Sudden Computer Retardation

bsjezz

So I came home last night to my idle computer (windows XP), and AVG wasn't active, displaying the message: "The Shell Extension DLL Library is not installed." When I rebooted this morning AVG didn't execute at all, and repairing the installation won't work either - something seems to be interrupting the processes.

Everything else seems to be mucking up, too - I had to go through the log-in window rather than the normal 'choose user' screen, the theme has changed to classic windows rather than the ugly bubble one that I actually quite like thankyouverymuch, and various windows explorer tasks like simple My Computer browsing are crashing. Stuff is slow, I can't do much without getting errors and crashes, and there seems to be only one conclusion:

Virus

...but AVG won't work and I'm all outta ideas.

I've generated a HijackThis! log but it's all Greek to me, and I did manually close a few processes which seemed a bit unfamiliar this morning so hopefully that won't make them harder to detect: the problems are still occuring so something must be going on.

Log:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12:15:35 PM, on 6/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat

7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -

C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [InfoMyCa.exe] C:\Program Files\Wireless 802.11g Monitor\InfoMyCa.exe
O4 - HKLM\..\Run: [XPFix] C:\Program Files\Wireless 802.11g Monitor\XPFix.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Pinnacle WebUpdater] "C:\Program Files\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe" -s

-f=UpdateVersion.xml -url=http://cdn.pinnaclesys.com/SupportFiles
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Shortcut to Marabou.lnk = ?
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} -

C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} -

C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program

Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} -

C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} -

C:\WINDOWS\system32\browseui.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New

Boundary\PrismXL\PRISMXL.SYS
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 6461 bytes

I've installed a couple of dubious things lately (Yahoo Widgets and a dice rolling widget, an RPG character generator, browsed around MySpace) so I wouldn't be surprised if something has gotten in. But again, I don't know what to do.

If anyone's had similar problems or can see anything awry I'd be evermore in your gratitude!

Thanks guys.

pacbowl

If your windows is legit, get defender and active virus shield (yeah it bears the AOL mark of the beast, but it uses kaspersky and is actually quite good). Run a full scan with those two. Viruses and malware don't normally change all of your user settings like that, but if you do have anything that should clear up most of it.

I'm thinking more along the lines of windows is borked or memory going bad.

bsjezz

Dang, I tried to install Windows Defender and I got this:

Windows Defender requires Windows Installer 3.1 or later. To view a list of all installation requirements, visit the Microsoft website...

You might be right about the memory going bad, but is there a way I can find out? I'm going to be doing a lot of important writing in the near future so I'm gonna want to know if the HDD's at risk of going kaput or somesuch.

edit: dang, the latest version of the Windows Installer won't install either: it stops at the "Inspecting System" stage. This is such a pain

MKR

bsjezz wrote: »

Dang, I tried to install Windows Defender and I got this:

Windows Defender requires Windows Installer 3.1 or later. To view a list of all installation requirements, visit the Microsoft website...

You might be right about the memory going bad, but is there a way I can find out? I'm going to be doing a lot of important writing in the near future so I'm gonna want to know if the HDD's at risk of going kaput or somesuch.

edit: dang, the latest version of the Windows Installer won't install either: it stops at the "Inspecting System" stage. This is such a pain

Do you get any messages from the memory check at bootup?

bsjezz

Not that I can tell. Bootup process is slow and laborious (I've been forced to shut-down by cutting the power because the Windows Logon UI is borked) but there doesn't seem to be any odd messages or anything.

I'm pretty sure it's the hard drive or memory, now that I think about it - a month or two back another windows file was corrupted and I used a recovery disk to repair it, which was probably a symptom of the same problem. Plus I ran an Active Virus Shield scan last night and nothing came up.

So what can I do? If windows files are getting corrupted, does that mean the hard drive is on its way out? My computer is still under warranty (although getting a Gateway computer fixed in Australia has previously proven impossible) so if it needs hardware maintenance it'd be cool to find out asap.

Are there any system or diagnostic tools I can run to find out what's going on?

yotes

Sounds like a failing drive to me. Check if the Event Viewer (Start/Run/eventvwr.msc) is showing mass amounts of bad blocks.

edit: obligatory "back up all of your important shit right now"

bsjezz

Yeah I had a mild crisis this morning when I realised I wasn't actually able to browse my files long enough to make a backup. Luckily I got the important shit over to my girlfriend's lappy and I'm slightly less manic at the moment.

The computer's running a checkdisk at the moment and it's replacing bad clusters all over the place, clusters in files eerily familiar sounding (winlogon, for example.) I'm not sure what this replacement of clusters will actually do, though - is the drive in its death throes?

bsjezz

Alright, here's the skinny: After running Checkdisk and checking the log, there had been a whole bunch of read errors and the computer was still spazzing out a bunch. So I decided to reformat. Everything's going fine for now, but I get the feeling the disk's going to start failing on me again after a while. I'm guessing there's not really anything I can do to prevent it, and I'm going to try to get it fixed under the warranty, but if anyone has any tips on keeping an eye on the hard drive in the meantime it'd be much appreciated... other than that, I guess there's not much more to be done.