1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Could some plz check this HiJack Log

Discussion in 'Virus & Other Malware Removal' started by TCEDMON, Sep 17, 2003.

Thread Status:
Not open for further replies.
  1. TCEDMON

    TCEDMON Thread Starter

    Joined:
    Sep 14, 2003
    Messages:
    11
    Hello,

    I can’t get rid of this MSSvc.exe error message on start-up on a friends system seems to be taking away resources and the computer is very very slow can someone help.

    Thanks,
    Ed

    I ran HiJackThis here is the log:

    Logfile of HijackThis v1.97.2
    Scan saved at 12:43:31 PM, on 9/14/2003
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Documents and Settings\Sherry\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/rr-healthhome
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {1A214F62-47A7-4CA3-9D00-95A3965A8B4A} - C:\Program Files\Popup Eliminator\AutoDisplay490.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Popup Eliminator - {F50CE767-AE72-45EB-AECD-E8786C240373} - C:\Program Files\Popup Eliminator\PEToolBar490.dll
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [LifeScape Media Detector] C:\Program Files\Picasa\PicasaMediaDetector.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [PopupEliminator] C:\Program Files\Popup Eliminator\Popup Eliminator.exe /min
    O4 - HKCU\..\Run: [Reminder] C:\Program Files\Microsoft Money\System\reminder.exe
    O4 - HKLM\..\RunOnce: [washindex] C:\Program Files\Washer\washidx.exe "Sherry"
    O4 - HKCU\..\RunOnce: [washindex] C:\Program Files\Washer\washidx.exe "Sherry"
    O4 - Startup: Microsoft Greetings Reminders.lnk = C:\Program Files\Microsoft Home Publishing\MHPRMIND.EXE
    O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\MSWorks\Calendar\WKCALREM.EXE
    O4 - Global Startup: Billminder.lnk = C:\QUICKENW\BILLMIND.EXE
    O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\FINDFAST.EXE
    O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView5\NkvMon.exe
    O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\OSA.EXE
    O4 - Global Startup: officejet 6100.lnk = ?
    O4 - Global Startup: PowerReg Scheduler.exe
    O4 - Global Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
    O9 - Extra button: Popup Eliminator (HKLM)
    O9 - Extra 'Tools' menuitem: Popup Eliminator (HKLM)
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37861.8175347222
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
     
  2. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    From what I've seen of this problem in the past you are lucky it isn't much worse. Fortunately there is nothing in the startups relating to it, so the file must be missing. That's a good thing.

    It was configured to start as a service -- so you must go to Administrative Tools > Services and search for it there and disable it.

    If you have trouble finding it, run HijackThis, only instead of posting a Scanlog, post a startuplist instead. This is done by clicking Config > Misc Tools, put a check in "list minor sections", and then click Generate StartupList. This will show services.

    To remove the service itself from the service profile you will have to find it in the registry key under:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services

    By the way, since this service is NOT starting, it is not the source of your resource issue. That is probably due to having too many things starting and running. Uncheck a few of them by running msconfig and clearing some checks under the Startuptab.

    You can review what they are using this link:

    http://www.lafn.org/webconnect/mentor/startup/PENINDEX.HTM

    Things like Microsoft Find Fast are particularly resource hungry.

    The ones shown in the log as "Global Startup" items are not in msconfig but will be found as shortcuts in:

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup

    and will have to be manually removed from there.
     
  3. TCEDMON

    TCEDMON Thread Starter

    Joined:
    Sep 14, 2003
    Messages:
    11
    Rollin' Rog,

    I will run Hijack and post the startup list sometime this coming weekend.

    The problem is on a friend’s computer, I only have time to work on it on weekends.

    Thanks,
    Ed
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/165509

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice