infection or what!?

alright, guys, i'm baaaack!!

this time it's MY computer giving me a headache. i went out of town this last wednesday and was gone til friday night. my computer was completely off the entire time i was gone. friday night when i got home, i turned on my computer and it was sooo slow. i couldn't get it to do anything. the next day my mom was checking email on it and it was taking forever for it to do anything. she would click a link, it would do nothing, she would move on, and like 15 emails (and half an hour) later the browser would pop up. it was crazy.

i tried running norton antivirus liveupdate, but it said liveupdate was already running in the background, so i figured this was the problem. i know norton and similar programs can slow down pc's a LOT (norton confidential was WAY screwing up my dad's computer last month). i figured that since i was gone for a few days, it hadn't had the chance to update in a while, and it was updating like crazy or something. i gave it overnight to get anything it still needed.

sunday - STILL at a snail's pace. i ran msconfig and turned off *every single 'startup' program*. the only thing in my tray now is that little "add/remove hardware" icon. but it's STILL slow!!! it's a little better, but only maybe 10% faster than this weekend. it took me like 20 minutes to print an 8 page document for my dad. it would print like 5 lines and stop for 30 seconds, print 5 lines, and stop for 30 seconds. i was pulling my hair out! programs are running a little faster, though.

i have run norton and spybot and updated everything and they don't find anything bad. i've done ctrl-alt-del like 25 times and the cpu is always at 100% (and still currently is). the programs using the most "juice" are as follows:

explorer 22,371k
svchost 23,832k
spoolsv 12,856k

what in the heck do i do!? what happened? it's an athlon 64 2800 w/ 512 mb ram. *nothing* has changed since last week - i have no idea what's slowing it down! please help!

 

Strange, post your Hijackthis log and we can take a look.

 

ok here's what i got:


Logfile of HijackThis v1.99.1
Scan saved at 6:36:56 PM, on 5/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\dllhost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Cynthia\Desktop\HijackThis1-99-1.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: dllhost.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Security Center (wscsvc) - Unknown owner - C:\WINDOWS\C:\WINDOWS\System32\svchost.exe (file missing)

 

these should be removed:
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O23 - Service: Security Center (wscsvc) - Unknown owner - C:\WINDOWS\C:\WINDOWS\System32\svchost.exe (file missing)


not sure what this is:
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll


let james get back to you before you delete the ones I told you to delete. I haven't read one of these in a while so i could be a bit rusty.

 

ok i'll wait for james. thanks so much!!

 

This is probably the culprit:

O4 - Global Startup: dllhost.exe

These are clutter:

O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

 

so by 'clutter' you mean i can delete them also? i notice that these 'clutter' items are from symantec . . . if i delete them will it effect norton antivirus? cuz i'd like to keep norton antivirus if possible. it's never given me problems like norton confidential did on my dad's computer.

i'll def get rid of the dllhost one - so was that a virus or what? now that i think about it, there were some error messages i was getting having something to do with dllhost.exe when i was trying to shut down my computer during the very slow period. how the heck did i get that? why'd it start after i turned my computer back on after it being off for a couple days?

 

I was looking at that "global startup" one as well but I couldn't remember what the actual title of dllhost was.

 

ok i deleted that dllhost thing using hijackthis, but then i did a search of my computer for "dllhost.exe" and it found 3 files named "dllhost.exe". one's in my main hard drive's Windows/System32 folder, one's in my secondary hard drive's Windows/System32 folder, and the third is in my secondary hard drive's Windows/ServicePackFiles/i386 folder. i almost never use my secondary hard drive. it won't even boot. i just copied my old info off it when i got my new computer and now it just sits in the computer case hooked up doing nothing. so what is this dllhost.exe, why do i have 3 of them on 2 hard drives, and why is it still there after hijackthis supposedly got rid of it? ALSO, i was going back in to msconfig to turn my startup stuff back on and there's a startup item called dllhost.exe listed. what do i do with this? just leave it uincheckd\ed and hope it goes away?

 

Those three are legit. The one from your log was running from C:\Documents and Settings\All Users\Start Menu\Programs\Startup\; the only copies running should be from Windows\System32.

 

gotcha. awesome! you guys know everything! it seems to be working pretty darn fast again. i think that was the problem. thanks SO much!