I know i have a virus, i can't get on the internet and some processes take up more than 50% of my cpu at certain times. I notice svchost.exe is one of them. I did a full online virus scan with 4 different companies and they all came up as clean, i even updated and ran the resident Norton in safe mode and it said i was clean. Here is my hi jack this log....help needed!!


Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\wuauclt.exe
E:\HijackThis.exe

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dllO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - [url]http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/7d90ae05585062/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4362/mcfscan.cab

run spybot and spysweeper and adaware 6 for spyware dude.

they dont show up on av scans.

i'll let some other guy on here comment on the hijackthis log, but..
this
C:\WINDOWS\System32\inetsrv\inetinfo.exe

looks interesting.
you can't do anything about svchost im afraid, its a ms process that does its own thing. :(

I don't know if you will consider this as good news or bad news, but that is a clean log.

It is probably worthwhile to run the spyware scans. Also, have you already fixed anything with HJT or have you set anything to ignore or disabled anything in msconfig??? Also, what do you mean the computer can't access the internet, please provide as much detail as possible. The main thing you have that is probably eating up resources is Norton... Give us more info and we may be able to help....

I cant get on the internet in regular mode, but i can get to it in safe mode. I have a valid ip address but when i try to connect to the internet it just say page cannot be displayed. I cannot ping out either. I did all the spyware stuff and i am clean yet i still have the same problems.....hope that helps you.

When you go on in Safe Mode, are you activating your antivirus protection and firewall first?? If you are not, you are probably going to get infected even if you aren't now....

When you say you did all the spyware stuff, when and what do you mean?? If you ran Spybot, did it pop up a window telling you that it was fixing your network connection?? Also, did you fix anything with them or with any other program or disable things or ignore things with HJT or anything else.... If you want help with this, you need to provide more detail, not just brief hints.....

If it's a connectivity issue, try the "ipconfig /release" followed by "ipconfig /renew" commands which assigns you a new IP address(assuming you get that through DHCP).

C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe

This from http://www.liutilities.com/products/wintaskspro/processlibrary/tcpsvcs/

tcpsvcs.exe
Application that provides network and Internet communication through TCP/IP. Started only when the user configures special TCP/IP services, such as the DHCP Server.
Company: Microsoft Corp

You are also running snmp - simple network management protocol.

Is this machine supposed to be a server? I can't tell if this is the problem, but you don't appear to have just a simple PC host to Internet connection. - it could be that the system has been set up as a dhcp server instead of a client.
If your machine is a server, it may not have the correct configuration to access the net.

Can you post a bit more info? Is this machine part of a network? is it sharing a connection? how do you connect to the net?

However you are getting up on the net--when you download spybot and adaware, which you should do, make sure to UPDATE both of them on the spot. I don't see any report of your OS, what is it XP? 2K? Me?

When was the last time you updated... Windows, IE, Outlook (affects IE),
When was the last time you did a good house cleaning...TIF, %TEMP%, Cookies, system restore if you have one (Xp or Me), recycle bin. When did you last disk cleanup, scan disk (regular, not thorough) and defrag disk?

Are you saying you only ran free AV scans on various websites, implying you do not have an AV installed? If you have an AV installed is it updated?

Edit: have you done downloading just before this problem started? Any trouble starting up or shutting down? If you did a download, did that program (software, whatever) work ok?

We need clear info in order to help you :)