Computer Slowing Down Problem(a virus?)

[IceCube]

An update: Thanks for all the advice. For my original post, see below. I cleaned out trojans and fiddled with "regedit" and starup but I'm still having the same problem. I think my problem has something to do with my internet connection(i'm using cable). Because if i unplug the cable line from my modem the slow-down does not occur. But if I surf the web, the slow-down usually occurs within 30 minutes.

Usually I notice the start of the slow-down if i type an address in the address bar. After I type for example: http://www.google.com, it takes about 4-5 minutes to actually connect to the site. The interesting thing is that this delay only occurs if I type the url in the address bar(no delay if i pick a site from my favourites list or if I do a search on google which is my default homepage and go to the site i want).

After this, my computer usually slows down. For example: If I want to save a file from a website, it takes 4-5 minutes to open a "Save Target As" window. Also, it takes 4-5 minutes to open most of the programs on my hard-drive; eg. even notepad takes 4-5 minutes. This usually forces me to restart(by pressing the restart button on my computer because it even takes 4-5 minutes for the logoff window to appear if i try to restart using the start menu).

I don't know if it's related to CPU usage, as of right now while I'm typing this the only process that's hogging my CPU is svchost.exe (with the User Name: LOCAL SERVICE) flactuating between 12-18%.

Thanks for any further help!





--------------------------------------------------------------------

My original post on July 2nd:

I've been having problems with my computer lately. My computer slows down to a halt after a while(ranging from 5-45 minutes after a restart). By slowing down, I mean it takes about 4-5 minutes to open a program or go to a webpage. I checked for viruses and AVG 6.0 free version found a virus known as "Trojan horse IRC/BackDoor.SdBot.ADM" whenever I start my computer. The problem is that it only shows this error message during startup, but when I try to run the AVG program to remove it, it never detects the virus. I also tried using AVG 7.0(trial version), and it also never detected the virus.

I don't know if it's the virus that's causing the slowdown(if so I do I remove it?) or if there are other things that's causing the problem. Note that I did use Ad-aware, Spybot and Hijack this!, to look for problems.

Any help would be greatly appreciated! Thanks


My comp specs:

Win XP Professional
AMD XP 1800
ASUS-A7V333
256mb ddr333 ram
ATI radeon 7500
liteon 16x DVD
liteon 52x/32x/52x cdrw

[Norm]

Check your running processes to see which one is hogging cpu time.

[mccoffee]

also do a msconfig and see if you see anything on startup that is unusal

[Dunster]

Check the security forum and search for Trojan problems. There are a couple of Trojan removal programs such as The Cleaner from MooSoft that you can download and use free for a trial period.

[YeOldeStonecat]

Rule out ad/spy/malware....then prepare for a failing hard drive.

[Joe]

make sure you dont have a bunch of programs running the tray at startup.. you will find them using msconfig as stated above or mike lins Startup CPL.. you can find that here:http://www.mlin.net/StartupCPL.shtml

you may also check the preferences of the programs for an option to stop loading with windows

-Joe:

[Sava700]

Boot computer in safe mode..then run your adaware,virus checker and anything else to clean system.. this way only the main things windows needs to boot/run will start rather than alot of other stuff...check Ctrl+alt+delete on the Task Manager and see what the CPU is using if its over 10% with just windows running in normal mode then I would say too much is running.. and thats a steady 10% usually with IE its around 6-8% for CPU usage. If you notice more then check like the others said on what processes are running with msconfig and startup programs..try to remove any that you don't want/need running including that pesky virus

[IceCube]

see update above, thanks!

[CableDude]

Can you post another hijack this log?

[YARDofSTUF]

give us a list of your running processes

[IceCube]

here's the log:

Logfile of HijackThis v1.97.7
Scan saved at 23:03:05, on 14/7/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\TRENDM~1\PC-CIL~1\Pop3trap.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\COMMON~1\Real\UPDATE~1\REALSC~1.EXE
C:\PROGRA~1\TRENDM~1\PC-CIL~1\WEBTRA~1.EXE
C:\CFusionMX\runtime\bin\jrunsvc.exe
C:\CFusionMX\db\slserver52\bin\swagent.exe
C:\CFusionMX\db\slserver52\bin\swstrtr.exe
C:\CFusionMX\runtime\bin\jrun.exe
C:\CFusionMX\db\slserver52\bin\swsoc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\PC-cillin 2000\Tmntsrv.exe
C:\hajack\HIJACK~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http://proxy.library.utoronto.ca:8080
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O3 - Toolbar: (no name) - {FF7FD490-34E7-4FA1-927A-F5799E6AAD7B} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe"
O4 - HKLM\..\Run: [WebTrapNT.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\PROGRA~1\QUICKT~1\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download all by Net Transport - C:\PROGRA~1\Xi\NETTRA~1\NTAddList.html
O8 - Extra context menu item: Download by Net Transport - C:\PROGRA~1\Xi\NETTRA~1\NTAddLink.html
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Short Message (HKLM)
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shoc ... tor/sw.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shoc ... wflash.cab