Hello, I have trying to solve a puzzle/problem for 3 days now. I'm not sure if I have some undetectable spyware, virus or worm. Lately I noticed that my computer considerably slowed down to an annoying point. I also noticed that winlogon.exe is using a lot of cpu percentage and my hard drive light is always solid (except for the first 10 min. after boot up). Here is what i've done/ran so far... -Adaware.........found nothing -AVG.............found nothing -Bazooka.........found nothing -Swat It.........found nothing -NAV.............found nothing -Spybot1.3r......found nothing -Stinger.........found nothing -Window Washer...found nothing -(online)McAfee AV...f.nothing Also I cleaned out my cache and cookies and checked my hdd space (at 45% full) and ram usage was very low. It isn't the Netsky worm so I have no idea what is causing this problem. Does anyone know how to solve this mystery or is the solution right in front of my eyes that it's "elementary my dear Watson" Abort, Retry, Fail?

ohh and also ran MS updates and defraged my hdd. Abort, Retry, Fail?

Try searching for HijackThis off google and download and save. When the problems start run a scan and save the log - then open it in notepad. After that copy and paste the log. Hopefully this will find out whats causing you invisible trouble. ;)

Unplug your pc from the internet physically and see if the activity stops.

I tried HijackThis of there free dl and it picked up 38 things, but most seem in order and others not sure about. Yes the problem still persists even if I never log on or connect to the internet. Abort, Retry, Fail?

Show us the logs from hijack this

Logfile of HijackThis v1.97.7 Scan saved at 8:05:19 AM, on 10/05/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Norton Internet Security\NISUM.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\netdde.exe C:\PROGRA~1\Grisoft\AVG6\avgserv.exe C:\Program Files\Norton Internet Security\ccPxySvc.exe C:\WINDOWS\System32\cisvc.exe C:\WINDOWS\system32\clipsrv.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\msdtc.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.exe C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\PROGRA~1\NORTON~3\SPEEDD~1\nopdb.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\dmadmin.exe C:\WINDOWS\System32\BRMFRSMG.exe C:\WINDOWS\System32\cidaemon.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\Michael\My Documents\My Received Files\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq R3 - Default URLSearchHook is missing N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.truck.net/frame/id/3063/url/http://search.excite.com/search.gw?search=trucking&tsug=-1&csug=-1&collection=timely&look=excite_prodigy_us"); (C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\default\vh8mn1z0.slt\prefs.js) N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\default\vh8mn1z0.slt\prefs.js) O2 - BHO: P3P Client - {00000178-CD4A-447a-BCF9-6FD0096B5527} - C:\Program Files\Privacy Bird\P3PClient.dll O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [NAV Agent] C:\Program Files\Norton AntiVirus\NAVAPW32.exe O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe O4 - HKLM\..\RunOnce: [Index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "Michael" O4 - HKCU\..\RunOnce: [Index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "Michael" O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\Office10\EXCEL.EXE/3000 O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM) O9 - Extra button: MoneySide (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Messenger (HKLM) O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll O15 - Trusted Zone: http://chat.msn.ca O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys Class) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab O16 - DPF: {53406295-12AB-4F49-824A-C5EAD19365DE} (CHSInstaller Class) - http://www.compaq.com/athome/support/PCHInstallTrust01.cab O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} - http://sc.communities.msn.com/controls/chat/msnchat42.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38069.9753587963 O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/controls/SassCln.CAB O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/activedata/SymAData.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{0BE3DC2B-79A3-449D-B6B6-65A03142BED2}: NameServer = 209.53.200.2 209.53.200.3 O17 - HKLM\System\CS1\Services\Tcpip\..\{0BE3DC2B-79A3-449D-B6B6-65A03142BED2}: NameServer = 209.53.200.2 209.53.200.3 Abort, Retry, Fail?