Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Lop toolbar [resolved]


  • This topic is locked This topic is locked

#1
johnsa53

johnsa53

    New Member

  • Member
  • Pip
  • 4 posts
I have problems with one of the family PCs. I get the lop toolbar in IE and a large search field in the bottom of the screen when IE is started.

Adaware SE and Spybot S&D does not find any problems, Norman Virus Control cleaned some files W32/Swizzor that I believe is part of the Lop toolbar.

Any suggestions please?

Here are the logs from ewido and Hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 20:04:14, on 18.05.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programfiler\necmfk\necmfk.exe
C:\Programfiler\ScanSoft\OmniPageSE\opware32.exe
C:\Norman\bin\ZLH.EXE
C:\Programfiler\QuickTime\qttask.exe
C:\Programfiler\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\Messenger\msmsgs.exe
C:\Programfiler\Internet Explorer\iexplore.exe
C:\Programfiler\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE
C:\Programfiler\Apoint2K\Apntex.exe
C:\Programfiler\Apoint2K\HidFind.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Programfiler\ewido\security suite\ewidoctrl.exe
C:\Programfiler\ewido\security suite\ewidoguard.exe
C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe
C:\Norman\bin\ZANDA.EXE
C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Norman\Nvc\BIN\NIP.EXE
C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
C:\Norman\bin\NJEEVES.EXE
C:\NORMAN\Nvc\BIN\nvcoas.exe
C:\NORMAN\Nvc\BIN\nipsvc.exe
C:\WINDOWS\System32\alg.exe
C:\Norman\Nvc\bin\cclaw.exe
C:\Nedlasting\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.no/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7AFA1C8E-603A-5B9C-DFC4-040D70C63381} - C:\DOCUME~1\Sindre\PROGRA~1\MEETWA~1\keepflaw.exe
O2 - BHO: (no name) - {A93A55FC-7D35-8390-535C-823BC57B0D28} - (no file)
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Programfiler\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NECMFK] C:\Programfiler\necmfk\necmfk.exe
O4 - HKLM\..\Run: [Omnipage] C:\Programfiler\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PROC MATH COOL MANAGER] C:\Documents and Settings\All Users\Programdata\kinddupeprocmath\Pokelist.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1022.dll,InstantAccess
O4 - Global Startup: D-Link AirPlus G+ Wireless Adapter Utility.lnk = C:\Programfiler\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programfiler\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} - http://akamai.downlo..._1019_EN_XP.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downlo...thv32_EN_XP.cab
O16 - DPF: {50AD557E-3426-41FD-AFDD-2AF39BB1C387} - http://akamai.downlo...ice_5_EN_XP.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Programfiler\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programfiler\ewido\security suite\ewidoguard.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\bin\ZANDA.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\NORMAN\Nvc\BIN\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe


Ewido:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 19:24:13, 18.05.2005
+ Report-Checksum: FB2561A5

+ Date of database: 18.05.2005
+ Version of scan engine: v3.0

+ Duration: 44 min
+ Scanned Files: 89363
+ Speed: 33.52 Files/Second
+ Infected files: 26
+ Removed files: 26
+ Files put in quarantine: 26
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0

+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes

+ Scanned items:
C:\

+ Scan result:
C:\Documents and Settings\Sindre\Cookies\sindre@ad.ir[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Sindre\Cookies\sindre@ad4.lbn[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Sindre\Cookies\sindre@ads.monster[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Sindre\Cookies\sindre@ads.thestar[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Sindre\Cookies\sindre@ats[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Sindre\Cookies\sindre@burstnet[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Sindre\Cookies\sindre@campaigns.f2.com[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Sindre\Cookies\sindre@cgi-bin[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Sindre\Cookies\sindre@com[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Sindre\Cookies\sindre@cookie.monster[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Sindre\Cookies\sindre@exitfuel[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Sindre\Cookies\sindre@geocities[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Sindre\Cookies\sindre@hb.lycos[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Sindre\Cookies\sindre@linkexchange[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Sindre\Cookies\sindre@list[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Sindre\Cookies\sindre@mediamgr.ugo[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Sindre\Cookies\sindre@programs.wegcash[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Sindre\Cookies\sindre@real[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Sindre\Cookies\sindre@search.msn[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Sindre\Cookies\sindre@tradedoubler[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Sindre\Cookies\sindre@tribalfusion[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Sindre\Cookies\sindre@www.real[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Sindre\Cookies\sindre@xiti[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Sindre\Lokale innstillinger\Temp\temp.fr62D7 -> Trojan.P2E.ai -> Cleaned with backup
C:\WINDOWS\Downloaded Program Files\tl7000.dll -> TrojanProxy.Sobit -> Cleaned with backup
C:\WINDOWS\system32\EGAUTH.dll -> Trojan.P2E.ai -> Cleaned with backup


::Report End
  • 0

Advertisements


#2
g2i2r4

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
Welcome johnsa53 to Geeks to Go!

Sorry for the delay, the forums are very busy.

Download CleanUp!.
If that doesn’t work, use this link.
Don't run the program, we'll do that later.

Go to options
Select ‘custom’
Put a check to:* empty recycle bins
* delete prefetch files
* CleanUp! All users.
Press 'cleanup!'

Once it's done, log off and log on again. This will remove files that were in use during the scan.

***

Open HijackThis.
Go to ‘config’
Go to ‘misc tools’
Press the button ‘open uninstall manager’
In the list find:
Window Search
Window Searching
Lop.com
LOP SEARCH
Browser Enhancer
Ultimate Browser Enhancer
The Ultimate Troubleshooter
Instant Access

Press ‘delete this entry’.
Press ‘back’
Than press ‘scan’

***

Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:

O2 - BHO: (no name) - {7AFA1C8E-603A-5B9C-DFC4-040D70C63381} - C:\DOCUME~1\Sindre\PROGRA~1\MEETWA~1\keepflaw.exe

O2 - BHO: (no name) - {A93A55FC-7D35-8390-535C-823BC57B0D28} - (no file)

O4 - HKLM\..\Run: [PROC MATH COOL MANAGER] C:\Documents and Settings\All Users\Programdata\kinddupeprocmath\Pokelist.exe

O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1022.dll,InstantAccess

O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} - http://akamai.downlo..._1019_EN_XP.cab

O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downlo...thv32_EN_XP.cab

O16 - DPF: {50AD557E-3426-41FD-AFDD-2AF39BB1C387} - http://akamai.downlo...ice_5_EN_XP.cab

Click on Fix Checked when finished and exit HijackThis.

***

*Restart the computer.
*as soon as BIOS is loaded begin tapping the F8 key until the Advanced Options menu appears.
*Use the arrow keys to select the Safe mode menu item
*press Enter.
***

We need to make sure all hidden files are showing so please:* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.
***

Delete the following files:
C:\WINDOWS\system32\p2esocks_1022.dll

Delete the following folders:
C:\Documents and Settings\All Users\Programdata\kinddupeprocmath
C:\Documents and Settings\Sindre\Programdata\MEETWA~1\ <= this foldername starts with meetwa.....

***

Download:
this file

Unzip the file to your desktop.
Doubleclick the file jobs.bat.

Copy and paste the content of the file jobs.txt it creates, here in your answer.
Also post a fresh log using HijackThis.
  • 0

#3
johnsa53

johnsa53

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Thanks, looks much better!

Logs:

Volumet i stasjon C er HDD
Volumserienummeret er 8CD9-9AD7

Innhold i C:\WINDOWS\Tasks

26.05.2005 22:11 410 Symantec NetDetect.job
26.05.2005 22:00 244 AD9C1AB391AB8E0B.job
26.05.2005 22:00 276 AB2C7F069183F4E6.job
26.05.2005 22:00 272 A9761C7791A99447.job
4 fil(er) 1˙202 byte
0 mappe® 18˙874˙318˙848 byte ledig

Logfile of HijackThis v1.99.1
Scan saved at 23:15:03, on 26.05.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programfiler\necmfk\necmfk.exe
C:\Programfiler\ScanSoft\OmniPageSE\opware32.exe
C:\Norman\bin\ZLH.EXE
C:\Programfiler\QuickTime\qttask.exe
C:\Programfiler\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\Messenger\msmsgs.exe
C:\Programfiler\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE
C:\Programfiler\Apoint2K\Apntex.exe
C:\Programfiler\Apoint2K\HidFind.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Programfiler\ewido\security suite\ewidoctrl.exe
C:\Programfiler\ewido\security suite\ewidoguard.exe
C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe
C:\Norman\bin\ZANDA.EXE
C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Norman\Nvc\BIN\NIP.EXE
C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
C:\NORMAN\Nvc\BIN\nvcoas.exe
C:\Norman\bin\NJEEVES.EXE
C:\NORMAN\Nvc\BIN\nipsvc.exe
C:\WINDOWS\System32\alg.exe
C:\Norman\Nvc\bin\cclaw.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Nedlasting\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.no/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 5.0

\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Programfiler\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NECMFK] C:\Programfiler\necmfk\necmfk.exe
O4 - HKLM\..\Run: [Omnipage] C:\Programfiler\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background
O4 - Global Startup: D-Link AirPlus G+ Wireless Adapter Utility.lnk = C:\Programfiler\D-Link\D-Link AirPlus G+ Wireless

Adapter Utility\DWLGTI.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_02

\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Programfiler\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Programfiler\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programfiler\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) -

http://messenger.zon...er.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -

http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -

http://messenger.msn...pDownloader.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) -

http://messenger.zon...wn.cab31267.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Programfiler\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programfiler\ewido\security suite\ewidoguard.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\bin\ZANDA.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\NORMAN\Nvc\BIN\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems -

C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programfiler\Analog

Devices\SoundMAX\SMAgent.exe
  • 0

#4
g2i2r4

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
Copy and paste the text from the box to an empty file in Notepad.
%systemdrive%
cd C:\WINDOWS\Tasks
attrib -r -s -h AD9C1AB391AB8E0B.job
del AD9C1AB391AB8E0B.job
attrib -r -s -h AB2C7F069183F4E6.job
del AB2C7F069183F4E6.job
attrib -r -s -h A9761C7791A99447.job
del A9761C7791A99447.job

Save the file:
name : remjob.bat
location: desktop
type : all types

Close Notepad.

Doubleclick remjob.bat on your desktop.

Run jobs.bat again. Post the content of the new file job.txt here in your answer.


***

Your HijackThis log is clean now.
  • 0

#5
johnsa53

johnsa53

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
New log:

Volumet i stasjon C er HDD
Volumserienummeret er 8CD9-9AD7

Innhold i C:\WINDOWS\Tasks

26.05.2005 23:50 410 Symantec NetDetect.job
1 fil(er) 410 byte
0 mappe® 18˙363˙142˙144 byte ledig
  • 0

#6
g2i2r4

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
Looks like you did it. If your HijackThis log still has this entrie:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.no/
that means it's still clean and your troubles are over now.
  • 0

#7
johnsa53

johnsa53

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Thanks a lot!
The machine is back to normal.
  • 0

#8
g2i2r4

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware, Malware, and Hijackers

  • Install Ad-Aware - Install and download Ad-Aware. You should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

Glad I was able to help.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP