
Thank you.
Posts
47367
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
September 1, 2021
11,293
Hello,

It may not be related but it seems as if you have a virus.

To help you and prescribe the remedy, I must make a diagnostic and to do so, I require a log.

1. Open this link and download ZHPDiag2 :

https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html

(Don't be alarmed is the site is in French, it sometimes happens, the tool will take your system language and allow the download if you get a warning message, ignore it.)

2. Save the file on your Desktop.

3. Double click on ZHPDiag.exe and follow the installation instructions.

(For Vista and Win 7 users, click right to ensure you execute with admin right)

The tool creates three icons ZHPDiag, MRB, and ZHPFix (If necessary,we will use ZHPFix after log analysis).

4. Double click on the short cut ZHPDiag on your Destktop.

5. If you need to change the language, click on the little house, (bottom right) and change to English

6. Click on Full.

Wait for the tool to finished (maybe a long time)

7. Close ZHPDiag.

8. To transmit the report, click on this link :

https://authentification.site

9. Search the directory where you installed ZHPDiag (usually C:\desktop\zhpdiag.txt).

Dear Ambucias,
I have been trying to download the program, but I am unsuccessful. It says failed each time, and the program will not open.
On my other computer it succeeded, so I know that I am doing everything correctly, and I don't know what I'm doing wrong on this computer.
Do you have any suggestions?
Thank you,
E

I have uploaded the file. Here are the two links it gave me:

HTML link: <a href="http://speedy.sh/GZkuM/ZHPDiag.txt">Download at SpeedyShare</a>

Forum link: http://speedy.sh/GZkuM/ZHPDiag.txt

Download link: http://speedy.sh/GZkuM/ZHPDiag.txt

Thank you again for your help.
Posts
47367
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
September 1, 2021
11,293
Hello

Sorry for the late reply.

You presently have to many antivirus software which is risky business.
Avira Free Antivirus v14.0.7.468
AVG 2014 v14.0.4765
Malwarebytes Anti-Malware version 2.0.4.1028
Secunia PSI
Spybot - Search & Destroy v2.4.40

You should have only one. The reason being is that the search engines may come in conflict, give false positives or even miss detect. Those search engines will also slowdown your computer.

I urge you to uninstall all of the above mentioned except one being the one that you have purchased.

This tool will remove the viruses presently on your machine

Download AdwCleaner (by Xplode) on your desktop.
Launch the program and click on Remove.
Wait for the scan to be completed. You may need to restart the computer after the scan.
Once the process is completed, a report will be generated which you can copy and paste here.

Good luck

Dear Ambucias,
Sorry for the delay. I've done what you suggested and removed all the conflicting anti-virus software and anti-spyware software, and I have done a scan and cleanup (there was no option for remove) with adwcleaner.
II am sending along the report, as you suggested. (I could not figure out how to attach it, so I'm pasting it in).
Thank you again for your help.
E

# AdwCleaner v4.106 - Report created 27/12/2014 at 10:39:44
# Updated 21/12/2014 by Xplode
# Database : 2014-12-21.4 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Sarra Lev - SARRALEV-HP
# Running from : C:\Users\Sarra Lev\Desktop\adwcleaner_4.106.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : vToolbarUpdater18.1.9
[#] Service Deleted : Skype C2C Service

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\1ClickDownload
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\ConduitEngine
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Users\Sarra Lev\AppData\Local\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Sarra Lev\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Sarra Lev\AppData\LocalLow\ConduitEngine
File Deleted : C:\Windows\SysWOW64\conduitEngine.tmp
File Deleted : C:\Users\Sarra Lev\AppData\Roaming\Mozilla\Firefox\Profiles\rwo52m7i.default\user.js

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder
Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder.1
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3225826
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1663C10B-0D55-438D-8496-19A3DBAEC0E4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{289A792A-FB6B-4FEA-9628-F898FCD14348}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B254BE2D-596C-4967-A892-BD6016893AFB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1BBF42E9-7EC1-4758-8F10-D67F9B665477}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1BBF42E9-7EC1-4758-8F10-D67F9B665477}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\conduitEngine

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v34.0.5 (x86 en-US)

[rwo52m7i.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "Vosteran");
[rwo52m7i.default\prefs.js] - Line Deleted : user_pref("browser.search.order.1", "Ask.com");
[rwo52m7i.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");
[rwo52m7i.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename", "Ask.com");
[rwo52m7i.default\prefs.js] - Line Deleted : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=52065DC0-D207-4CF8-90B4-3C02EFBD34CF&apn_ptnrs=TV&apn_sauid=85D85BE9-D6C4-410F-A9CE-E8DB08294CF8&[...]
[rwo52m7i.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "");

-\\ Google Chrome v39.0.2171.95

[C:\Users\Sarra Lev\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Sarra Lev\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Sarra Lev\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.exitingsearch.info/?l=1&q={searchTerms}&pid=714&r=2014/03/17&hid=15047158179632882956&lg=EN&cc=IL&unqvl=50
[C:\Users\Sarra Lev\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://us.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
[C:\Users\Sarra Lev\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://us.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}

*************************

AdwCleaner[R0].txt - [10046 octets] - [27/12/2014 10:36:45]
AdwCleaner[S0].txt - [9469 octets] - [27/12/2014 10:39:44]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9529 octets] ##########
Posts
47367
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
September 1, 2021
11,293 > elisha ben abbuyah
Perfect elisha, viruses are gone!

Thank you so very much for all your help.
Have a happy new year.
E
Posts
47367
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
September 1, 2021
11,293
The pleasure was mine.
Live long and properous.