Okay, heres the deal. My once perfectly fine computer seems to be running into the ground performance wise :\ My processes are filled with random junk it never used to have. I have at all times 9 Svchost.exe's running and one of which uses over 140K of memory yes that much, and thats just one of them! and to add to my fun I constantly have two iexplore.exe's running both of which take up more than 60k each, and when i terminate them they. Just. Come. Back. I don't even use internet explore! This is really starting to get on my nerves and I really want to know whats wrong :\ I've ran multiple malware/spyware/virus scans, cleaned what was on it but these problems still won't go away. :no:

Any suggestions?

It's normal to have several instances of svchost.exe running. Those are services--though not all services run in instances of svchost.exe, anyway you can see what services are installed and what ones running by typing "services.msc" into "start > run".

There must be something wrong if you aren't using Internet Explorer. However it's also normal that the latest versions of IE use two instances of iexplore.exe. You are sure it's iexplore.exe and not explorer.exe?

Post a hijackthis log.

http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
+
http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx

dosraider beat me to it

just check out the process explorer and which services inside svchost are useless junk you will get rid of

It's unavoidable that windows becomes slower after a long time. Sometimes you just have to reinstall it fresh.
You might even get one of those programs which can save an image of the harddisc bit for bit. Then, when you need it, you can restore a backup of your perfectly configured windows in like 5 minutes, update the drivers and voilá.

What exactly is Hijack this, I've seen alot about it but I'm not a techy person and I don't understand it at all (same with the command prompt diagnoses thing) :( the internet explore thing still bugs me, and yes I'm positive its iexplore not explore. But I will post reports if you can explain me alittle how to use them ^^; (n00b)

New stuffs been happenin to my computer now, I'm afraid I'm being attacked by a virus :( I'll get those windows error report messages like 5 times while I'm on the computer and sometimes they get rid of my explore.exe and my tool bar disappears but now its got rid of my windows xp theme and now I'm stuck with only the classical version, I haven't done a restart yet, i'm sure it will fix it but i don't know whats wrong. Malbytes anti-Malware won't open, even after I uninstall and re-install, so I can't run on that so I've ran Ccleaner and spybot, got rid of the stuff it found but somethings still wrong. Spybot is constantly finding affected files and I would like to know if theres a better protection program I can get :\ sorry lots of text I'm just kinda flabbergasted at the moment :( My computers never gone this rotten before...

It might be the so-called "Prefetch" virus. Look for an ini file in your windows prefetch folder. If the whole mess stops slowing your computer down when you delete the contents of that folder, then you know. Sometimes associated with the Ravmon flash-drive malware. Search your computer for Ravmon or ravmonlog. Do a simple search for this name and see what pops up. Any svchost or whatever that's IN CAPS is likely to be a part of this problem. Try using Malware Bites. And do a deep external scan (preferably from a web scanner) to ensure you don't have any underlying viruses. Then please install Avast and/or Microsoft Security Essentials. A friend recommended it to me because MSE doesn't have a database that needs constant updating, so it's far better than Nortons in recognising threats, and it's free. I'm gonna put it on my home puter asap. And let us know if you have to reinstall Windows or not. Also, make sure all the stuff you've deleted isn't hiding in your last system save state thingy, only to be put back in place the next time you boot up.

We're having endless problems with the autorun.ini virus, Fichiers.exe, and ravmonlog on our flash drives over the past few years, because there haven't ever been antivirus programmes on our editing suites. Multiple use of flash drives in our offices has buggered up a lot of our pc's as a consequence. Matthew doesn't believe there's such a thing as ravmon or autorun malware - but at least Wesley does. They still don't see the need to put antivirus on the Avid and Liquid machines, because they don't have an internet connection. If any of you read about Mysterious Poisoning of South African IT Department With Strychnine, you'll be able to blackmail me :P

What exactly is Hijack this, I've seen alot about it but I'm not a techy person and I don't understand it at all (same with the command prompt diagnoses thing) :( the internet explore thing still bugs me, and yes I'm positive its iexplore not explore. But I will post reports if you can explain me alittle how to use them ^^; (n00b)
http://free.antivirus.com/hijackthis/
Just get it, install it, run it and post here the log it generated.

New stuffs been happenin to my computer now, I'm afraid I'm being attacked by a virus :( I'll get those windows error report messages like 5 times while I'm on the computer and sometimes they get rid of my explore.exe and my tool bar disappears but now its got rid of my windows xp theme and now I'm stuck with only the classical version, I haven't done a restart yet, i'm sure it will fix it but i don't know whats wrong. Malbytes anti-Malware won't open, even after I uninstall and re-install, so I can't run on that so I've ran Ccleaner and spybot, got rid of the stuff it found but somethings still wrong. Spybot is constantly finding affected files and I would like to know if theres a better protection program I can get :\ sorry lots of text I'm just kinda flabbergasted at the moment :( My computers never gone this rotten before...Some files can only be gotten rid of in Safe Mode. Boot into Safe Mode, then run the antivirus programs.
Also, CCleaner is a not an anti-malware application.

.What exactly is Hijack this, I've seen alot about it but I'm not a techy person and I don't understand it at all (same with the command prompt diagnoses thing) :( the internet explore thing still bugs me, and yes I'm positive its iexp bla bla bla bla bla bla bla bla bla bla bla bla bla bla bla bla bla

http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
+
http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx

Pretty hopeless, isn't it _r.u.s.s. ?

Sometimes I forget it's useless to try to help some peeps, and post even if I should know by now they are beyond any help you can offer them.

Ahwell, sad but true.
:(


....walks away .......

Trying this in parts.. won't let me post a whole thing :\

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:44:33 PM, on 8/12/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.ca/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2535290
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=127.0.0.1:5555
R3 - URLSearchHook: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSof1.dll
R3 - URLSearchHook: Messenger Plus Live CA-EN Toolbar - {437c4386-9237-441f-a940-009430030ee0} - C:\Program Files\Messenger_Plus_Live_CA-EN\tbMes1.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSof1.dll
O2 - BHO: Messenger Plus Live CA-EN Toolbar - {437c4386-9237-441f-a940-009430030ee0} - C:\Program Files\Messenger_Plus_Live_CA-EN\tbMes1.dll
O2 - BHO: UrlHelper Class - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\Program Files\iMesh Applications\MediaBar\DataMngr\IEBHO.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Bandoo IE Plugin - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Program Files\Bandoo\Plugins\IE\ieplugin.dll
O3 - Toolbar: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSof1.dll
O3 - Toolbar: Messenger Plus Live CA-EN Toolbar - {437c4386-9237-441f-a940-009430030ee0} - C:\Program Files\Messenger_Plus_Live_CA-EN\tbMes1.dll
O4 - HKLM\..\Run: [wvwxyasys] rundll32.exe "jkhebx.dll",DllRegisterServer
O4 - HKLM\..\Run: [efdcdddrv] rundll32.exe "efddcb.dll",s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [tuvwusdrv] rundll32.exe "efddcb.dll",s
O4 - HKUS\S-1-5-18\..\Run: [opopnosys] rundll32.exe "jkhebx.dll",DllRegisterServer (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [wmsdk64_32.exe] C:\WINDOWS\TEMP\wmsdk64_32.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ljkljkdrv] rundll32.exe "efddcb.dll",s (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [opopnosys] rundll32.exe "jkhebx.dll",DllRegisterServer (User 'Default user')
O4 - Global Startup: Wireless Configuration Utility HW.14.lnk = C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8 574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Sarah\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
(why isn't it let me post this T___T)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1169245842125
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O16 - DPF: {EBF85371-A38F-485B-B28F-0B4C82D25937} (CUpdateCtl Object) - http://update.hpphoto.com/download/HPSWUpdate.ocx
O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467B-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll (file missing)
O18 - Protocol: intu-qt2008 - {05E53CE9-66C8-4A9E-A99F-FDB7A8E7B596} - C:\Program Files\QuickTax 2008\ic2008pp.dll (file missing)
O20 - AppInit_DLLs: c:\progra~1\bandoo\bndhook.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
--
End of file - 7552 bytes

There is one line that it just will not let me post :S hold on I'll figure something out

I can't seem to post the rest at the moment... it keeps saying the server gets restarted or something *sigh* stupid technology :(

I ran Autoruns and Process explorer but I have no clue what I'm looking for in those logs :(...

I also tried to downloaded Microsoft Security essentials like you said, but when I try to download it I get a command prompt message saying "program is too big to fit in memory" :S

And if this is any help one of the error reports is called "dr watson postmortem debugger error" Some people say its nothing some say its a virus but i don't know, it pops up numerous times while I'm on the computer, even the moment I start up before I do anything it pops up. Hope that helps some maybe :S

Oh and i ran my scan in safe mode but stuffs still going wrong. I notice it seems to keep finding the same viruses over and over even though it says it fixes them... I should have wrote them down for you next scan I will!

Sorry for being so helpless guys :(

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)

(I had to delete the website listed to let me post this :\)

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=127.0.0.1:5555
http://forums.malwarebytes.org/index.php?showtopic=33143&view=findpost&p=169492
O4 - HKUS\S-1-5-18\..\Run: [wmsdk64_32.exe] C:\WINDOWS\TEMP\wmsdk64_32.exe
NO LEGIT SOFTWARE autoruns from the \TEMP directory. Remove entry. Boot into Safe Mode. Delete the file or rename it.
O4 - HKLM\..\Run: [efdcdddrv] rundll32.exe "efddcb.dll",s
O4 - HKCU\..\Run: [tuvwusdrv] rundll32.exe "efddcb.dll",s
O4 - HKUS\S-1-5-18\..\Run: [ljkljkdrv] rundll32.exe "efddcb.dll",s (User 'SYSTEM')
Malware >> http://www.superantispyware.com/malwarefiles/LJGGGF.DLL.html
Remove entry. Boot into Safe Mode. Delete or rename the file.
O4 - HKLM\..\Run: [wvwxyasys] rundll32.exe "jkhebx.dll",DllRegisterServer
O4 - HKUS\S-1-5-18\..\Run: [opopnosys] rundll32.exe "jkhebx.dll",DllRegisterServer (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [opopnosys] rundll32.exe "jkhebx.dll",DllRegisterServer (User 'Default user')
Malware >> http://www.prevx.com/filenames/X334197793017683990-X1/BYWXYV.DLL.html http://www.prevx.com/filenames/406881739422892828-X1/WVWUVT.DLL.html
Remove entry. Boot into Safe Mode. Delete or rename the file.

Note: The removal should be done simultaneously. So should be deletion. Some of those assholes have a tendency to come back if even only one of their files was left on your system (been there when cleaning malware from a PC at work in 2008)

Oh thank you! Thanks to everyone. It seems the situation has been cleared. All the random system errors have stopped and iexplore.exe has stopped running. I'm very glad thank you again :)

That doesn't mean your system is clean yet.
Make another scan with Spybot and HijackThis, posibly also with another anti-malware/anti-virus program. If nothing shows up, then the problem is most likely solved.

Also, use pastebin for the new log: http://pastebin.com/

Forgive me guys, new problem arised... please view my new thread for details since it is quite unrelated and diffrent to my previous problem. I thought a new thread would help attract people who knew how to fix my new problem otherwise I would have just posted it here. Sorry for all the trouble I'm causeing :(

It's unavoidable that windows becomes slower after a long time. Sometimes you just have to reinstall it fresh.

In a case of a serious infection is this statement pure mirage.
Just to be sure you should check your MBR.
If it is infected you're in deep trouble and even a complete reinstallation won't help.

Try Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

A nice and easy to use tool is System Explorer. My biggest requirement for an advanced task-manager was that it forces itself to the foreground in no time no matter what. But I'm impressed about this piece of software. It's quite better then the process explorer imho.

If you got a process you don't know about you can simply send it to virustotal.com. It then checks the checksum and in most cases this file was scanned b4 and you also got comments from other users about this file. Is it a threat or not. Can be helpful in lots of cases. Especially when you got 5 similiar looking svchost.exe running ;)

edit: check the in and outgoing traffic with your firewall or specialized programs. when there's an svchost.exe listed as outgoing you can be sure that you got malware on your PC