Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Several little annoyances started all at onceMOVED


  • Please log in to reply
12 replies to this topic

#1 kcolfer

kcolfer

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:18 AM

Posted 16 June 2009 - 11:59 AM

OS: Windows XP Home SP3
Browser: IE 7
Computer: Gateway Pentium 4 2.4GHz, 1.5 GB RAM
ISP: MSN DSL

I started getting all these little annoyances at the same time:

1) IE won't start unless repeatedly clicked, then closed then opened, up to 40 tries before it accesses the web.

2) Continually get error messages when I click on an email in Outlook (I use the "outlook connector" bridge to access MSN email) that say, "We could not check the message you are trying to open for viruses because the virus check engine reported an error. To open the unchecked message, click OK." As far as I am aware, there is no virus check engine that is supposed to be using outlook. I definitely don't have my antivirus software (AVG Free) set up to do this.

3) svchost.exe uses 99% of CPU for hours after boot. I usually just terminate the process and there are no apparent ill effects.

Does anyone know if these problems are related, or are they perhaps all mysteriously unrelated? Any solutions? Malware?

Thanks in advance.

Edited by garmanma, 19 June 2009 - 10:57 AM.


BC AdBot (Login to Remove)

 


#2 fairjoeblue

fairjoeblue

  • Members
  • 1,594 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:18 AM

Posted 16 June 2009 - 12:51 PM

First take a real close look at svchost.exe & make sure you don't have one named svchosts.exe

If you have 1 with the s ot is a virus.

Next do a good cleanup & defrag.
OCZ StealthXstream 700W,Gigabyte GA-EP45-UD3R , E8500, Arctic Freezer Pro 7, 3GB G.Skill PC8500,Gigabyte Radeon HD 4850 OC [1GB ], Seagate 250GB SATA II X2 in RAID 0, Samsung SATA DVD burner.

#3 Alex_Computer

Alex_Computer

  • Banned
  • 107 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:18 AM

Posted 17 June 2009 - 07:55 PM

what i would do is scan using Malwarebytes Anti-Malware. Get it from here: http://www.malwarebytes.org It is an excellent detection tool. Please run it and post the log back here. thanks

Edited by Alex_Computer, 17 June 2009 - 07:56 PM.


#4 kcolfer

kcolfer
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:18 AM

Posted 19 June 2009 - 08:10 AM

Thanks, guys, for the suggestions. Have done numerous defrags and Cleanups over tha past few weeks! Problem persists. Just ran Malwarebytes Anti-Malware. Below is the scan log. Please let me know your thoughts.

Thanks

Malwarebytes' Anti-Malware 1.38
Database version: 2306
Windows 5.1.2600 Service Pack 3

6/19/2009 7:05:52 AM
mbam-log-2009-06-19 (07-05-35).txt

Scan type: Full Scan (C:\|F:\|G:\|)
Objects scanned: 410404
Time elapsed: 2 hour(s), 51 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntiVirus) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders (Broken.SecurityProviders) -> Bad: (msapsspc.dll,schannel.dll,digest.dll,msnsspc.dll) Good: (msapsspc.dll, ,schannel.dll, ,digest.dll, ,msnsspc.dll) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#5 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:10:18 AM

Posted 19 June 2009 - 10:59 AM

Did you check the Remove Selected box?

Update mbam and run a FULL scan
Please post the results
Then run ATF and SAS




ATF
Please download ATF Cleaner by Atribune & save it to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

------------------------------------

SAS,may take a long time to scan
Please download and scan with SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#6 kcolfer

kcolfer
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:18 AM

Posted 19 June 2009 - 01:08 PM

Thanks for the quick response, I'll tackle that over the weekend and get back to you!

#7 kcolfer

kcolfer
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:18 AM

Posted 02 November 2009 - 11:27 AM

Hi Mark,

Thanks for your reply to my post of June 19. I got pretty busy at work and elected to simply plod on in hopes of solving some of these problems, which I was able to do. The svchost problem turned out to be associated with my HP Networked multifunction printer. The Outlook problem was solved by upgrading, as MS was no longer providing functionality to the legacy version I had.

But, my slow computer problems have slowly and steadily gotten worse, to the point where it takes numerous tries to get IE to connect, and even then it is really slowed down. Firefox usually connects but it is slow also. All of my other programs run slower than they should. I have 37 gigs of free space on a 120 gig hd. I have 2 external drives connected, but only have files stored there, no programs or anything loaded there that I am aware of. I have defragged repeatedly, both with windows defrag utility and with "Power Defragmenter" which also can defrag files such as email files which windows utility cannot. I run "Cleanup!" regularly to delete unnecessary junk. I have run adaware, mbam, and sas repeatedly over the past several months with no noticeable improvement.

I followed your instructions above (relative to MBAM, ATF, and SAS in safe mode) to a tee over the weekend. The MBAM and SAS logs logs are included below. Any assistance you may be able to provide would be GREATLY appreciated! Thanks in advance for your help!

Malwarebytes' Anti-Malware 1.41
Database version: 3063
Windows 5.1.2600 Service Pack 3

10/31/2009 7:51:55 AM
mbam-log-2009-10-31 (07-51-55).txt

Scan type: Full Scan (C:\|F:\|G:\|)
Objects scanned: 482424
Time elapsed: 5 hour(s), 6 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/01/2009 at 01:32 PM

Application Version : 4.29.1004

Core Rules Database Version : 4217
Trace Rules Database Version: 2122

Scan type : Complete Scan
Total Scan Time : 09:24:04

Memory items scanned : 235
Memory threats detected : 0
Registry items scanned : 10406
Registry threats detected : 0
File items scanned : 272442
File threats detected : 0

#8 kcolfer

kcolfer
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:18 AM

Posted 02 November 2009 - 11:31 AM

Also meant to add that I regularly view running processes in task manager and, while there seem to be an awful lot of processes running, I can not identify any that are totally unnecessary. The weird thing is that, when the computer seems to be almost hung and really running slow, System Idle Processes is often at close to 99%, so whatever process is slowing things down seems to be hidden in the idle processes, and I can't really figure out what it is.


Thanks again!

#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:18 AM

Posted 04 November 2009 - 11:37 AM

Most of the processes in Task Manager will be legitimate as shown in these links.Anytime you come across a suspicious file or one that you do not recognize, search the name using Google or the following databases:Determining whether a file is malware or a legitimate process sometimes depends on the location (path) it is running from. One of the ways that malware tries to hide is to give itself the same name as a critical system file. However, it then places itself in a different location (folder) than where the legitimate file resides and runs from there. Another techinique is for the process to alter the registry and add itself as a Startup program so that it can run automatically each time the computer is booted. A file's properties may give a clue to identifying it. Right-click on the file, choose Properties and examine the General and Version tabs.

Tools to investigate running processes and gather additional information to identify them and resolve problems:These tools will provide information about each process, CPU usage, file description and its path location If you right-click on a file and select properties, you will see more details.

Anytime you come across a suspicious file which you cannot find any information, the file has a legitimate name but is not located where it is supposed to be, or you want a second opinion, submit it to Jotti's virusscan or VirusTotal. In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 kcolfer

kcolfer
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:18 AM

Posted 04 November 2009 - 12:13 PM

Quietman,

Thanks for the reply. I have used process explorer to attempt to identify processes that may be slowing me down. Have not had any luck identifying any that are suspicious.

#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:18 AM

Posted 04 November 2009 - 12:46 PM

Slowness and performance issues as you describe are not uncommon. If you're not finding any malware, please refer to Slow Computer/Browser? Check here first; it may not be malware. There are reasons for slowness and poor performance besides malware - i.e. disk fragmentation, disk errors, corrupt system files, too many startup programs, unnecessary services running, too many browser Add-ons (toolbars), not enough RAM, dirty hardware components, etc. As your system gets older it becomes filled with more files/programs and has a natural tendency to slow down so cleaning and regular maintenance is essential.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#12 kcolfer

kcolfer
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:18 AM

Posted 12 November 2009 - 11:53 AM

Quietman,

Thanks for the tips. I'm working my way through the solutions offered in the slow computer link you provided.

#13 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:18 AM

Posted 12 November 2009 - 12:01 PM

You're welcome and good luck.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users