100% CPU Usage then end program and another goes to 100% usage

[John05]

Okay I posted about this in the Win XP topic and they think it could be a virus.

This is really annoying, I have had some lag issues with my pc, I have ran antivirus and spyware and deleted a virus. (BackDoor.Generic2.ABBA) and I still have this problem.

What happens is say I'm just doing normal things, suddenly something will lag and hit 100% cpu usage, if I try to end the task, it ends, however then some other program (not related to it) gets 100% usuage. This keeps happening untill I reboot my pc, then its okay for a bit then it just reoccurs.

Edit: Just for your information I use these cleaning programs

Ad-Aware SE
Spybot S&D
AVG7 free
Avast!
Windows Defender
Spyware Blaster

The LOG
========



Logfile of HijackThis v1.99.1
Scan saved at 01:55:07, on 04/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5296.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Avast4\ashServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\3ds Max 8\mentalray\satellite\raysat_3dsmax8server.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\PROGRA~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\D-Link AirPlus\AirPlus.exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: D-Link AirPlus.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - https://scan.safety.live.com/resourc...scbase3401.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://cabalonline.net/com/KALogoutComponent.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\3ds Max 8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe



Thanks

John

[dahli]

Hello,

Download the trial version of Ewido Security Suite from here and install it.

After installation, double-click the icon on your Desktop to launch Ewido.

On the top of the main screen click Shield. Then click the word active to change it to inactive.

You will need to also update Ewido to the latest definition files. On the top of the main screen click Update. Then click on Start Update. The update will start and a progress bar will show the updates being installed. If you have problems with the updater, you can use this link to manually update Ewido.

Now close Ewido (don't scan just yet).


Reboot into Safe Mode. At startup tap F8 and select Safe Mode (see here).

Make sure all windows are closed and run Ewido. Click Scanner, then click on the Scan tab. Click Complete System Scan to begin scanning. When the scan is complete click Recommended Action and change it to Quarantine. Then click Apply all actions.

Once the scan has finished, click the Save report button, then click Save Report As. This will create a text file. Make sure you know where to find this file again.


Then reboot back to Normal Mode. Run a new scan with HijackThis and post that and the Ewido log back here please.

[John05]

Okay heres the HiJackthis log.

Logfile of HijackThis v1.99.1
Scan saved at 21:37:26, on 04/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5296.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Avast4\ashServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\3ds Max 8\mentalray\satellite\raysat_3dsmax8server.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\PROGRA~1\Avast4\ashDisp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\D-Link AirPlus\AirPlus.exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: D-Link AirPlus.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - https://scan.safety.live.com/resourc...scbase3401.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://cabalonline.net/com/KALogoutComponent.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\3ds Max 8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe




Heres the Ewido log
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 21:26:20 04/09/2006

+ Scan result:



C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll -> Adware.Minibug : Cleaned with backup (quarantined).
:mozilla.34:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\9c1yspzc.default\coo kies-1.txt -> TrackingCookie.Adjuggler : Cleaned with backup (quarantined).
:mozilla.35:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\9c1yspzc.default\coo kies-1.txt -> TrackingCookie.Adjuggler : Cleaned with backup (quarantined).
:mozilla.36:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\9c1yspzc.default\coo kies-1.txt -> TrackingCookie.Adjuggler : Cleaned with backup (quarantined).
:mozilla.81:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\9c1yspzc.default\coo kies.txt -> TrackingCookie.Adjuggler : Cleaned with backup (quarantined).
:mozilla.82:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\9c1yspzc.default\coo kies.txt -> TrackingCookie.Adjuggler : Cleaned with backup (quarantined).
:mozilla.83:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\9c1yspzc.default\coo kies.txt -> TrackingCookie.Adjuggler : Cleaned with backup (quarantined).
:mozilla.49:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\9c1yspzc.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.50:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\9c1yspzc.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.51:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\9c1yspzc.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.52:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\9c1yspzc.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.53:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\9c1yspzc.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.54:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\9c1yspzc.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.309:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\9c1yspzc.default\coo kies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.133:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\9c1yspzc.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.134:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\9c1yspzc.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.135:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\9c1yspzc.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.261:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\9c1yspzc.default\coo kies.txt -> TrackingCookie.Clickhype : Cleaned with backup (quarantined).
:mozilla.66:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\9c1yspzc.default\coo kies-1.txt -> TrackingCookie.Clickhype : Cleaned with backup (quarantined).
:mozilla.185:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\9c1yspzc.default\coo kies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.193:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\9c1yspzc.default\coo kies.txt -> TrackingCookie.Estat : Cleaned with backup (quarantined).
:mozilla.11:C:\Documents and Settings\John\Application Data\MozillaControl\profiles\MozillaControl\amfjq7 b1.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.16:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\9c1yspzc.default\coo kies-1.txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
:mozilla.17:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\9c1yspzc.default\coo kies-1.txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
:mozilla.18:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\9c1yspzc.default\coo kies-1.txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
:mozilla.61:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\9c1yspzc.default\coo kies.txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
:mozilla.62:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\9c1yspzc.default\coo kies.txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
:mozilla.63:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\9c1yspzc.default\coo kies.txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
:mozilla.65:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\9c1yspzc.default\coo kies.txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
:mozilla.233:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\9c1yspzc.default\coo kies.txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
:mozilla.236:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\9c1yspzc.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.237:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\9c1yspzc.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.238:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\9c1yspzc.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.239:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\9c1yspzc.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.240:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\9c1yspzc.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.69:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\9c1yspzc.default\coo kies-1.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.70:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\9c1yspzc.default\coo kies-1.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.71:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\9c1yspzc.default\coo kies-1.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.72:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\9c1yspzc.default\coo kies-1.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.73:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\9c1yspzc.default\coo kies-1.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.25:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\9c1yspzc.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.26:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\9c1yspzc.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.27:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\9c1yspzc.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.28:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\9c1yspzc.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.59:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\9c1yspzc.default\coo kies-1.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.37:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\9c1yspzc.default\coo kies-1.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.38:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\9c1yspzc.default\coo kies-1.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.84:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\9c1yspzc.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.85:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\9c1yspzc.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.86:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\9c1yspzc.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.87:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\9c1yspzc.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.258:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\9c1yspzc.default\coo kies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.259:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\9c1yspzc.default\coo kies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.260:C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\9c1yspzc.default\coo kies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).


::Report end

[John05]

One extra thing, Ad-Aware SE personal always finds a critical object in the registry. I delete it (had to turn TeaTimer.exe off) and yet it ALWAYS show back up.

Heres what it is.

Name:Windows
Category:Vulnerability
Object Type:RegData
Size:19 Bytes
Location:regfile\shell\open\command "" ("regedit.exe" "%1")
Last Activity:04-09-2006
Relevance:Low
TAC index:3
Comment:
Description:General Windows Security Issue. Your system security may be compromised. The specifics of the possible compromised item are listed in the comments section.

[dahli]

Code:

Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\regfile\shell\open\command]
@="regedit.exe \"%1\""

Open Notepad and copy and paste the above text (inside the box) into the text file. Now go to File > Save As and call it startfix.reg. Where it says "Files of Type", select All Files and click on Save. Exit Notepad, double-click on the file and ok the prompt asking if you wish to merge the file with your registry. Reboot.

[John05]

Hey, thanks for all your help but I just reformatted my computer. Seeing as I havent since I got this new setup, I thought it'd fix alot of things that have gone wrong and give me more space (with things I dont use)

Thanks for all the help =D


John

[dahli]

No problem - hope all works ok for you.