Re: vcodec
Also got it from vcodec.com Grrrrrrrrr.....
- When I open up IExplorer, the page automatically goes to a "Security Center" (These "folks" are probably part of the scam)
- Pop ups in IExplorer windows - even if it's not running in main Expl.window
- A yellow flashing triangle will appear on my tray area (every 1/2 minute) Spyware Detected (4 active spyware applications ) Click the icon to get rid off unwanted spyware.
My Virus sw pops up with: W32/Dloader.NVM, removed (NORMAN ANTIVIRUS)
Even if I try the procedure I saw for removing vCodec, there must be something missing cause it returns at next restart...
Can anyone help out ?
Here is my logfile:
Logfile of HijackThis v1.99.1
Scan saved at 00:38:04, on 05.01.06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\f23hser.exe
C:\Programfiler\Norman\Bin\Zanda.exe
C:\WINDOWS\system32\f23happ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\Programfiler\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Programfiler\Norman\Nvc\BIN\nipsvc.exe
C:\Programfiler\Norman\bin\NJEEVES.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\NILaunch.exe
C:\Programfiler\Norman\bin\ZLH.EXE
C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe
C:\Programfiler\iTunes\iTunesHelper.exe
C:\Programfiler\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\iPod\bin\iPodService.exe
C:\Programfiler\Norman\Nvc\BIN\NIP.EXE
C:\Programfiler\Norman\Nvc\bin\nvcoas.exe
C:\Programfiler\Norman\Nvc\bin\cclaw.exe
C:\WINDOWS\system32\mssearchnet.exe
C:\WINDOWS\system32\nvctrl.exe
C:\Documents and Settings\Kjell Olav\Skrivebord\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: (no name) - {e0103cd4-d1ce-411a-b75b-4fec072867f4} - C:\WINDOWS\system32\hp58F3.tmp
O4 - HKLM\..\Run: [Net-It Launcher] C:\WINDOWS\system32\NILaunch.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\Programfiler\Norman\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Documents and Settings\Kjell Olav\Skrivebord\HijackThis.exe /startupscan
O4 - Startup: Ventrilo Server.lnk = C:\Programfiler\Ventrilo_Server\ventrilo_srv.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1104961703357
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: FIREGL23UTIL (FireGL23Util) - ATI Technologies, Inc. - C:\WINDOWS\System32\f23hser.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Programfiler\Norman\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Programfiler\Norman\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Unknown owner - C:\Programfiler\Norman\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Programfiler\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\Programfiler\Norman\Nvc\BIN\NVCSCHED.EXE
*******************************************
Cheers
KOSPAANG
- When I open up IExplorer, the page automatically goes to a "Security Center" (These "folks" are probably part of the scam)
- Pop ups in IExplorer windows - even if it's not running in main Expl.window
- A yellow flashing triangle will appear on my tray area (every 1/2 minute) Spyware Detected (4 active spyware applications ) Click the icon to get rid off unwanted spyware.
My Virus sw pops up with: W32/Dloader.NVM, removed (NORMAN ANTIVIRUS)
Even if I try the procedure I saw for removing vCodec, there must be something missing cause it returns at next restart...
Can anyone help out ?
Here is my logfile:
Logfile of HijackThis v1.99.1
Scan saved at 00:38:04, on 05.01.06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\f23hser.exe
C:\Programfiler\Norman\Bin\Zanda.exe
C:\WINDOWS\system32\f23happ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\Programfiler\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Programfiler\Norman\Nvc\BIN\nipsvc.exe
C:\Programfiler\Norman\bin\NJEEVES.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\NILaunch.exe
C:\Programfiler\Norman\bin\ZLH.EXE
C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe
C:\Programfiler\iTunes\iTunesHelper.exe
C:\Programfiler\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\iPod\bin\iPodService.exe
C:\Programfiler\Norman\Nvc\BIN\NIP.EXE
C:\Programfiler\Norman\Nvc\bin\nvcoas.exe
C:\Programfiler\Norman\Nvc\bin\cclaw.exe
C:\WINDOWS\system32\mssearchnet.exe
C:\WINDOWS\system32\nvctrl.exe
C:\Documents and Settings\Kjell Olav\Skrivebord\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: (no name) - {e0103cd4-d1ce-411a-b75b-4fec072867f4} - C:\WINDOWS\system32\hp58F3.tmp
O4 - HKLM\..\Run: [Net-It Launcher] C:\WINDOWS\system32\NILaunch.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\Programfiler\Norman\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Documents and Settings\Kjell Olav\Skrivebord\HijackThis.exe /startupscan
O4 - Startup: Ventrilo Server.lnk = C:\Programfiler\Ventrilo_Server\ventrilo_srv.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1104961703357
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: FIREGL23UTIL (FireGL23Util) - ATI Technologies, Inc. - C:\WINDOWS\System32\f23hser.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Programfiler\Norman\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Programfiler\Norman\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Unknown owner - C:\Programfiler\Norman\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Programfiler\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\Programfiler\Norman\Nvc\BIN\NVCSCHED.EXE
*******************************************
Cheers
KOSPAANG
0
This discussion has been closed.
Comments
--
Please read these instructions carefully and print them out! Be sure to follow ALL instructions!
Download smitRem.exe and save the file to your desktop.
Right click on the file and extract it to it's own folder on the desktop.
Place a shortcut to Panda ActiveScan on your desktop.
Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/
Please read Ewido Setup Instructions
Install it, and update the definitions to the newest files. Do NOT run a scan yet.
If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates:
Ad-Aware SE Setup
Don't run it yet!
Next, please reboot your computer in SafeMode by doing the following:
- Restart your computer
- After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
- Instead of Windows loading as normal, a menu should appear
- Select the first option, to run Windows in Safe Mode.
Now scan with HJT and place a checkmark next to each of the following items and click 'Fix Checked':===================================================
O2 - BHO: (no name) - {e0103cd4-d1ce-411a-b75b-4fec072867f4} - C:\WINDOWS\system32\hp58F3.tmp
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll (file missing)
===================================================
Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.
The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
Open Ad-aware and do a full scan. Remove all it finds.
Run Ewido: (Do not use the computer while Ewido is scanning as it may interrupt the scan)
- Click on scanner
- Click Complete System Scan and the scan will begin.
- [color “red”]NOTE:[/color] During some scans with ewido it is finding cases of false positives.
- You will need to step through the process of cleaning files one-by-one.
- If ewido detects a file you KNOW to be legitimate, select none as the action.
- DO NOT select "Perform action on all infections"
- If you are unsure of any entry found select none for now.
- When the scan is finished, click the Save report button at the bottom of the screen.
- Save the report to your desktop
Close EwidoNext go to Control Panel click Display > Desktop > Customize Desktop > Website > Uncheck "Security Info" if present.
Reboot back into Windows and click the Panda ActiveScan shortcut.
- Once you are on the Panda site click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Post the contents of the Panda scan report, along with a new HijackThis Log, the contents of smitfiles.txt and the Ewido Log by using Add Reply.
Let us know if any problems persist.
Anyway, here's "my case" so far regarding requested logs:
*** smitfiles.txt
smitRem © log file
version 2.8
by noahdfear
Microsoft Windows XP [Versjon 5.1.2600]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
checking for ShudderLTD key
ShudderLTD key not present!
checking for PSGuard.com key
PSGuard.com key not present!
checking for WinHound.com key
WinHound.com key not present!
spyaxe uninstaller NOT present
Winhound uninstaller NOT present
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Existing Pre-run Files
~~~ Program Files ~~~
~~~ Shortcuts ~~~
~~~ Favorites ~~~
Antivirus Test Online.url
~~~ system32 folder ~~~
1024 dir
msvol.tlb
ld****.tmp
mssearchnet.exe
ncompat.tlb
nvctrl.exe
mscornet.exe
hp***.tmp
~~~ Icons in System32 ~~~
ts.ico
ot.ico
~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~ Miscellaneous Files/folders ~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 756 'explorer.exe'
Killing PID 756 'explorer.exe'
Starting registry repairs
Deleting files
Remaining Post-run Files
~~~ Program Files ~~~
~~~ Shortcuts ~~~
~~~ Favorites ~~~
~~~ system32 folder ~~~
~~~ Icons in System32 ~~~
~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~ Miscellaneous Files/folders ~~~
~~~ Wininet.dll ~~~
CLEAN!
*** Ad-Aware results
MRU (5 Objects total)
Malware SpyAxe (1 Objects total)
REMOVED
*** Ewido Log
(Due to my lowres SafeMode screen combined with the highres screen of ewido, I was not able to read menu in safemode, hence I had to boot into Windows before I could run it. At startup evido was running and "found 1" which I then confirmed for remove.
At this point I ran the complete scan.
ewido anti-malware - Scan report
+ Created on: 21:03:58, 05.01.06
+ Report-Checksum: 5CF827B9
+ Scan result:
C:\Documents and Settings\Kjell Olav\Cookies\kjell [email]olav@ad.yieldmanager[1].txt[/email] -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Kjell Olav\Cookies\kjell [email]olav@adopt.specificclick[1].txt[/email] -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Kjell Olav\Cookies\kjell [email]olav@burstnet[2].txt[/email] -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Kjell Olav\Cookies\kjell [email]olav@com[1].txt[/email] -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Kjell Olav\Cookies\kjell [email]olav@www.burstbeacon[1].txt[/email] -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Kjell Olav\Skrivebord\backups\backup-20060105-202716-278.dll -> Downloader.Zlob.dx : Cleaned with backup
C:\Documents and Settings\Kjell Olav\Skrivebord\Ikoner\backups\backup-20060104-223207-431.dll -> Downloader.Zlob.dx : Cleaned with backup
C:\Documents and Settings\Kjell Olav\Skrivebord\Ikoner\backups\backup-20060104-231110-523.dll -> Downloader.Zlob.dx : Cleaned with backup
C:\Documents and Settings\Kjell Olav\Skrivebord\Ikoner\backups\backup-20060104-235159-997.dll -> Downloader.Zlob.dx : Cleaned with backup
C:\Documents and Settings\Kjell Olav\Skrivebord\Ikoner\backups\backup-20060105-003055-651.dll -> Downloader.Zlob.dx : Cleaned with backup
C:\Documents and Settings\Kjell Olav\Skrivebord\Ikoner\backups\backup-20060105-003149-856.dll -> Downloader.Zlob.dx : Cleaned with backup
C:\Documents and Settings\Kjell Olav\Skrivebord\Ikoner\backups\backup-20060105-003309-928.dll -> Downloader.Zlob.dx : Cleaned with backup
C:\Documents and Settings\Kjell Olav\Skrivebord\Ikoner\backups\backup-20060105-003500-877.dll -> Downloader.Zlob.dx : Cleaned with backup
C:\Documents and Settings\Kjell Olav\Skrivebord\Ikoner\backups\backup-20060105-003612-687.dll -> Downloader.Zlob.dx : Cleaned with backup
::Report End
*** Panda scan report
Incident Status
Location
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\Kjell Olav\Cookies\kjell [email]olav@banner[1].txt[/email]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Kjell Olav\Cookies\kjell [email]olav@belnk[1].txt[/email]
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Kjell Olav\Cookies\kjell [email]olav@ccbill[1].txt[/email]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Kjell Olav\Cookies\kjell [email]olav@dist.belnk[2].txt[/email]
Spyware:Cookie/MediaTickets Not disinfected C:\Documents and Settings\Kjell Olav\Cookies\kjell [email]olav@kinghost[1].txt[/email]
Spyware:Cookie/LinkExchange Not disinfected C:\Documents and Settings\Kjell Olav\Cookies\kjell [email]olav@linkexchange[1].txt[/email]
Spyware:Cookie/Rightmedia Not disinfected C:\Documents and Settings\Kjell Olav\Cookies\kjell [email]olav@rightmedia[1].txt[/email]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Kjell Olav\Cookies\kjell [email]olav@searchportal.information[1].txt[/email]
Spyware:Cookie/SpywareStormer Not disinfected C:\Documents and Settings\Kjell Olav\Cookies\kjell [email]olav@spywarestormer[2].txt[/email]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Kjell Olav\Cookies\kjell [email]olav@uol.com[2].txt[/email]
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\Kjell Olav\Cookies\kjell [email]olav@webpower[1].txt[/email]
Spyware:Cookie/SpySheriff Not disinfected C:\Documents and Settings\Kjell Olav\Cookies\kjell [email]olav@www.spysheriff[1].txt[/email]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Kjell Olav\Cookies\kjell [email]olav@xiti[1].txt[/email]
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Kjell Olav\Cookies\kjell [email]olav@yadro[2].txt[/email]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Kjell Olav\Skrivebord\smitRem\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Kjell Olav\Skrivebord\smitRem.exe[Process.exe]
*** HijackThis Log
Logfile of HijackThis v1.99.1
Scan saved at 21:39:19, on 05.01.06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\ewido anti-malware\ewidoctrl.exe
C:\Programfiler\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\f23hser.exe
C:\WINDOWS\system32\f23happ.exe
C:\Programfiler\Norman\Bin\Zanda.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\NILaunch.exe
C:\Programfiler\Norman\bin\ZLH.EXE
C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe
C:\Programfiler\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Programfiler\iTunes\iTunesHelper.exe
C:\Programfiler\QuickTime\qttask.exe
C:\Programfiler\Norman\Nvc\BIN\nipsvc.exe
C:\Programfiler\Norman\bin\NJEEVES.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\Norman\Nvc\bin\nvcoas.exe
C:\Programfiler\iPod\bin\iPodService.exe
C:\Programfiler\Norman\Nvc\BIN\NIP.EXE
C:\WINDOWS\System32\alg.exe
C:\Programfiler\Norman\Nvc\bin\cclaw.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Kjell Olav\Skrivebord\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O4 - HKLM\..\Run: [Net-It Launcher] C:\WINDOWS\system32\NILaunch.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\Programfiler\Norman\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Documents and Settings\Kjell Olav\Skrivebord\HijackThis.exe /startupscan
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1104961703357
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ewido security suite control - ewido networks - C:\Programfiler\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programfiler\ewido anti-malware\ewidoguard.exe
O23 - Service: FIREGL23UTIL (FireGL23Util) - ATI Technologies, Inc. - C:\WINDOWS\System32\f23hser.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Programfiler\Norman\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Programfiler\Norman\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Unknown owner - C:\Programfiler\Norman\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Programfiler\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\Programfiler\Norman\Nvc\BIN\NVCSCHED.EXE
Status now:
I still have the tray warning popup:
/!\ SYSTEM INTRUSION DETECTED!
Dangeous infection was detected on your PC
The system will now download and install most efficient
antimalware program to prevent data loss and your private
information theft.
Click here to protect your computer from the biggest malware
threats.
My IE start page is back and no popups with boobs and offers - yet.
(EDIT: Some hours later... Still same popup, else OK it seems)
And I must say I'm impressed by the level of quality in your step by step guide, it takes time to create good and informative guide like this. Thank you for your time.
BTW: Do you know of a program to track the ppl. putting so much work in destroying our data and time. Name, Country, City and address would do nice
Thanks again !
Best REGARDS
KOSPAANG
Could you follow the instructions in my first, making sure you are in Safe Mode. No need to do the HijackThis part
repeated all as instructed, including ewido in SafeMode (since I now knew which "unreadable button" to
start the complete system scan)
Here is the reports except HJT:
*** smitfiles.txt
smitRem © log file
version 2.8
by noahdfear
Microsoft Windows XP [Versjon 5.1.2600]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
checking for ShudderLTD key
ShudderLTD key not present!
checking for PSGuard.com key
PSGuard.com key not present!
checking for WinHound.com key
WinHound.com key not present!
spyaxe uninstaller NOT present
Winhound uninstaller NOT present
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Existing Pre-run Files
~~~ Program Files ~~~
~~~ Shortcuts ~~~
~~~ Favorites ~~~
~~~ system32 folder ~~~
~~~ Icons in System32 ~~~
~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~ Miscellaneous Files/folders ~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1352 'explorer.exe'
Killing PID 1352 'explorer.exe'
Starting registry repairs
Deleting files
Remaining Post-run Files
~~~ Program Files ~~~
~~~ Shortcuts ~~~
~~~ Favorites ~~~
~~~ system32 folder ~~~
~~~ Icons in System32 ~~~
~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~ Miscellaneous Files/folders ~~~
~~~ Wininet.dll ~~~
CLEAN!
*** Ewido Log
ewido anti-malware - Scan report
+ Created on: 20:09:57, 06.01.06
+ Report-Checksum: 3A12C9
+ Scan result:
No infected objects found.
::Report End
*** Panda scan report
Incident Status Location
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\Kjell Olav\Cookies\kjell [email]olav@banner[1].txt[/email]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Kjell Olav\Cookies\kjell [email]olav@belnk[1].txt[/email]
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Kjell Olav\Cookies\kjell [email]olav@ccbill[1].txt[/email]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Kjell Olav\Cookies\kjell [email]olav@dist.belnk[2].txt[/email]
Spyware:Cookie/MediaTickets Not disinfected C:\Documents and Settings\Kjell Olav\Cookies\kjell [email]olav@kinghost[1].txt[/email]
Spyware:Cookie/LinkExchange Not disinfected C:\Documents and Settings\Kjell Olav\Cookies\kjell [email]olav@linkexchange[1].txt[/email]
Spyware:Cookie/Rightmedia Not disinfected C:\Documents and Settings\Kjell Olav\Cookies\kjell [email]olav@rightmedia[1].txt[/email]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Kjell Olav\Cookies\kjell [email]olav@searchportal.information[1].txt[/email]
Spyware:Cookie/SpywareStormer Not disinfected C:\Documents and Settings\Kjell Olav\Cookies\kjell [email]olav@spywarestormer[2].txt[/email]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Kjell Olav\Cookies\kjell [email]olav@uol.com[2].txt[/email]
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\Kjell Olav\Cookies\kjell [email]olav@webpower[1].txt[/email]
Spyware:Cookie/SpySheriff Not disinfected C:\Documents and Settings\Kjell Olav\Cookies\kjell [email]olav@www.spysheriff[1].txt[/email]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Kjell Olav\Cookies\kjell [email]olav@xiti[1].txt[/email]
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Kjell Olav\Cookies\kjell [email]olav@yadro[2].txt[/email]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Kjell Olav\Skrivebord\smitRem\Process.exe
Status now:
I still have the tray warning popup :banghead:
/!\ SYSTEM INTRUSION DETECTED!
Dangeous infection was detected on your PC
The system will now download and install most efficient
antimalware program to prevent data loss and your private
information theft.
Click here to protect your computer from the biggest malware
threats.
I did not find anything of this;
Next go to Control Panel click Display > Desktop > Customize Desktop > Website > Uncheck "Security Info" if present.
It must be a "ghost" of previous malware that keeps this warning alive and pop'in ...
Cheers
KOSPAANG
Could you post a new HJT log please.
I'm not too sure why your still getting the popup. I'm going to find out as soon as possible. Will let you know soon
Here it is:
Logfile of HijackThis v1.99.1
Scan saved at 21:48:18, on 06.01.06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\ewido anti-malware\ewidoctrl.exe
C:\Programfiler\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\f23hser.exe
C:\WINDOWS\system32\f23happ.exe
C:\Programfiler\Norman\Bin\Zanda.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\Programfiler\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Programfiler\Norman\bin\ZLH.EXE
C:\Programfiler\iTunes\iTunesHelper.exe
C:\Programfiler\Norman\Nvc\BIN\nipsvc.exe
C:\Programfiler\Norman\bin\NJEEVES.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\Norman\Nvc\BIN\NIP.EXE
C:\WINDOWS\System32\alg.exe
C:\Programfiler\iPod\bin\iPodService.exe
C:\Programfiler\Norman\Nvc\bin\nvcoas.exe
C:\Programfiler\Norman\Nvc\bin\cclaw.exe
C:\Programfiler\Internet Explorer\iexplore.exe
C:\Programfiler\lotus\123\123w.exe
C:\Documents and Settings\Kjell Olav\Skrivebord\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O4 - HKLM\..\Run: [Norman ZANDA] C:\Programfiler\Norman\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Documents and Settings\Kjell Olav\Skrivebord\HijackThis.exe /startupscan
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1104961703357
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ewido security suite control - ewido networks - C:\Programfiler\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programfiler\ewido anti-malware\ewidoguard.exe
O23 - Service: FIREGL23UTIL (FireGL23Util) - ATI Technologies, Inc. - C:\WINDOWS\System32\f23hser.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Programfiler\Norman\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Programfiler\Norman\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Unknown owner - C:\Programfiler\Norman\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Programfiler\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\Programfiler\Norman\Nvc\BIN\NVCSCHED.EXE
Cheers
KOSPAANG
A fix is being worked on. Once its done, i'l let you know about it.
Stay Tuned
A FIX has been done. SmitRem has been updated.
Please delete the SmitRem file you have currently and then go through the process in my first step.
Since this is a new fix, please let me know of any troubles you may have wth it.
Let me know how it goes
no problem running this updated(still v2,8?) SmitRem,
and here's the log:
smitRem © log file
version 2.8
by noahdfear
Microsoft Windows XP [Versjon 5.1.2600]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
checking for ShudderLTD key
ShudderLTD key not present!
checking for PSGuard.com key
PSGuard.com key not present!
checking for WinHound.com key
WinHound.com key not present!
spyaxe uninstaller NOT present
Winhound uninstaller NOT present
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Existing Pre-run Files
~~~ Program Files ~~~
SpywareStrike
~~~ Shortcuts ~~~
~~~ Favorites ~~~
~~~ system32 folder ~~~
netwrap.dll
~~~ Icons in System32 ~~~
~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~ Miscellaneous Files/folders ~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 760 'explorer.exe'
Killing PID 760 'explorer.exe'
Starting registry repairs
Deleting files
Remaining Post-run Files
~~~ Program Files ~~~
SpywareStrike
~~~ Shortcuts ~~~
~~~ Favorites ~~~
~~~ system32 folder ~~~
~~~ Icons in System32 ~~~
~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~ Miscellaneous Files/folders ~~~
~~~ Wininet.dll ~~~
CLEAN!
The annoying message is gone now so it seems like I'm reported off the sick list - to me
I only ran SmitRem this time - would you like any of the other logs at this time ?
The HJT and eWido are runned on startup now. Is this a recomended countermeasure, or should they better be left to be called upon if/when problems arise ?
Cheers
KOSPAANG
There is no need for HJT or Ewido to be running on startup.
If you want, you can post a new HJT log to make sure everything is ok
Here is my new HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 12:31:02, on 08.01.06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programfiler\Norman\bin\ZLH.EXE
C:\Programfiler\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\ewido anti-malware\ewidoctrl.exe
C:\Programfiler\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\f23hser.exe
C:\Programfiler\Norman\Bin\Zanda.exe
C:\WINDOWS\system32\f23happ.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Programfiler\Norman\Nvc\BIN\NIP.EXE
C:\Programfiler\iPod\bin\iPodService.exe
C:\Programfiler\Norman\bin\NJEEVES.EXE
C:\Programfiler\Norman\Nvc\bin\nvcoas.exe
C:\Programfiler\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Programfiler\Norman\Nvc\BIN\nipsvc.exe
C:\Programfiler\Norman\Nvc\bin\cclaw.exe
C:\WINDOWS\System32\alg.exe
C:\Programfiler\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Programfiler\lotus\123\123w.exe
C:\Documents and Settings\Kjell Olav\Skrivebord\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O4 - HKLM\..\Run: [Norman ZANDA] C:\Programfiler\Norman\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [FGL23DetectPnPMonitor] rundll32 fgl23mon.dll,MonitorDetect
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Documents and Settings\Kjell Olav\Skrivebord\HijackThis.exe /startupscan
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1104961703357
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ewido security suite control - ewido networks - C:\Programfiler\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programfiler\ewido anti-malware\ewidoguard.exe
O23 - Service: FIREGL23UTIL (FireGL23Util) - ATI Technologies, Inc. - C:\WINDOWS\System32\f23hser.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Programfiler\Norman\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Programfiler\Norman\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Unknown owner - C:\Programfiler\Norman\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Programfiler\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\Programfiler\Norman\Nvc\BIN\NVCSCHED.EXE
Cheers
KOSPAANG
Your log is clean aswell
Now that your PC is clean you need to follow these easy steps to keeping it this way:
Secure your Internet Explorer by going here and following the instructions there.
Better yet, use an alternative browser! Download FireFox and give it a run. It is far more secure than Internet Explorer. Or, you can get Opera which in my opinion, is better still.
Use a firewall to help prevent your PC's control being usurped by undesireables.
Install and keep updated, Ad-Aware SE, and Spybot S&D.
Run them both on a regular basis, following the manufacturer's recommendations.
Install and keep updated, SpywareBlaster 3.4
Install an anti-virus. There are some good, free AV's available today. Make sure that it is updated regularly and have it scan your system often.
Check for Windows Updates. Microsoft regularly post updates for your systems safe running. Make sure to take advantage of this. Reboot when installed and return to make sure there are no others.
Clear your Temp folders.
Clear out your Temporary internet files and other temp files.
Go to Start > Settings > Control Panel >Internet Options.
Under the General tab click the Delete temporary internet files,
delete all Offline content as well. Clear out Cookies.
Also, go to Start > Find/search > Files or folders > in the named box, type: *.tmp and choose Edit > select all -> File > delete.
Empty/delete the entire contents of the C:\Windows\temp folder and C:\temp folder, if you have one. (Contents but not the folder itself.)
C:\Documents and Settings\username\Local Settings\Temp\
In order to view these files you may have to select 'show hidden files/folders.' Instructions on how to here.
Empty the Recycle Bin.
For XP users.
After something like this it is a good idea to Flush the Restore Points and start fresh.
To flush the XP system Restore Points.
Go to Start>Run and type msconfig. Press enter.
When msconfig opens, click the Launch System Restore Button.
On the next page, click the System Restore Settings link on the left.
Check the box labelled 'Turn off System restore'.
Reboot. Go back in and Turn System Restore Back on. A new Restore Point will be created.
Note that all previous restore points will be lost.
===============
If you have any more problems, post back.
Please consider joining the Folding@Home Project
Join our Folding@Home team! Alzheimer's, Parkinson's, cancer... we're trying to cure them with our computers! You've at least read a little about it in the greeting I sent you when you signed up for the site. We're always really pleased to greet new members to the team, and it's a quick way to become an appreciated member of the community.
MORE INFO: READ THIS
Thank you (and the team) very much Trogan - you saved me a lot of extra work reinstalling XP and data.
Have a nice day, and:
Manchester United are simply the best :ukflag:
Cheers
KOSPAANG:celebrate
I'm closing this thread. If you need help again, then start a new one