Computer extremely slow, spyware?

[misterwinter]

Hello everyone,

Two days ago, while working in Photoshop, my computer launched the app "Adobe Help Viewer," (AHV) which promptly froze. I could not close the app by any means... even by using the Task Manager. I eventually rebooted the computer, shutting down all programs first, save for the AHV.

When the computer rebooted, it was not the same. It started up a little more slowly than normal, and once the desktop and system tray icons were in place, I attempted to open some programs (first Outlook Express, then Firefox and then Photoshop). Experienced major lag... it took Firefox about two minutes to open and Photoshop took close to five minutes. Even the start menu froze momentarily when I clicked on it.

I did another reboot, with no success. I then did a System Restore, and selected a restore point timed about 12 hours before I began having problems. Initially, this did not appear to help (Photoshop was still extremely slow to launch) but after walking away for a bit (10 minutes or so), I came back to find the computer acting a little more normal. Everything seemed to work fine for the remainder of the day, as well as yesterday and this morning.

Today, I did another reboot and—once again—the computer seemed extremely slow after the reboot. Photoshop again took 5+ minutes to launch, and Firefox was also very slow to launch. I also noticed that a couple of the apps in my system tray were slow to update (in terms of connecting to the Internet to check for virus definitions, etc...).

What I'm finding is that the first time I launch a program, it takes a very long time. If I close it and then re-launch it, it seems to be fine... at least until I decide to reboot the computer again.

Not sure at this point if this is a function of spyware, a virus or perhaps some type of system glitch.

Would appreciate any advice/input you can provide. I'm currently running ESET NOD 32 for antivirus and Spy Sweeper for spyware protection.

 

[robin_bga]

Hi, that sounded abit familiar, anyway pliz run a software called HIJACKTHIS 2 u can get it here at link removed, then save the log and upload it here for us to analyze.

 

[captaincranky]

The Hijack This log shows an anti-virus and multiple anti-spyware applications running. Have you scanned the system with these?

Are you still able to update these security programs?

Incidentally "Nod32" is acknowledged to be one of the best AVs around.

You could also try downloading the latest version of M$ "Malicious Software Removal Tool" and try scanning with that. Use M$ download NOT M$ update. If malware is suspected you can download the executable file with another computer, copy it to your desktop from a flashdrive.

If you believe your situation might be malware, you should take this issue up in our "Virus & Malware Removal" forum. https://www.techspot.com/vb/menu28.html Please read the 3 guide threads at the top of the page before proceeding to start a thread.

 

[robin_bga]

Hi, Anyway i look at it and released that u visited a site call link removed and u could have got an infections from the popups, i dont see you firewall, do u have a firewall, i saw files like axzapper.ocx.
try checking the eventvwr.msc and see what errors u get, look in the applications section if there is any hanging application.
then tell us.

 

[captaincranky]

Don't you think this computer should be scanned with the resident security programs?

I'm currently running ESET NOD 32 for antivirus and Spy Sweeper for spyware protection.

Acording to Hijack this, you also have "Ad aware" (lavasoft). You don't mention scanning with these apps, just restoring and rebooting. So..... ?

 

[misterwinter]

Thank you for the suggestions. I will follow through with them and report back. It may take a couple of days, as I have family coming into town this evening. (My computer picked the worst time to do this, LOL). Thanks again.

Hi, i suggest that u upload it so some hosting site then gives us the like to the site, that is much better that splitting it. try Megafile, its very easy.

Done.

http://www.megafileupload.com/en/file/102411/hijackthis-log.html

Hi, Anyway i look at it and released that u visited a site call http://www.everprivate.com/ and u could have got an infections from the popups, i dont see you firewall, do u have a firewall, i saw files like axzapper.ocx.
try checking the eventvwr.msc and see what errors u get, look in the applications section if there is any hanging application.
then tell us.

Please forgive my naivete, but I thought Windows XP was equipped with its own firewall... or that my router was equipped with one? Maybe I am completely off-track here.

"try checking the eventvwr.msc and see what errors u get, look in the applications section if there is any hanging application."​

I'm sorry... this is Greek to me. Can you clarify?

I'm going to run my antivirus app now, followed by the antispyware programs. They normally run on a schedule, which is why I hadn't run them sooner. Will report back.

 

[captaincranky]

With the "Control Panel" in "Category View" The file path to the event viewer is; . "Performance and Maintainence" > "Administrative Tools" > "Event Viewer" > "Application". Red Ball = Error, Yellow triangle = "Warning". You can probably Google any error code and get a fix on it that way. It will tell you straight out if an application is (or has) hung.

Windows has a firewall, albeit not a good one

I'm sorry... this is Greek to me. Can you clarify?

Are you sure you don't mean, "this is geek to me"?

 

[misterwinter]

I ran AdAware during the night, which found a number of instances of Spyware (mostly tracking cookies). I removed those objects using AdAware.

AdAware did pick up three objects that I was unfamiliar with. Please see portion of log below. Not sure if this is normal, or if this is something I should be troubled by ---

Item Id: 1 Value: MRU Path: C:\Documents and Settings\XXXX\Recent Count: 237
Item Id: 2 Value: MRU Registry Key: S-1-5-21-1606980848-57989841-682003330-1003\Software\Microsoft\Search Assistant\ACMru\5603 Count: 1
Item Id: 3 Value: MRU Registry Key: S-1-5-21-1606980848-57989841-682003330-1003\Software\Microsoft\Internet Explorer\TypedURLs Count: 25

With the "Control Panel" in "Category View" The file path to the event viewer is; . "Performance and Maintainence" > "Administrative Tools" > "Event Viewer" > "Application". Red Ball = Error, Yellow triangle = "Warning". You can probably Google any error code and get a fix on it that way. It will tell you straight out if an application is (or has) hung.

I checked the event viewer. For 5/6/09, it shows an error in the VSS at 1:34pm, which is right around the time this issue was occurring (probably around the time that I was rebooting). Event code is 8193, which I will Google now.

Same date... fiften minutes earlier, there is a warning icon for "userenv," with error code 1517. Will Google this as well.

No other error or warning codes for this date.

What do you recommend in lieu of the Windows firewall?

 

[captaincranky]

I believe that the "Comodo Pro" is considered the best ATM. This at least in the freeware category.
https://www.techspot.com/downloads/3702-comodo-firewall-pro.html

You also have the option of choosing "Zone Alarm" https://www.techspot.com/downloads/239-zonealarm-free.html

Were you able to perform scans of your machine with the other resident security programs?

"VSS" is "Volume Shadow Service" It's data back-up.

Do you know how to clean up unnecessary files, or defragment the hard drive?

You should be able to safely delete any "MRU" object. Any threat assessment can be checked at Lavasoft's site.

Pull up "Task Manager" (Control, alt, delete) together, and check the process tab. How many processes are running?

Robin could be right about the when and where of a possible infection. We should try and track it down.

Are you familiar with The "Microsoft Malicious Software Removal Tool"? Go to M$ download page and get the latest version. (it's released monthly). Save it to the desktop.

I found much better luck at the M$ support page tracking down the error codes.

If we don't get a fix on your problem soon we can either move this thread to "virus and malware removal" or start a new thread there. For the moment at least, you're not getting overt symptoms of spyware, like browser hijacking, (redirects to porn or fake security sites, or messages the something can't "run", or Windows error messages).

 

[kimsland]

misterwinter please do the following:

If you believe your situation might be malware, you should take this issue up in our "Virus & Malware Removal" forum. https://www.techspot.com/vb/menu28.html Please read the 3 guide threads at the top of the page before proceeding to start a thread.

Please also note that member: robin_bga has been banned for posting pirated software on another thread (not to mention very bad support above )
Note: You do not need to upload to Megafile !

Just follow the UPDATED 8-step Viruses/Spyware/Malware Preliminary Removal Instructions and => Attach, the logs to a New Thread in the Virus & Malware removal forum

Good luck :grinthumb

 

[captaincranky]

Please also note that member: robin_bga has been banned for posting pirated software on another thread (not to mention very bad support above )

Like a shooting star, was the TS support career of "robin_bga"

kimsland; the computer in question has a fairly high software load, and and every thing is in auto update. At the time of the original event, the VSS had crashed. It seems reasonable to observe that the slowness the OP observed could, at least in part, attributed to this service attempting to write large amounts of data to the HDD. Which would also point to HDD fragmenting and temp file issues, or there could be malware too, sort of like one big "Mother's Day" gift, but for computers.

@MisterWinter; I noticed you mentioned Photoshop in your first post. Machines that are used for a great deal of image editing, tend to have a great many image files. So yes, I enjoy stating the obvious, but beyond that it brings up the question, "what is your storage strategy"? Are all your files on the primary HDD?

 

[Bobbye]

The Hijack This log shows an anti-virus and multiple anti-spyware applications running. Have you scanned the system with these?

There was a Hijack log? Where?

 

[captaincranky]

Due to trouble with a member, I think it was pulled by the mods.

 

[Bobbye]

It can get confusing Captain. OP was misterwinter. Member now banned for suggestion was robin_bga. Had to keep track of, isn't it?

 

[captaincranky]

Just a bit, indeed. I probably should have phrased that "with another member", or "with a different member", or "with the member who requested the logs", perhaps that would have helped.

Anyway, the computer in question has a multitude of apps and updates running. OP said Photoshop was running, and I believe he was on the web at the same time, when the VSS crashed. There's no certainly here whether the crash occurred summarily or on the reboot. I'm not discounting the possibility of infection, but this box could have taken a big time out on it's own. Or both (!) (?).

Anyway OP is on family duty. So hopefully he'll be back soon, and you'll be able to get a hold of a fresh sets of logs to see for yourself.