What the heck is C:\Norman\Nvc\BIN\nipsvc.exe?? - Page 2 - Techist - Tech Forum

Go Back   Techist - Tech Forum > Security | Computer, Devices, Software and Systems > Viruses, Spyware and Malware > HijackThis Logs (finished)
Click Here to Login
 
 
Thread Tools Display Modes
 
Old 10-11-2008, 01:54 PM   #11 (permalink)
Newb Techie
 
Join Date: Oct 2008
Posts: 11
Default Re: What the heck is C:\Norman\Nvc\BIN\nipsvc.exe??

Hey, there.

So far so good. Am at the CleanUp.exe phase, and taking the backup admonition seriously, so currently burning must-have-at-all-costs files to DVD. Should be another couple of hours before I can resume.

Thanks a mil for checking in. Will post add'l progress after backup.
__________________

__________________
Skippygrrl is offline  
Old 10-11-2008, 04:18 PM   #12 (permalink)
Newb Techie
 
Join Date: Oct 2008
Posts: 11
Default Re: What the heck is C:\Norman\Nvc\BIN\nipsvc.exe??

I thought I had posted a while ago)

At CleanUp phase. Backing up. Should be another hour or so. Thanks a mil for checking in - more later, sweetie.

~skippy
__________________

__________________
Skippygrrl is offline  
Old 10-11-2008, 06:58 PM   #13 (permalink)
Techie Beyond Description
 
Osiris's Avatar
 
Join Date: Jan 2005
Location: Kentucky
Posts: 36,817
Send a message via ICQ to Osiris Send a message via AIM to Osiris Send a message via MSN to Osiris Send a message via Yahoo to Osiris
Default Re: What the heck is C:\Norman\Nvc\BIN\nipsvc.exe??

OK, well I'll check back in
__________________
Osiris is offline  
Old 10-11-2008, 10:28 PM   #14 (permalink)
Newb Techie
 
Join Date: Oct 2008
Posts: 11
Default Re: What the heck is C:\Norman\Nvc\BIN\nipsvc.exe??

Okay. Here's my log. I have run it through the analyzer, so let's compare when you get a sec, Osiris.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:54:36, on 10/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Trojan Remover\Trjscan.exe
C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Sign In
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SU B_PVER}&ar=home
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspn et_state.exe (file missing)
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 5066 bytes



I can send other reports/logs from the virus scans I did.

MY BROWSERS ARE STILL NOT ABLE TO CONNECT/DOWNLOAD/RESOLVE/SURF. Arrgghhh <Bangs head softly on table>

~skippy
__________________
Skippygrrl is offline  
Old 10-11-2008, 10:55 PM   #15 (permalink)
Techalicious
 
Redmo0n's Avatar
 
Join Date: Aug 2007
Location: Perth, Australia
Posts: 1,566
Send a message via MSN to Redmo0n
Default Re: What the heck is C:\Norman\Nvc\BIN\nipsvc.exe??

Have you re-enabled nipsvc.exe?

Also any change your a SA goon?
__________________
Back to stay?
Redmo0n is offline  
Old 10-11-2008, 11:23 PM   #16 (permalink)
Newb Techie
 
Join Date: Oct 2008
Posts: 11
Default Re: What the heck is C:\Norman\Nvc\BIN\nipsvc.exe??

FRANTIC BREAKING NEWS! I can connect. I can connect. I can conn..<break off into sobs of joy>

It doesn't look like, after all this work, that it was a virus after all, but a question of obtaining the IP manually or auto. Sheesh! I'll know to check that now. Had a techie at the DSL provider help me on that.

So, REdmoOn...to answer your questions,

1) "Have you re-enabled nipsvc.exe?" No. That's such a sticky thing. I can't get it deleted with Hijack. Ditto with ASP .NET, the other red flagged item from the analyzer.

2) "Also any change your a SA goon?" I don't know what this means.

Hey, I was just in Adelaide! I notice your Perth sig. So, "On ya, mate!"

~Skippygrrl
__________________
Skippygrrl is offline  
Old 10-12-2008, 01:49 AM   #17 (permalink)
Newb Techie
 
Join Date: Oct 2008
Posts: 11
Default Re: What the heck is C:\Norman\Nvc\BIN\nipsvc.exe??

TO OSIRIS:

Thank you so much for all your help. All looks well at this stage - I want to thank you for your excelllent instructions, which I followed faithfully.

Last things:
If you have any advice about why I can't get Hijack to fix this

O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspn et_state.exe (file missing)

and this

O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing)

I would be grateful.

Again, you have my gratitude.

Skippygrrl
__________________
Skippygrrl is offline  
Old 10-12-2008, 06:05 PM   #18 (permalink)
Techie Beyond Description
 
Osiris's Avatar
 
Join Date: Jan 2005
Location: Kentucky
Posts: 36,817
Send a message via ICQ to Osiris Send a message via AIM to Osiris Send a message via MSN to Osiris Send a message via Yahoo to Osiris
Default Re: What the heck is C:\Norman\Nvc\BIN\nipsvc.exe??

Do you have Norman Antivirus?

The other entry is ok if it wont delete
__________________

__________________
Osiris is offline  
 

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Slow PC HJT Log for the heck of it.. [F] Peter.Cort HijackThis Logs (finished) 11 06-23-2008 04:13 PM
The PS3 Laptop by Ben Heck b1gapl Sony Playstation 8 04-13-2008 09:30 PM
what the heck is this? EricB Computer Audio and Multimedia 7 03-20-2008 02:46 PM
What the heck is a v.9x modem? Caine Hardware Repairs and Troubleshooting 2 02-22-2008 11:24 PM
Selling my laptop... how the heck... OnlyCurious New Systems | Building and Buying 6 11-17-2007 04:23 PM



Copyright 2002- Social Knowledge, LLC All Rights Reserved.

All times are GMT -5. The time now is 07:00 PM.


Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2018, vBulletin Solutions, Inc.