[bumfluff]

hi , i am having problem accessing disc drives and hard drives through my computer icon in start menu. when i click on my computer to access drives that little torch like icon apears as if searching for drives. after about acouple of minutes the drives apear and i can use them ok,thi started yesterday ihave run virus scan and spysweeper but show nothing i have also noticed a marked slowdown in the windows shutdown process. iam posting hijack log below hope you can help.Logfile of HijackThis v1.99.1
Scan saved at 10:32:13, on 21/11/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\UAService7.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\New Folder\BitTornado\btdownloadgui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\My Documents\hi jack log\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.broadband.blueyonder.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.broadband.blueyonder.co.uk
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by blueyonder
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [USIUDF_Eject_Monitor] C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [mount.exe] C:\Program Files\GiPo@Utilities\GiPo@FileUtilities\mount.exe /z
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.broadband.blueyonder.co.uk
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe

[Advertisements]

Hi bumfluff and welcome to Geeks to Go .

My name is infaddict and I will be helping you with your problem. As it has been 3 days since your original post, please reply with a fresh HijackThis log.

Thank you for your patience .

Edited by infaddict, 24 November 2005 - 06:22 AM.

[infaddict]

Hi bumfluff and welcome to Geeks to Go .

My name is infaddict and I will be helping you with your problem. As it has been 3 days since your original post, please reply with a fresh HijackThis log.

Thank you for your patience .

Edited by infaddict, 24 November 2005 - 06:22 AM.

[bumfluff]

my new log as requested Logfile of HijackThis v1.99.1
Scan saved at 13:43:59, on 24/11/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\UAService7.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\New Folder\BitTornado\btdownloadgui.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Owner\My Documents\hi jack log\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.broadband.blueyonder.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.broadband.blueyonder.co.uk
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by blueyonder
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [USIUDF_Eject_Monitor] C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [mount.exe] C:\Program Files\GiPo@Utilities\GiPo@FileUtilities\mount.exe /z
O4 - Global Startup: Spy Sweeper Fix.lnk = C:\Program Files\Webroot\Spy Sweeper\SpySweeperFix.bat
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.broadband.blueyonder.co.uk
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe

[infaddict]

Hi bumfluff, your log looks clean

Spy Sweeper is a very good and thorough program, so if it is not detecting anything then that is a very good sign - have you updated the Spy Sweeper definitions to the latest level?

In addition, you can try these following free online scans :

Panda ActiveScan
Trend Micro

Please post back with the results of these scans.

[bumfluff]

thx for your response unfortuneatly unable to use the progs. you sugest browser not suported iam using firefox. ihave carried out anumber of thourogh scans with avast and adawre and have come back clean i recently added an external hardrive to my pc wich shows as healthy, but wonder why the safely remove hardware icon does not apear anymore do you think this might have smomething to do with my prob. if i switch off external drive still have prob. though. thx once again.

[infaddict]

Hi bumfluff

Are you able to you use Internet Explorer just to try these online scans?

The Trend Micro website says it is compatible with Mozilla Firefox, so you should be able to run that :

Try again here

I would have also suggested running Ewido in Safe Mode (update you definitions in Normal mode first). It appears you already have Ewido, so could try that.

I don't think your external HD issues are malware related, as no scan has actually shown anything infecting your system. Apart from the 'safely remove hardware' icon not appearing, are you having any more symptoms that could suggest a virus, spyware, trojan etc?

If the suggested scans above also come back clean, I think you should then post a message in the XP forum stating you have been certified malware free and explain your HD problem.

Let me know how you get on with the scan

[bumfluff]

hi m8 thx for your time scanned with ewido found some things which have been removed will follow your advice and try xp forum thx again. log from ewido below.---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 13:01:34, 25/11/2005
+ Report-Checksum: 9CEC99AF

+ Scan result:

:mozilla.24:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hu4pymtw.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hu4pymtw.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hu4pymtw.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hu4pymtw.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hu4pymtw.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hu4pymtw.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hu4pymtw.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hu4pymtw.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hu4pymtw.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hu4pymtw.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hu4pymtw.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hu4pymtw.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hu4pymtw.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hu4pymtw.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hu4pymtw.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hu4pymtw.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hu4pymtw.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hu4pymtw.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hu4pymtw.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hu4pymtw.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hu4pymtw.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hu4pymtw.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hu4pymtw.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.110:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hu4pymtw.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hu4pymtw.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.112:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hu4pymtw.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hu4pymtw.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hu4pymtw.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.210:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hu4pymtw.default\cookies.txt -> Spyware.Cookie.Euroclick : Cleaned with backup
:mozilla.218:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hu4pymtw.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.219:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hu4pymtw.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.269:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hu4pymtw.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.323:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hu4pymtw.default\cookies.txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
:mozilla.339:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hu4pymtw.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.340:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hu4pymtw.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.349:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hu4pymtw.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.350:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hu4pymtw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.351:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hu4pymtw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.352:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hu4pymtw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.353:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hu4pymtw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.354:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hu4pymtw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.355:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hu4pymtw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.Euroclick : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup
C:\WINDOWS\system32\aoledit.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\dhrawex.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\dnp0017me.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\dnutil.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\lqiff12n.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\narsnl.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\skeio.dll -> Spyware.Look2Me : Cleaned with backup
D:\My Shared Folder\WinDVDCreator2-dm.exe -> Spyware.Trymedia : Cleaned with backup


::Report End

[infaddict]

Hi bumfluff

The Ewido log mostly contains Firefox cookies, which are not too much to worry about. However, at the bottom it has detected and cleaned some files related to the Look2Me infection. This infection has never been evident in your HJT logs, so it could just be a past/dormant infection.

To be safe though, please can you do the following.

1) Reboot into Safe Mode and re-run Ewido and save the new log file

2) Reboot back into normal mode

3) Download L2mfix from one of these two locations:

http://www.atribune....oads/l2mfix.exe
http://www.downloads....org/l2mfix.exe

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.

IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!

if you receive, while running option #1, an error similar like: ''C:\windows\system32\cmd.exe,
C:\windows\system32\autoexec.nt the system file is not suitable for running ms-dos and microsoft windows applications. choose close to terminate the application.."...then please use option 5 or the web page link in the l2mfix folder to solve this error condition. do not run the fix portion without fixing this first.

4) See if you can run the online Trend scan from Firefox (try using this link) and post the results

5) Also post the results of the new Ewido log

Finally let me know if you are getting any symptoms like popups, freezing and if your HD is performing any better

Edited by infaddict, 25 November 2005 - 09:51 AM.

[bumfluff]

thx for your input ithink you are right about that infection being dorment thx to xp forum ihave now resolved my problem and as things seem to be ok ithink iwill leave well alone but thank you ever so much for your help

[infaddict]

Great News

Since your issues have been addressed and you are ready to travel the net again, I will just give you a few ideas on how to stay safe out there. Best of all these programs are all readily available on the net for free

To reduce the potential for spyware infection in the future, I strongly recommend installing SpywareBlaster and SpyWareGuard.

SpywareBlaster and SpywareGuard are by JavaCool and both are free programs. SpywareBlaster will prevent spyware from being installed and consumes no system resources. SpywareGuard offers realtime protection from spyware installation attempts.

More info and download is available at:

Spyware Blaster Spyware Guard

Might I suggest the following Free Spyware programs for added security, you can download them at the following links. These programs work great for detection:

Ad-aware SE--Adaware Tutorial

Spybot S&D--Spybot Tutorial

Antiviruses play an important role in keeping your computer safe and worry free while using the net. *NOTE* Only one antivirus must be allowed to run on your computer, as having two or more running can and will cause conflicts.

AVG Avast

Firewalls are also a must in any good prevention :

Zone Alarm Sygate Kerio

There are different browsers available on the net, other than Internet Explorer, we believe!! these are better for security purposes :

Firefox Opera

You must stay on top of your updates at all times, for the above mentioned applications.

It is vitally important to stay on top of your critical updates provided by microsoft.

This can be accessed by going to Windows Updates and following the prompts.

To add to the performance of your computer, i suggest a weekly maintenance program. Run this tool. Ccleaner

Lastly a second opinion on the Antivirus that you have chosen. I suggest running these online virus scans periodically, just to make sure that the av is doing a proper job, of keeping you safe :

Rav Online Scan Housecall Online Scan Panda Activescan

Housecall Java Online Scan<---For those who use Firefox, or opera.

And finally a little How did I get infected in the first place ? (by Mr. Tony Klein)

Good luck and safe surfing

[bumfluff]

thx once again for all your help and advice cheers and seasons greetings to all.

[infaddict]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.