EDIT: GODDAMMIT, I FORGOT THAT IT WOULDN'T COPY IF YOU LOG OFF... Ugh! Okay, I'll shorten this then.

It all started when I was doing the IQ test (today) that was posted up in a thread. As soon as I finished, I clicked the button to continue on and it said "Page cannot be displayed" yadayadayada, that page. Then, whenever I went to any other page, it immediately (and I mean immediately, right away) came up with the Page cannot be Displayed. Then my computer started acting weird. The speed of my computer slowed down considerably. Also, especially if I'm gone for a bit and my computer locks, then the screen freezes/shows only bits of the screen, like the edges of windows.

So now, if I log off or restart, I can get on the internet for a few minutes, but it will soon go to that "page cannot be displayed". It happens immediately and for every website. As soon as that starts to happen, my computer slows down drastically. Then my computer starts to freeze/screw up/act weird.

I have tried System Restore to a week back, Norton, and a Spyware Detection/Deletion program. Nothing has worked.

Can anyone help me? This is getting really annoying...

First: I assume by "Norton" you mean "Norton Anti-Virus." Have you updated it recently? If not, do so with all speed.

Next, if that doesn't work/isn't applicable: I do hope you're running XP, otherwise this next suggestion is for shit. Ctrl-Alt-Del to bring up the Task Manager, "Processes" tab, click on "CPU" to sort big numbers to the top, jot down 5 or so you see towards the top of the list and the associated value, and then do the same for "Memory Usage." Post those two lists here for further advice.

They are all jumping around a lot, the only one that stays somewhat constant so far is the Sysem Idle Process.

System Idle Process - 98
taskmgr.exe - 0 to 02
explorer.exe - 0 to 02
IEexplorer.exe - 0 to 03

That's all I can really get, it's jumping around a lot. Mind you, these are from when my internet is working (for the short time it is), do you want the numbers for when it is not working?

Yeah, I need numbers from when ewverything's on the fritz.

What you've got ^^ is completely normal. :p

Okay, I'll post them up when my internet stops working.

Also I've seemed to have a reinstalling virus on my computer for a while, a W32.Gaobot.WX. Norton comes up with a little box saying "Virus Alert". Tells me where it is, and tells me either "unable to repair file" or "Acess to file was denied". I've had it on my computer for a while. The thing is, I've been too lazy/had no time to go into safe mode and deinstall the virus manually. Could this be contributing? I've never really bothered to get all the facts to it, and right now, the site it links to isn't working.

Okay, internet not working now, I'll post it.

avserve.exe: 75 - 87
System Idle Process: 08 - 14
taskmgr.exe: 0 - 03
svchost.exe: 0 - 06
Gamechannel.exe: 0 - 08
IEEXPLORE.EXE: 0 - 08
System: 0 - 02

Uh... don't like the look of that avserve.exe thing.... I think gamechannel is just something I installed to play uproar or another site. I think I better get rid of that...

You have a virus/worm that is eating all your bandwidth and most of your CPU, which is why you're getting the "page cannot be displayed" error. The culprit is most likely the avserve.exe process.

To get rid of it:
- Download and run Hijack This! (http://www.spywareinfo.com/~merijn/downloads.html) (scroll down to Official Downloads section) - Tutorial (http://hjt.wizardsofwebsites.com/) - and then remove any items that look suspicious or that you don't want, making note of their names. This will remove the registry keys that allow the program to start when you start up your computer.
- Restart your computer
- Once you've rebooted, do a search for the programs for which you removed registry keys and then delete them. You may also want to clear out the contents of your \windows\temp\ and temporary internet files directories.

*Note: Some worms/viruses/trojans are tricky and require you to be in safe mode before you can remove their registry keys. To enter safe mode, restart your computer and before the "Loading Windows" screen appears, hit F8 (you can spam it religiously if you'd like). This should bring you to a text-based boot menu with one of the options being safe mode. Choose it and then boot into it.


<rant>In case you haven't realized yet, Norton Anti-Virus and most every other anti-virus program are completely useless. They eat system resources, and when you do have a virus, all they do is say "OMG! You might have a virus! But i'm too fucking stupid to know how to get rid of it." In fact, many newer viruses or worms will deliberately destroy NAV files or force the process to end.

System Restore wasn't really made to get rid of viruses/trojans. It was mostly for fixing driver problems or problems with windows software updates.

Adware removal programs also don't catch viruses or trojans because they search for specific entries, whereas Hijack This just lists anything that isn't a default value.</rant>

Logfile of HijackThis v1.97.7
Scan saved at 1:27:09 PM, on 5/1/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\Microsoft.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\WildTangent\Apps\GameChannel.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 7.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\WINDOWS\avserve.exe
C:\WINDOWS\avserve2.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\System32\6703_up2.exe
C:\WINDOWS\System32\capq.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\ftp.exe
C:\Documents and Settings\evan\Local Settings\Temporary Internet Files\Content.IE5\9WCRDD49\HijackThis[1].exe
C:\WINDOWS\wt\updater\wcmdmgr.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = iexplore
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 7.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [avserve.exe] C:\WINDOWS\avserve.exe
O4 - HKLM\..\Run: [avserve2.exe] C:\WINDOWS\avserve2.exe
O4 - HKLM\..\Run: [Microsoft Update] Microsoft.exe
O4 - HKLM\..\Run: [6703_up2] C:\WINDOWS\System32\6703_up2.exe
O4 - HKLM\..\Run: [capq] C:\WINDOWS\System32\capq.exe
O4 - HKLM\..\RunServices: [Microsoft Update] Microsoft.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: raid_tool.exe.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} (Microsoft VM) - http://www.wildtangent.com/install/jvm/msjavx86_3805.exe
O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} (shizmoo Class) - http://www.uproar.com/applets/activex/shizmoo/flipside_web18.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {58172624-85DD-4482-9E64-02ADCA637E96} (shizmoo Class) - http://www.shizmoo.com/activex/web665.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37974.4491435185
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

I believe that I should delete avserve, and avserve2. Am I right? Is there anything else I should delete too?

Well I see a couple of very suspicious files, 6703_up2.exe no idea what that is but I sure it don’t belong. And I know capq.exe needs to go. I would just use spybot, it would get rid of all of that for you, but that’s me and if you make a mistake you can get it back if needed

I went ahead and deleted avserve and avserve2. Win32 was taking up a lot too, but it isn't now. I didn't dare delete that, as I'm pretty sure it's used a lot, although a lot of viruses piggyback into there...

EDIT: It seems to have worked fairly well. Thanks Exedore and everyone :)

EDIT: Damn! It didn't fix it all. Now:

win32.exe: 53 - 80
svchost.exe: 06 -21
Gamechannel.exe: 0 -11
services.exe 06 -19
IEXPLORER.EXE - 0 - 11

Holy crap you have a lot of sypware/viruses/trojans.

Definitely something that needs deleted:
C:\WINDOWS\System32\Microsoft.exe
C:\WINDOWS\avserve.exe
C:\WINDOWS\avserve2.exe
C:\WINDOWS\System32\6703_up2.exe
O4 - HKLM\..\Run: [avserve.exe] C:\WINDOWS\avserve.exe
O4 - HKLM\..\Run: [avserve2.exe] C:\WINDOWS\avserve2.exe
O4 - HKLM\..\Run: [Microsoft Update] Microsoft.exe
O4 - HKLM\..\Run: [6703_up2] C:\WINDOWS\System32\6703_up2.exe
O4 - HKLM\..\RunServices: [Microsoft Update] Microsoft.exe

Possible spyware/trojan/virus:
C:\WINDOWS\System32\gearsec.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 7.exe
C:\WINDOWS\System32\capq.exe
O4 - HKLM\..\Run: [capq] C:\WINDOWS\System32\capq.exe


Also, the Win32.exe thing is a virus/trojan. It's most certainly not a real windows component. If you don't know what something is, just do a google search for it. If it's a real file, you'll probably get a lot of references for it that explain what it does. If it's a virus, you'll probably get no information, or links about it being a virus.

Thank you, Exedore. The program you gave me deleted all the files, and the ones it couldn't reach I deleted myself. I'll see how it works tomorrow, but that should fix it all. Thank you, again.

EDIT: Urg, it keeps coming back. More things keep coming back too, like up_2383 or numbers like that. I can always just do end process, but if it happens again, I'm going to try deleting more...