Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Is my slow computer caused by a virus?


  • Please log in to reply
11 replies to this topic

#1 kcolfer

kcolfer

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:32 AM

Posted 28 August 2010 - 04:03 PM

Hello,

I have been plagued by an increasingly slow computer for the past year or more. I'm running XP-SP3 on a pentium 4CPU 2.40 GHz with 35% open space remaining on a 120 GB HD, 1.5 GB RAM. AVG updated and scanned every day. Have run MBAM, Spybot, SAS repeatedly in both normal and safe mode. Followed all instructions at the [post="http://www.bleepingcomputer.com/forums/topic44694.html"]Slow Computer[/post] forum. Tried absolutely everything I or anyone else seems to be able to think of.

Can someone help me figure out if this is a virus before I nuke it all and start over?

Thanks,

BC AdBot (Login to Remove)

 


#2 kcolfer

kcolfer
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:32 AM

Posted 08 September 2010 - 03:22 PM

Hello??!!

Can anyone help?

Please?

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:32 PM

Posted 08 September 2010 - 07:42 PM

Hello ,sorry we missed you. Did the MBAM and SAS scans find and remove things?
Use Process Explorer to see what's running at startup.


Please download and run Process Explorer v11.33
Click on File then Save As, create a log.
Copy and paste it into your next reply.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 kcolfer

kcolfer
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:32 AM

Posted 08 September 2010 - 09:46 PM

Boopme,

Thanks for the help!

Neither MBAM, SAS, nor Spybot have ever found much besides cookies. Occasionally something a little more threatening, but they always seem to get rid of it. But the computer never runs much better afterwards. I usually run Cleanup! first, then the malware removers. I've run them repeatedly. I ran all 3 over the past weekend, a few cookies got removed that Cleanup! missed. S&D found a casalemedia cookie that I can't seem to get rid of.

Here's my ProcessExplorer log:

Process PID CPU Description Company Name
System Idle Process 0 90.77
Interrupts n/a 3.08 Hardware Interrupts
DPCs n/a Deferred Procedure Calls
System 4
smss.exe 676 Windows NT Session Manager Microsoft Corporation
csrss.exe 744 Client Server Runtime Process Microsoft Corporation
winlogon.exe 768 Windows NT Logon Application Microsoft Corporation
services.exe 832 Services and Controller app Microsoft Corporation
svchost.exe 1036 Generic Host Process for Win32 Services Microsoft Corporation
hpqbam08.exe 1184 HP CUE Alert Popup Window Objects Hewlett-Packard Co.
hpqgpc01.exe 1592 GPCore COM object Hewlett-Packard
svchost.exe 1104 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1188 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1228 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1312 Generic Host Process for Win32 Services Microsoft Corporation
spoolsv.exe 1892 Spooler SubSystem App Microsoft Corporation
svchost.exe 628 Generic Host Process for Win32 Services Microsoft Corporation
avgwdsvc.exe 696 AVG Watchdog Service AVG Technologies CZ, s.r.o.
avgnsx.exe 2040 AVG Network scanner Service AVG Technologies CZ, s.r.o.
CarboniteService.exe 712 Carbonite Secure Backup Engine Carbonite, Inc. (www.carbonite.com)
offSyncService.exe 1052 Online File Folder File Backup Starfield Technologies, Inc.
svchost.exe 1220 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1392 Generic Host Process for Win32 Services Microsoft Corporation
jqs.exe 1408 Java™ Quick Starter Service Sun Microsystems, Inc.
LxrJD31s.exe 1816
MaxBackServiceInt.exe 1888 MaxBackServiceInt Module
msdtc.exe 544 MS DTC console program Microsoft Corporation
svchost.exe 564 Generic Host Process for Win32 Services Microsoft Corporation
SyncServices.exe 588 SyncServices
StartManSvc.exe 96 StartMan Application PC Tools
svchost.exe 2080 Generic Host Process for Win32 Services Microsoft Corporation
QBCFMonitorService.exe 2112 QuickBooks Company File Monitoring Service Intuit
SeaPort.exe 2240 Microsoft SeaPort Search Enhancement Broker Microsoft Corporation
svchost.exe 2320 Generic Host Process for Win32 Services Microsoft Corporation
wmpnetwk.exe 2500 Windows Media Player Network Sharing Service Microsoft Corporation
svchost.exe 3316 Generic Host Process for Win32 Services Microsoft Corporation
dllhost.exe 3668 COM Surrogate Microsoft Corporation
alg.exe 3800 Application Layer Gateway Service Microsoft Corporation
PresentationFontCache.exe 5768 PresentationFontCache.exe Microsoft Corporation
lsass.exe 844 LSA Shell (Export Version) Microsoft Corporation
avgrsx.exe 1324 AVG Resident Shield Service AVG Technologies CZ, s.r.o.
avgcsrvx.exe 1612 AVG Scanning Core Module - Server Part AVG Technologies CZ, s.r.o.
explorer.exe 1620 Windows Explorer Microsoft Corporation
CarboniteUI.exe 2616 Carbonite User Interface Carbonite, Inc.
avgtray.exe 2808 AVG Tray Monitor AVG Technologies CZ, s.r.o.
PSDiagnosticM.exe 1872 PrintServer Utility
GWMDMMSG.exe 1176 Modem Messaging Applet GTW
QTTask.exe 1152 QuickTime Task Apple Inc.
aclock.exe 3436
wben.exe 3504 Web-based Email Notifier Starfield Technologies, Inc.
starfieldupdate.exe 3512 Starfield Updater
hpqtra08.exe 3648 HP Digital Imaging Monitor Hewlett-Packard Co.
hpqste08.exe 2420 HP CUE Status Root Hewlett-Packard Co.
qbupdate.exe 3712 QuickBooks Automatic Update Intuit Inc.
NotesHolder.exe 3832 A!K Research Labs
iexplore.exe 4000 4.62 Internet Explorer Microsoft Corporation
OUTLOOK.EXE 2568 Microsoft Office Outlook Microsoft Corporation
avgcsrvx.exe 4796 AVG Scanning Core Module - Server Part AVG Technologies CZ, s.r.o.
iexplore.exe 5612 1.54 Internet Explorer Microsoft Corporation
procexp.exe 4076 Sysinternals Process Explorer Sysinternals - www.sysinternals.com
GoogleUpdate.exe 1420 Google Installer Google Inc.



The hpq... entries are related to my 2 hp printers, both of which are networked and seem to generate weird processes and errors. I'm not entirely convinced that its not the two networked printers that may be at the root of the problem. Its just such a pain in the neck to mess with a functioning network that I am reluctant to undo and redo the network. Anyway, thanks again for the help! LEt me know if you see anything weird.

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:32 PM

Posted 08 September 2010 - 10:08 PM

I will need to go over that a bit. in the meantime please.....
Run TFC by OT
Please download TFC by Old Timer and save it to your desktop.
alternate download link
Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.

Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal/regular mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 kcolfer

kcolfer
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:32 AM

Posted 09 September 2010 - 07:39 AM

Boopme,

Thanks for the help. Ran TFC and MBAM as you instructed. Scan log below:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4581

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

9/9/2010 6:35:51 AM
mbam-log-2010-09-09 (06-35-51).txt

Scan type: Quick scan
Objects scanned: 154930
Time elapsed: 9 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:32 PM

Posted 09 September 2010 - 03:10 PM

Hello,looks like you should stop one of the Backup apps running.
MaxBackServiceInt.exe or CarboniteService.exe

All the Starfield's
GoogleUpdate.exe ,is for google apps
seaport.exe comes with Windows live application installations, like Windows Live messenger, or Windows Live writer, which I both use. certainly I don’t want this process running on my computer all the time, it consumes too much resources


Disabling the service will prevent it from running at start-up. to disable to the service click on Start then click on Run type services.msc click on Ok. The window will come up:

Look for the offSyncService.exe service {example of a Starfield }on the list right-click it and click on Stop.

After you stop the services, right-click it again, and click on Properties. the Starfieldproperties will come up.

Click on the Start up type option and select disabled then click on OK.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 kcolfer

kcolfer
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:32 AM

Posted 09 September 2010 - 03:51 PM

Boopme,

Thanks for your assistance.

I disabled the Maxtor Backup, which I just recently quit using. I disabled seaport, as I no longer use any windows live applications. I disabled googleupdate.exe and google software updater. I disabled the offsyncservice.exe service (What is a Starfield Service anyway?).

Any other suggestions?

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:32 PM

Posted 09 September 2010 - 04:20 PM

What most are are Updater's that are installed along with another app. like MSN live. They are running in the background and consuming system resources. Stopping the updater doesn't stop the application, only the constant communication with the mother app.

Starfield appears to be a Screensaver app. This case it maybe an updater or a form of spyware.
I usually google them and see what they are and if I want to stop them.

Removing unnecessary startups should speed things up.

Edited by boopme, 16 September 2010 - 10:12 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 kcolfer

kcolfer
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:32 AM

Posted 15 September 2010 - 09:02 AM

Boopme,

I have in the past removed all "unnecessary" startups, with no apparent beneficial effect. I just tried again, following your suggestions. My machine is just as slow as ever. And it turns out that Starfield apps are beneficial in that they are associated with my Web Based Email Notifier. I have spent so much time on this problem :thumbsup: that I intend to nuke it all and re-load windows :flowers: , unless someone can provide another solution. Thanks for your attempts, however! :trumpet:

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:32 PM

Posted 16 September 2010 - 10:10 PM

Hello, I had a family emergency, Perhaps reformatting may be a faster approach,but as I do not believe this is malware perhaps you can get a quick solution in the XP forum.... You're welcome and sorry we could not get it here.


Hello, I had a family emergency, Perhaps reformatting may be a faster approach,but as I do not believe this is malware perhaps you can get a quick solution in the XP forum.... You're welcome and sorry we could not get it here.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 kcolfer

kcolfer
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:32 AM

Posted 17 September 2010 - 07:30 AM

Thanks for your help, boopme!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users